Carrying Goals to Newcastle: A Tribute to Brian Randell

  • Peter G. Neumann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6875)


Brian Randell has had an enormous impact on advances directed toward system dependability over the past 40 years. This Festschrift contribution summarizes a few of his contributions as well as recent work that has been at least partially inspired by Brian’s influence.


Covert Channel Secure Computing Operating System Principle Holistic Thinking Separation Kernel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, T., Knight, J.: A framework for software fault tolerance in real-time systems. IEEE Transactions on Software Engineering SE-9(3), 355–364 (1983)CrossRefGoogle Scholar
  2. 2.
    Anderson, T., Lee, P.: Fault-Tolerance: Principles and Practice. Prentice-Hall International, Englewood Cliffs (1981)zbMATHGoogle Scholar
  3. 3.
    Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004)CrossRefGoogle Scholar
  4. 4.
    Boettcher, C., DeLong, R., Rushby, J., Sifre, W.: The MILS component integration approach to secure information sharing. In: 27th AIAA/IEEE Digital Avionics Systems Conference. IEEE, St. Paul MN (2008)Google Scholar
  5. 5.
    Dobson, J., Randell, B.: Building reliable secure computing systems out of unreliable unsecure components. In: Proceedings of the 1986 Symposium on Security and Privacy, pp. 187–193. IEEE Computer Society, Oakland (1986)Google Scholar
  6. 6.
    Horning, J., Randell, B.: Process structuring. ACM Computing Surveys 5(1) (March 1973)Google Scholar
  7. 7.
    Horning, J., Lauer, H., Melliar-Smith, P., Randell, B.: A program structure for error detection and recovery. In: Proceedings of an International Symposium on Operating Systems. LNCS, vol. 16, pp. 171–187. Springer, Berlin (1974)Google Scholar
  8. 8.
    Lampson, B.: Redundancy and robustness in memory protection. In: Information Processing 74 (Proceedings of the IFIP Congress 1974). Hardware, vol. II, pp. 128–132. North-Holland, Amsterdam (1974)Google Scholar
  9. 9.
    Melliar-Smith, P., Schwartz, R.: Formal specification and verification of SIFT: A fault-tolerant flight control system. IEEE Transactions on Computers C-31(7), 616–630 (1982)CrossRefGoogle Scholar
  10. 10.
    Neumann, P.: The role of motherhood in the pop art of system programming. In: Proceedings of the ACM Second Symposium on Operating Systems Principles, Princeton, New Jersey, pp. 13–18. ACM, New York (1969), Scholar
  11. 11.
    Neumann, P.: Practical architectures for survivable systems and networks. Tech. rep., Final Report, Phase Two, Project 1688, SRI International, Menlo Park, California (June 2000),
  12. 12.
    Neumann, P.: Principled assuredly trustworthy composable architectures. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (December 2004),,.pdf,
  13. 13.
    Neumann, P.: Holistic systems. ACM Software Engineering Notes 31(6), 4–5 (2006)CrossRefGoogle Scholar
  14. 14.
    Neumann, P., Boyer, R., Feiertag, R., Levitt, K., Robinson, L.: A Provably Secure Operating System: The system, its applications, and proofs. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California, 2nd edn., Report CSL-116 (May 1980)Google Scholar
  15. 15.
    Neumann, P., Feiertag, R.: PSOS revisited. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Classic Papers section, pp. 208–216. IEEE Computer Society, Las Vegas (2003),, Scholar
  16. 16.
    Neumann, P., Watson, R.N.: Capabilities revisited: A holistic approach to bottom-to-top assurance of trustworthy systems. In: Fourth Layered Assurance Workshop. U.S. Air Force Cryptographic Modernization Office and AFRL, Austin, Texas (December 2010),
  17. 17.
    Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the Nineteenth National Computer Security Conference, October 22-25, pp. 353–365. NIST/NCSC, Baltimore, Maryland (1997)Google Scholar
  18. 18.
    Proctor, N., Neumann, P.: Architectural implications of covert channels. In: Proceedings of the Fifteenth National Computer Security Conference, Baltimore, Maryland, pp. 28–43 (October 13-16, 1992),
  19. 19.
    Randell, B.: System design and structuring. Computer Journal 29(4), 300–306 (1986)CrossRefGoogle Scholar
  20. 20.
    Randell, B., Dobson, J.: Reliability and security issues in distributed computing systems. In: Proceedings of the Fifth Symposium on Reliability in Distributed Software and Database Systems, Los Angeles, California (January 1986)Google Scholar
  21. 21.
    Randell, B., Laprie, J.C., Kopetz, H., Littlewood, B. (eds.): Predictably Dependable Computing Systems. Basic Research Series. Springer, Berlin (1995)zbMATHGoogle Scholar
  22. 22.
    Rushby, J.: The design and verification of secure systems. In: Proceedings of the Eighth ACM Symposium on Operating System Principles, Asilomar, California, pp. 12–21 (December 1981),, ACM Operating Systems Review 15(5)
  23. 23.
    Rushby, J.: Proof of Separability–a verification technique for a class of security kernels. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 352–367. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  24. 24.
    Rushby, J.: A separation kernel formal security policy in PVS. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (March 2004),
  25. 25.
    Rushby, J., DeLong, R.: Toward an integration framework for high-assurance secure components. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (December 2006)Google Scholar
  26. 26.
    Rushby, J., Randell, B.: A distributed secure system. Tech. Rep. 182, Computing Laboratory, University of Newcastle upon Tyne (May 1983)Google Scholar
  27. 27.
    Rushby, J., Randell, B.: A distributed secure system. IEEE Computer 16(7), 55–67 (1983)CrossRefGoogle Scholar
  28. 28.
    Rushby, J., Randell, B.: A distributed secure system (extended abstract). In: Proceedings of the 1983 IEEE Symposium on Security and Privacy, pp. 127–135. IEEE Computer Society, Oakland (1983)Google Scholar
  29. 29.
    Saltzer, J., Kaashoek, F.: Principles of Computer System Design. Morgan Kaufmann, San Francisco (2009), chapters 1-6 only, chapters 7-11 Scholar
  30. 30.
    Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975), http://www.multicians.orgCrossRefGoogle Scholar
  31. 31.
    Watson, R.: New Approaches to Operating System Security Extensibility. Tech. rep., Ph.D. Thesis, University of Cambridge, Cambridge, UK (January 2011)Google Scholar
  32. 32.
    Watson, R., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: Practical capabilities for Unix. In: Proceedings of the 19th USENIX Security Symposium. USENIX (August 2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Peter G. Neumann
    • 1
  1. 1.Computer Science LaboratorySRI InternationalMenlo ParkUSA

Personalised recommendations