Advertisement

High Assurance Software Lessons and Techniques

  • Ted Huffmire
  • Cynthia Irvine
  • Thuy D. Nguyen
  • Timothy Levin
  • Ryan Kastner
  • Timothy Sherwood

Abstract

To understand the principles needed to manage security in FPGA designs, this chapter presents lessons learned from the development of high assurance systems. These principles include risk assessment, threat models, policy enforcement, lifecycle management, assessment criteria, configuration control, and development environments.

Keywords

Security Policy Intrusion Detection System Trojan Horse Covert Channel Threat Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    S. Adee, The hunt for the kill switch. IEEE Spectrum 45(5), 34–39 (2008) CrossRefGoogle Scholar
  2. 2.
    P. Ammann, R.S. Sandhu, The extended schematic protection model. J. Comput. Secur. 1(3, 4), 335–385 (1992) Google Scholar
  3. 3.
    J.P. Anderson, Computer security technology planning study. Tech. Rep. ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972. Also available as vol. I, DITCAD-758206. Vol. II, DITCAD-772806 Google Scholar
  4. 4.
    E.A. Anderson, C.E. Irvine, R.R. Schell, Subversion as a threat in information warfare. J. Inf. Warfare 3(2), 52–65 (2004) Google Scholar
  5. 5.
    M.J. Bach, The Design of the UNIX Operating System (Prentice Hall, Inc., Englewood Cliffs, 1986) Google Scholar
  6. 6.
    T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S.K.R. Jamani, A. Ustuner, Thorough static analysis of device drivers. SIGOPS Oper. Syst. Rev. 40(4), 73–85 (2006) CrossRefGoogle Scholar
  7. 7.
    D.E. Bell, L. LaPadula, Secure computer system: unified exposition and multics interpretation. Tech. Rep. ESD-TR-75-306, MITRE Corp., Hanscom AFB, MA, 1975 Google Scholar
  8. 8.
    D.E. Bell, L. LaPadula, Secure computer systems: mathematical foundations and model. Tech. Rep. M74-244, MITRE Corp., Bedford, MA, 1973 Google Scholar
  9. 9.
    K.J. Biba, Integrity considerations for secure computer systems. Tech. Rep. ESD-TR-76-372, MITRE Corp., 1977 Google Scholar
  10. 10.
    E.W. Bobert, On the inability of an unmodified capability machine to enforce the *-property, in Proceedings DoD/NBS Computer Security Conference, September 1984, pp. 291–293 Google Scholar
  11. 11.
    G. Boolos, R. Jeffrey, Computability and Logic (Cambridge University Press, Cambridge, 1974) zbMATHGoogle Scholar
  12. 12.
    CCEVS, Publication #4: guidance to CCEVS approved Common Criteria testing laboratories, version 2.0. National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme, September 2008 Google Scholar
  13. 13.
    CCEVS, Publication #1: organization, management and concept of operations, version 2.0. National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme, September 2008 Google Scholar
  14. 14.
    CCMB, Common Criteria for information technology security evaluation, revision 3.1, revision 1, no. CCMB-2006-09-001. Common Criteria Maintenance Board, September 2006 Google Scholar
  15. 15.
    B.E. Chelf, S.A. Hallem, A.C. Chou, Systems and methods for performing static analysis on source code. US Patent 7,340,726, Coverity, Inc., 2008 Google Scholar
  16. 16.
    H. Chen, D. Wagner, MOPS: an infrastructure for examining security properties of software, in Proc. 9th ACM Conf. Computer and Communications Security (CCS 02) Google Scholar
  17. 17.
    B. Chess, G. McGraw, Static analysis for security. IEEE Secur. Priv. 2, 76–79 (2004) Google Scholar
  18. 18.
    S. Christy, R.A. Martin, Vulnerability type distributions in CVE. http://cve.mitre.org/docs/vuln-trends/index.html, May 2007
  19. 19.
    J.P.A. Co, Computer security threat monitoring and surveillance. Tech. Rep., James P. Anderson Co., Fort Washington, PA 19034, February 1980 Google Scholar
  20. 20.
    Committee on National Security Systems, NSTISSP no. 11, revised fact sheet. National Information Assurance Acquisition Policy, July 2003 Google Scholar
  21. 21.
    Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 3: security assurance components, version 2.3, CCMB-2005-08-003. Common Criteria Maintenance Board, August 2005 Google Scholar
  22. 22.
    Common Criteria Development Board, The application of CC to integrated circuits, version 2.0, revision 1, CCDB-2006-04-003. Supporting document, mandatory technical document. Common Criteria Development Board, April 2006 Google Scholar
  23. 23.
    Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 1: introduction and general model, version 3.1, revision 1, CCMB-2006-09-001. Common Criteria Maintenance Board, September 2006 Google Scholar
  24. 24.
    Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 2: security functional components, version 3.1, revision 2, CCMB-2007-09-002. Common Criteria Maintenance Board, September 2007 Google Scholar
  25. 25.
    Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 3: security assurance components, version 3.1, revision 2, CCMB-2007-09-003. Common Criteria Maintenance Board, September 2007 Google Scholar
  26. 26.
    Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, evaluation methodology, version 3.1, revision 2, CCMB-2007-09-004. Common Criteria Maintenance Board, September 2007 Google Scholar
  27. 27.
    M.A. Cusumano, Who is liable for bugs and security flaws in software? Commun. ACM 47, 25–27 (2004) Google Scholar
  28. 28.
    M. Das, S. Lerner, M. Seigle, ESP: path-sensitive program verification in polynomial time, in PLDI 02: Programming Language Design and Implementation, June 2002, pp. 57–68 Google Scholar
  29. 29.
    P.J. Denning, Virtual memory. ACM Comput. Surv. 2(3), 153–189 (1970) zbMATHCrossRefGoogle Scholar
  30. 30.
    D.E. Denning, A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976) MathSciNetzbMATHCrossRefGoogle Scholar
  31. 31.
    D.E. Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987) CrossRefGoogle Scholar
  32. 32.
    J.B. Dennis, E.C.V. Horn, Programming semantics for multiprogrammed computations. Commun. ACM 9(3), 143–155 (1966) zbMATHCrossRefGoogle Scholar
  33. 33.
    DigitalNet Government Solutions, Security target version 1.7 for XTS-6.0.E, March 2004 Google Scholar
  34. 34.
    P. Eggert, D. Cooper, S. Eckmann, J. Gingerich, S. Holtsberg, N. Kelem, R. Martin, FDM user guide. No. TM-8486/000/04, Reston, VA: Unisys Corporation, June 1992 Google Scholar
  35. 35.
    European Commission, Biometrics at the frontiers: assessing the impact on society. Tech. Rep., European Commission Joint Research Center (DG JRC), Institute for Prospective Technological Studies, 2005 Google Scholar
  36. 36.
    R. Fabry, Capability-based addressing. Commun. ACM 17, 403–412 (1974) CrossRefGoogle Scholar
  37. 37.
    R. Fitzgerald, trans. Homer: The Odyssey (Vintage, New York, 1961) Google Scholar
  38. 38.
    L.J. Fraim, Scomp: a solution to the multilevel security problem. Computer 16, 26–34 (1983) CrossRefGoogle Scholar
  39. 39.
    J. Goguen, J. Meseguer, Security policies and security models, in Proc. of 1982 IEEE Symposium on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1982), pp. 11–20 Google Scholar
  40. 40.
    G.S. Graham, P.J. Denning, Protection—principles and practice, in Proceedings of the Spring Joint Computer Conference, May 1972, pp. 417–429 Google Scholar
  41. 41.
    I. Hadzic, S. Udani, J. Smith. FPGA viruses, in Proceedings of the Ninth International Workshop on Field-Programmable Logic and Applications (FPL’99), Glasgow, UK, August 1999 Google Scholar
  42. 42.
    M. Harrison, W. Ruzzo, J. Ullman, Protection in operating systems. Commun. ACM 19(8), 461–471 (1976) MathSciNetzbMATHCrossRefGoogle Scholar
  43. 43.
    J.L. Hennessy, D.A. Patterson, Computer Architecture: A Quantitative Approach, 4th edn. (Morgan Kaufmann, San Mateo, 2006) zbMATHGoogle Scholar
  44. 44.
    C.A.R. Hoare, Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978) MathSciNetzbMATHCrossRefGoogle Scholar
  45. 45.
    J. Horton, R. Harland, E. Ashby, R.H. Cooper, W.F. Hyslop, B. Nickerson, W.M. Stewart, O. Ward, The cascade vulnerability problem, in Proceedings IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1993, pp. 110–116 Google Scholar
  46. 46.
    IAD (Information Assurance Directorate), US Government protection profile for separation kernels in environments requiring high robustness. National Information Assurance Partnership, version 1.03 edn., 29 June 2007 Google Scholar
  47. 47.
    Intel, Intel 64 and IA32 architectures software developer’s manual, vol. 3A: system programming guide, part 1. Intel Corporation, Denver, CO, 253668-022us edn., November 2006 Google Scholar
  48. 48.
    D. Jackson, Software Abstractions: Logic, Language, and Analysis (MIT Press, Cambridge, 2006) Google Scholar
  49. 49.
    A.K. Jain, S. Pankanti, S. Prabhakar, L. Hong, A. Ross, J.L. Wayman, Biometrics: a grand challenge, in Proceedings of the 17th International Conference on Pattern Recognition, August 2004, pp. 935–942 Google Scholar
  50. 50.
    M.J. Kaminskas, Risk Assessment/Risk Management. Building Design for Homeland Security, vol. 5. FEMA, Risk Management Series ed. (2007). http://www.fema.gov/library/viewRecord.do?id=1939
  51. 51.
    P.A. Karger, Improving security performance for capability systems. Ph.D. thesis, University of Cambridge, Cambridge, England, 1988 Google Scholar
  52. 52.
    P. Karger, A.J. Herbert, An augmented capability architecture to support lattice security and traceability of access, in Proceedings 1984 IEEE Symposium on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1984), pp. 2–12 Google Scholar
  53. 53.
    P.A. Karger, R.R. Schell, Multics security evaluation: vulnerability analysis. Tech. Rep. ESD-TR-74-193, vol. II, HQ Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731, June 1974 Google Scholar
  54. 54.
    M. Kaufmann, J. Moore, An industrial strength theorem prover for a logic based on common Lisp. IEEE Trans. Softw. Eng. 23(4), 203–213 (1997) CrossRefGoogle Scholar
  55. 55.
    G.H. Kim, E.H. Spafford, The design and implementation of Tripwire: a file system integrity checker, in Proceedings of the 2nd ACM Conference on Computing and Communications Security (CCS), Fairfax, VA, November 1994 Google Scholar
  56. 56.
    P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems, in Proceedings of the 16th Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 1996 Google Scholar
  57. 57.
    M. Kurdziel, J. Fitton, Baseline requirements for government and military encryption algorithms, in MILCOM, vol. 2, Oct. 2002, pp. 1491–1497 Google Scholar
  58. 58.
    L. Lack, Using the bootstrap concept to build an adaptable and compact subversion artifice. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003 Google Scholar
  59. 59.
    B.W. Lampson, Protection, in Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, NJ, 1971 Google Scholar
  60. 60.
    B.W. Lampson, A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973) CrossRefGoogle Scholar
  61. 61.
    C.E. Landwehr, Formal models for computer security. ACM Comput. Surv. 13(3), 247–278 (1981) CrossRefGoogle Scholar
  62. 62.
    K. Lee, L. Sha, Process resurrection: a fast recovery mechanism for real-time embedded systems, in Proceedings of 11th IEEE Real Time and Embedded Technology and Applications Symposium 2005 (RTAS 2005), March 2005, pp. 292–301 Google Scholar
  63. 63.
    T.E. Levin, C.E. Irvine, T.D. Nguyen, Least privilege in separation kernels, in E-business and Telecommunication Networks; Third International Conference, ed. by J. Filipe, M.S. Obaidat. ICETE 2006, Set’ubal, Portugal, 7–10 August 2006. Communications in Computer and Information Science, vol. 9 (Springer, Berlin, 2008) Google Scholar
  64. 64.
    T.E. Levin, C.E. Irvine, C. Weissman, T.D. Nguyen, Analysis of three multilevel security architectures, in Proceedings 1st Computer Security Architecture Workshop, Fairfax, VA, November 2007, pp. 37–46 Google Scholar
  65. 65.
    H.M. Levy, Capability-based Computer Systems (Digital Press, Bedford, 1984) Google Scholar
  66. 66.
    S. Lipner, The trustworthy computing security development lifecycle, in Proceedings 20th Annual Computer Security Applications Conference (IEEE Comput. Soc., Los Alamitos, 2004), pp. 2–13 CrossRefGoogle Scholar
  67. 67.
    Lockheed-Martin/The Open Group, Protection Profile for PKS in environments requiring high robustness. Draft Version 1.3, submittal for NSA approval, 09 June 2003. http://www.csds.uidaho.edu/pp/PKPP1_3.pdf. Last accessed: 15 March 2009
  68. 68.
    T.F. Lunt, Access control policies: some unanswered questions. Comput. Secur. 8, 43–54 (1989) CrossRefGoogle Scholar
  69. 69.
    T.F. Lunt, P.G. Neumann, D.E. Denning, R.R. Schell, M. Heckman, W.R. Shockley, Secure distributed data views security policy and interpretation for DMBS for a Class A1 DBMS. Tech. Rep. RADC-TR-89-313, vol. I, Rome Air Development Center, Griffiss, Air Force Base, NY, December 1989 Google Scholar
  70. 70.
    J. McLean, Security models and information flow, in Proceedings of the IEEE Symposium on Security and Privacy (IEEE Comput. Soc., Los Alamitos, 1990), pp. 180–189 Google Scholar
  71. 71.
    J. Millen, The cascading problem for interconnected networks, in Fourth Aerospace Computer Security Applications Conference, 1988, pp. 269–273 Google Scholar
  72. 72.
    J. Murray, An exfiltration subversion demonstration. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003 Google Scholar
  73. 73.
    S. Myagmar, A. Lee, W. Yurcik, Threat modeling as a basis for security requirements, in Proc. Symp. Requirements Engineering for Information Security (SREIS 05), 2005 Google Scholar
  74. 74.
    P. Myers, Subversion: the neglected aspect of computer security. M.S. thesis, Naval Postgraduate School, Monterey, CA, 1980 Google Scholar
  75. 75.
    National Computer Security Center, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, July 1987 Google Scholar
  76. 76.
    National Computer Security Center, A guide to understanding object reuse in trusted systems. Tech. Rep. NCSC TG-018, National Computer Security Center, Fort George G. Meade, MD, 1991 Google Scholar
  77. 77.
    E.I. Organick, The Multics System: An Examination of Its Structure (MIT Press, Cambridge, 1972) Google Scholar
  78. 78.
    L.C. Paulson, Isabelle: A Generic Theorem Prover. LNCS, vol. 828 (Springer, Berlin, 1994) zbMATHGoogle Scholar
  79. 79.
    V. Paxon, Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999) CrossRefGoogle Scholar
  80. 80.
    D. Redell, R. Fabry, Selective Revocation of Capabilities, International Workshop on Protection in Operating Systems, IRIA, 1974 Google Scholar
  81. 81.
    D. Rogers, A framework for dynamic subversion. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003 Google Scholar
  82. 82.
    A. Roscoe, CSP and determinism in security modelling, in Proceedings of the IEEE Symposium on Security and Privacy (IEEE Comput. Soc., Los Alamitos, 1995), pp. 114–127 Google Scholar
  83. 83.
    J. Rushby, Design and verification of secure systems. ACM SIGOPS Operating Systems Review, vol. 15, December 1981, p. 12 Google Scholar
  84. 84.
    J. Rushby, S. Owre, N. Shankar, Subtypes for specifications: predicate subtyping in PVS. IEEE Trans. Softw. Eng. 24(9), 709–720 (1998) CrossRefGoogle Scholar
  85. 85.
    J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975) CrossRefGoogle Scholar
  86. 86.
    R. Sandu, Analysis of acyclic attenuating systems for the SSR protection model, in Proceedings of the 1985 IEEE Symposium on Security and Privacy, April 1985, pp. 197–206 Google Scholar
  87. 87.
    R.S. Sandhu, The schematic protection model: its definition and analysis for acyclic attenuating schemes. J. ACM 35, 404–432 (1988) CrossRefGoogle Scholar
  88. 88.
    R.R. Schell, P.J. Downey, G.J. Popek, Preliminary notes on the design of secure military computer systems. Tech. Rep. MCI-73-1, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA, 73 Google Scholar
  89. 89.
    R. Schell, T.F. Tao, M. Heckman, Designing the GEMSOS security kernel for security and performance, in Proceedings 8th DoD/NBS Computer Security Conference, 1985, pp. 108–119 Google Scholar
  90. 90.
    D.D. Schnackenberg, Development of a multilevel secure local area network, in Proceedings of the 8th National Computer Security Conference, October 1985, pp. 97–101 Google Scholar
  91. 91.
    M.D. Schroeder, J.H. Saltzer, A hardware architecture for implementing protection rings. Commun. ACM 15(3), 157–170 (1972) CrossRefGoogle Scholar
  92. 92.
    J.S. Shapiro, J.M. Smith, D.J. Farber, EROS: a fast capability system, in SOSP’99: Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles (ACM, New York, 1999), pp. 170–185 CrossRefGoogle Scholar
  93. 93.
    L.J. Shirley, R.R. Schell, Mechanism sufficiency validation by assignment, in Proceedings 1981 IEEE Symposium on Security and Privacy, Oakland (IEEE Comput. Soc., Los Alamitos, 1981), pp. 26–32 Google Scholar
  94. 94.
    W.R. Shockley, R.R. Schell, TCB subsets for incremental evaluation, in Proceedings Third AIAA Conference on Computer Security, December 1987, pp. 131–139 Google Scholar
  95. 95.
    A. Silberschatz, P.B. Galvin, G. Gagne, Operating System Concepts, 7th edn. (Wiley, New York, 2005) Google Scholar
  96. 96.
    Snort.org, Snort. http://www.snort.org/, last referenced 22 March 2009
  97. 97.
    Specware 4.2 Manual, Kestrel Technology, http://www.specware.org/documentation/4.2/languagemanual/SpecwareLanguageManual.pdf, 3 November 2008
  98. 98.
    J.M. Spivey, Understanding Z: A Specification Language and Its Formal Semantics (Cambridge University Press, Cambridge, 1988) zbMATHGoogle Scholar
  99. 99.
    D.F. Sterne, On the buzzword “security policy”, in Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1991), pp. 219–230 Google Scholar
  100. 100.
    The Easter Egg Archive, Excel Easter Egg—Excel 97 flight to credits. http://www.eeggs.com/items/718.html, last accessed 19 February 2009
  101. 101.
    K. Thompson, Reflections on trusting trust. Commun. ACM 27(8), 761–763 (1984) CrossRefGoogle Scholar
  102. 102.
    S. Trimberger, Trusted design in FPGAs, in Proceedings of the 44th Design Automation Conference, San Diego, CA, June 2007 Google Scholar
  103. 103.
    US Department of Commerce and Communications Security Establishment of the Government of Canada, Implementation guidance for FIPS PUB 140-2 and the cryptographic module validation program, initial release: 28 March 2003, last update: 10 March 2009. National Institute of Standards and Technology, Gaithersburg, MD, March 2009 Google Scholar
  104. 104.
    US Department of Commerce, Security requirements for cryptographic modules, Federal Information Processing Standards Publication 140-2. National Institute of Standards and Technology, Gaithersburg, MD, May 2001 Google Scholar
  105. 105.
    US Department of Commerce, Standards for security categorization of federal information and information systems, Federal Information Processing Standards Publication 199. National Institute of Standards and Technology, Gaithersburg, MD, February 2004 Google Scholar
  106. 106.
    US Department of Commerce, Recommended security controls for federal information systems, NIST Special Publication 800-53 Revision 2. National Institute of Standards and Technology, Gaithersburg, MD, December 2007 Google Scholar
  107. 107.
    US Department of Commerce, Security requirements for cryptographic modules, Federal Information Processing Standards Publication 140-3 (Draft: 07-13-2007). National Institute of Standards and Technology, Gaithersburg, MD, July 2007 Google Scholar
  108. 108.
    US Department of Commerce, Security considerations in the system development life cycle, NIST Special Publication 800-64 Revision 2. National Institute of Standards and Technology, Gaithersburg, MD, October 2008 Google Scholar
  109. 109.
    US Department of Commerce, Derived test requirements for FIPS PUB 140-2, Security requirements for cryptographic modules, 24 March 2004, Draft, CMVP program staff (NIST, CSE and CMVP laboratories). National Institute of Standards and Technology, Gaithersburg, MD. http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/fips1402DTR.pdf. Cited 7 April 2009
  110. 110.
    US Department of Defense, Trusted computer systems evaluation criteria (Orange Book) 5200.28-STD. National Computer Security Center, Fort Meade, MD, Dec. 1985 Google Scholar
  111. 111.
    US Department of Defense, A guide to understanding trusted distribution in trusted systems, version 2, NCSC-TG-008. National Computer Security Center, Fort Meade, MD, December 1988 Google Scholar
  112. 112.
    US Department of Defense, A guide to understanding trusted recovery in trusted systems, version 1, NCSC-TG-022. National Computer Security Center, Fort Meade, MD, December 1991 Google Scholar
  113. 113.
    US Department of Defense, Defense Science Board task force on high performance microchip supply. Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics, Washington, DC, February 2005 Google Scholar
  114. 114.
    US Department of Defense, TRUST in integrated circuits, presolicitation notice, solicitation number: BAA07-24. Defense Advanced Research Project Agency, Microsystems Technology Office, Arlington, VA, March 2007. http://www.darpa.mil/mto/solicitations/baa07-24/index.html, cited 27 Mar 2009
  115. 115.
    D. Volpano, C. Irvine, Secure flow typing. Comput. Secur. 16(2), 137–144 (1997) CrossRefGoogle Scholar
  116. 116.
    D.R. Wichers, Conducting an object reuse study, in Proceedings of the 13th National Computer Security Conference, October 1990, pp. 738–747 Google Scholar
  117. 117.
    M.V. Wilkes, R.M. Needham, The Cambridge model distributed system. ACM SIGOPS Oper. Syst. Rev. 14(1), 21–29 (1980) CrossRefGoogle Scholar
  118. 118.
    E. Witchel, J. Cates, K. Asanovic, Mondrian memory protection, in Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October 2002 Google Scholar
  119. 119.
    C. Zymaris, A comparison of the GPL and the Microsoft EULA. 2003. Cybersource. Retrieved 15 September 2008, from http://www.cybersource.com.au/cyber/about/comparing_the_gpl_to_eula.pdf

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  • Ted Huffmire
    • 1
  • Cynthia Irvine
    • 1
  • Thuy D. Nguyen
    • 1
  • Timothy Levin
    • 1
  • Ryan Kastner
    • 2
  • Timothy Sherwood
    • 3
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA
  2. 2.Dept. of Computer Science and Eng.University of California, San DiegoLa JollaUSA
  3. 3.Department of Computer ScienceUC, Santa BarbaraSanta BarbaraUSA

Personalised recommendations