COLLOQUIUM DE ROCQUENCOURT

Sécurité informatique et réalité
Computer Security in the Real World

Butler Lampson (Microsoft Corporation et MIT)

Mardi 30 septembre 1997 - 10h00
Rocquencourt (France) - Salle de conférence bâtiment 7
Organisation : INRIA Rocquencourt

Résumé

What people want from computer security is to be as secure with computers as they are in the real world. Real-world security is about value, locks, and police. When it works, you get good enough locks (not too many break-ins), good enough police (so break-ins aren't a paying business), and minimum interference with daily life. Computer security is hard because people don't trust new things (especially when they don't understand them), and computers are fast and complicated. The kind of computer break-ins most people care about are vandalism or sabotage that damages information or disrupts service, theft of money or information, and loss of privacy. Some people think that because computers are precise, perfect computer security should be possible. I'll explain why this is wrong, and talk about what kind of security is practical and how to get it.

Curriculum Vitae

Butler Lampson is an Architect at Microsoft Corporation and an Adjunct Professor of Computer Science and Electrical Engineering at MIT. He was on the faculty at Berkeley, at the Computer Science Laboratory at Xerox PARC, and at Digital's Systems Research Center. He has worked on computer architecture, local area networks, raster printers, page description languages, operating systems, remote procedure call, programming languages and their semantics, programming in the large, fault-tolerant computing, transaction processing, computer security, and WHSIWYG editors. He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages.

He received an AB from Harvard University, a PhD in EECS from the University of California at Berkeley, and honorary ScD's from the Eidgenoessische Techniche Hochschule, Zurich and the University of Bologna. He holds a number of patents on networks, security, raster printing, and transaction processing. He is a member of the National Academy of Engineering and a Fellow of the Association for Computing Machinery and the American Academy of Arts and Sciences. He received the ACM's Software Systems Award in 1984 for his work on the Alto, the IEEE Computer Pioneer award in 1996, and the Turing Award in 1992.

He was born in Washington, DC in 1943. He is married to Lois Alterman Lampson; they have two children, Michael and David.

Publications

  1. Interactive machine-language programming. Proc. AFIPS Conf. 27 (1965), pp 473-482.
  2. A user machine in a time-sharing system. Proc. IEEE 54, 12 (Dec. 1966), pp 1766-1774. Reprinted in Computer Structures, ed. Bell and Newell, McGraw-Hill, 1971, pp 291-300 (with M. Pirtle and W. Lichtenberger).
  3. A critique of 'An exploratory investigation of programmer performance under on-line and off-line conditions'. IEEE Trans. Human Factors in Electronics HFE-8, 1 (Mar. 1967), pp 48-51.
  4. An on-line editor. Comm. ACM 10, 12 (Dec. 1967), pp 793-799 (with P. Deutsch).
  5. A scheduling philosophy for multi-processing systems. Comm. ACM 11, 5 (May 1968), pp 347-359.
  6. Dynamic protection structures. Proc. AFIPS Conf. 35 (1969), pp 27-38.
  7. On reliable and extendible operating systems. Proc. 2nd NATO Conf. on Techniques in Software Engineering, Rome, 1969. Reprinted in The Fourth Generation, Infotech State of the Art Report 1, 1971, pp 421-444.
  8. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24.
  9. Protection and access control in operating systems. In Operating Systems, Infotech State of the Art Report 14, 1972, pp 309-326.
  10. Remarks on the nature of programming. Guest editorial, Software-Practice and Experience 2, 3 (Jul. 1972), pp 195-196.
  11. A note on the confinement problem. Comm. ACM 16, 10 (Oct. 1973), pp 613-615.
  12. Redundancy and robustness in memory protection. Invited paper, Proc. IFIP Cong., North-Holland, 1974, pp 128-132.
  13. On the transfer of control between contexts. Lecture Notes in Computer Science 19, Springer, 1974, pp 181-203 (with J. Mitchell and E. Satterthwaite).
  14. An open operating system for a single-user machine. Rev. Francaise d'Automatique, Informatique et Recherche Operationnelle 9, B-3 (Sept. 1975), pp 8-15. Substantially revised as [22].
  15. Reflections on an operating system design. Comm. ACM 19, 5 (May 1976), pp 251-265 (with H. Sturgis).
  16. Storage allocation in typed languages. Proc. 5th Ann. III Conf: Implementation and Design of Algorithmic Languages, Guidel, France, 1977, pp 315-322.
  17. Report on the programming language Euclid. ACM Sigplan Notices 12, 2 (Feb. 1977), pp 1-85 (with J. Horning, R. London, J. Mitchell, and G. Popek). Revised as Technical Report CSL-81-12, Xerox Palo Alto Research Center.
  18. Notes on the design of Euclid. ACM Sigplan Notices 12, 3 (Mar. 1977), pp 11-18 (with J. Horning, R. London, J. Mitchell, and G. Popek).
  19. A terminal-oriented communication system. Comm. ACM 20, 7 (Jul. 1977), pp 486-494 (with P. Heckel).
  20. Proof rules for the programming language Euclid. Acta Informatica 10, 1 (Jan. 1978), pp 1-26 (with J. Guttag, H. Horning, R. London, J. Mitchell, and G. Popek).
  21. Crash recovery in a distributed data storage system. Unpublished technical report, Xerox Palo Alto Research Center, June, 1979, 25 pp.
  22. An open operating system for a single-user machine. ACM Operating Systems Rev. 11, 5 (Dec. 1979), pp 98-105 (with R. Sproull). Substantially revised version of [14].
  23. Experience with processes and monitors in Mesa. Comm. ACM 23, 2 (Feb. 1980), pp 106-117 (with D. Redell).
  24. A processor for a high-performance personal computer. Proc. 7th IEEE Symposium on Computer Architecture, La Baule, France, 1980, pp 146-160 (with K. Pier). Also in Technical Report CSL-81-1, Xerox Palo Alto Research Center.
  25. Alto: A personal computer. In Computer Structures: Principles and Examples, ed. Siewiorek, Bell and Newell, McGraw-Hill, 1981 (with C. Thacker, E. McCreight, R. Sproull, and D. Boggs).
  26. Distributed Systems-Architecture and Implementation, Lecture Notes in Computer Science 105, Springer, 1981 (editor, with M. Paul and H. Siegert).
  27. Atomic transactions. In [26], pp 246-265 (with H. Sturgis).
  28. Remote procedure calls. In [26], pp 357-370.
  29. The memory system of a high-performance personal computer. IEEE Trans. Computers C-30, 10 (Oct. 1981), pp 715-732 (with D. Clark and K. Pier).
  30. Fast procedure calls. ACM Sigplan Notices 17, 4 (Apr. 1982), pp 66-75.
  31. Practical use of a polymorphic applicative language. Proc. 10th ACM Symposium on Principles of Programming Languages, Austin, 1983, pp 237-255 (with E. Schmidt).
  32. Organizing software in a distributed environment. ACM Sigplan Notices 18, 6 (Jun. 1983), pp 1-13 (with E. Schmidt).
  33. Hints on computer system design. ACM Operating Systems Rev. 15, 5 (Oct. 1983), pp 33-48. Reprinted in IEEE Software 1, 1 (Jan. 1984), pp 11-28.
  34. An instruction fetch unit for a high-performance personal computer. IEEE Trans. Computers C-33, 8 (Aug. 1984), pp 712-730 (with G. McDaniel and S. Ornstein).
  35. A kernel language for modules and abstract data types. In Semantics of Data Types, Lecture Notes in Computer Science 173, Springer, 1984, pp 1-50 (with R. Burstall). Revised version appeared as [39].
  36. Designing a global name service. Proc. 4th ACM Symposium on Principles of Distributed Computing, Minaki, Ontario, 1986, pp 1-10.
  37. A global authentication service without global trust. Proc. IEEE Symposium on Security and Privacy, Oakland, 1986, pp 223-230 (with A. Birrell, R. Needham, and M. Schroeder).
  38. Personal distributed computing: The Alto and Ethernet software. In A History of Personal Workstations, ed. A. Goldberg, Addison-Wesley, 1988, pp 293-335.
  39. A kernel language for modules and abstract data types. Information and Computation 76, 2/3 (Feb./Mar. 1988), pp 278-346 (with R. Burstall). Revision of [35].
  40. Specifying distributed systems. In Constructive Methods in Computer Science, ed. M. Broy, NATO ASI Series F: Computer and Systems Sciences 55, Springer, 1989, pp 367-396.
  41. The Digital distributed system security architecture. Proc. 12th National Computer Security Conf., NIST/NCSC, Baltimore, 1989, pp 305-319 (with M. Gasser, A. Goldstein, and C. Kaufman).
  42. Authentication and delegation with smart-cards. Science of Computer Programming 21, 2 (Oct. 1993), pp 91-113 (with M. Abadi, M. Burrows, and C. Kaufman).
  43. Technology to achieve secure computer systems. In Computers at Risk, National Academy Press, Washington, 1991, pp 74-101.
  44. A calculus for access control in distributed systems. ACM Trans. Programming Languages and Systems, 15, 4 (Oct. 1993), pp 706-734 (with M. Abadi, M. Burrows, and G. Plotkin).
  45. On-line data compression in a log-structured file system. ACM Sigplan Notices 27, 9 (Sept. 1992), pp 2-9 (with M. Burrows, C. Jerian, and T. Mann).
  46. Authentication in distributed systems: Theory and practice. ACM Trans. Computer Systems 10, 4 (Nov. 1992), pp 265-310 (with M. Abadi, M. Burrows, and E. Wobber).
  47. Reliable messages and connection establishment. In Distributed Systems, ed. S. Mullender, 2nd ed., Addison-Wesley, 1993, pp 251-281.
  48. Principles of Computer Systems. Lecture notes for 6.826, MIT/LCS/RSS-22, Laboratory for Computer Science, MIT, July 1993 (with W. Weihl).
  49. A new presumed commit optimization for two phase commit. Proc. 19th VLDB Conference, Dublin, 1993, pp 630-640 (with D. Lomet).
  50. Correctness of at-most-once message delivery protocols. Proc. 6th International Conference on Formal Description Techniques, Boston, 1993, pp 387-402 (with N. Lynch and J. Søgaard-Andersen).
  51. Authentication in the Taos operating system. ACM Trans. Computer Systems 12, 1 (Feb. 1994), pp 3-32 (with E. Wobber, M. Abadi, and M. Burrows).
  52. Implementing coherent memory. In A Classical Mind: Essays in Honour of C.A.R. Hoare, ed. A. Roscoe, Prentice-Hall, 1994, pp 259-274.
  53. Putting Telecommunications on the Technology Curve: Architecture and Economics. Lecture notes for 6.892, MIT/LCS/RSS-23, Laboratory for Computer Science, MIT, February 1994 (with S. Gillett and D. Tennenhouse).
  54. Interconnecting computers: Architecture, technology, and economics. Proc. Conference on Programming Languages and System Architectures, Lecture Notes in Computer Science 782, Springer, 1994, pp 1-20.
  55. Executive summary. In Evolving the High Performance Computing and Communications Initiative to Support the Nation's Information Infrastructure, National Academy Press, Washington, 1995, pp 1-12 (with I. Sutherland, E. Lazowska, and others).
  56. Analysis and caching of dependencies. ACM SigPlan International Conference on Functional Programming, Philadelphia, May 1996, pp 83-91 (with M. Abadi and J. Levy).
  57. How to build a highly available system using consensus. In Distributed Algorithms, ed. Babaoglu and Marzullo, Lecture Notes in Computer Science 1151, Springer, 1996, pp 1-17.
  58. Virtual infrastructure: Putting information infrastructure on the technology curve. Computer Networks and ISDN Systems >>28, 13 (Oct. 1996), pp. 1769 - 1790 (with D. Tennenhouse, S. Gillett, and J. Klein).

Autres renseignements

Butler Lampson est invité dans le cadre du colloquium de Rocquencourt.
À ce titre, il visitera l'UR les 29 et 30 septembre 1997. Il est parrainé par Marc Shapiro (projet Sor) et Jean-Jacques Lévy (projet Para).

Les personnes désirant un rendez-vous avec M. Lampson sont priés de contacter Amanda Pierrot, poste 52 07.

Autres liens :
webmaster@inria.fr