Home/red-rock-eater/CFP IEEE Internet Computing - Mobile Code Security

CFP IEEE Internet Computing - Mobile Code Securitywriting

rreauto-importedrre-post
1998-05-12 · 2 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1998/CFP.IEEE.Internet.Comput.html

Content

This web service brought to you by Somewhere.Com, LLC.

CFP IEEE Internet Computing - Mobile Code Security

``` ---

This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu

---

Date: Fri, 23 Jan 1998 15:49:15 -0500 (EST) From: Gary McGraw Subject: CFP IEEE Internet Computing - Mobile Code Security

CALL FOR PAPERS Internet Security in the Age of Mobile Code

A special issue of IEEE Internet Computing November/December 1998

Guest editors: Gary McGraw (gem@rstcorp.com) Edward W. Felten (felten@cs.princeton.edu) Senior Research Scientist Assistant Professor Reliable Software Technologies Department of Computer Science Princeton University

Submissions are due * May 12, 1998 * URL for submission process information: http://computer.org/internet/

Executable content systems like Java, DNA (ActiveX), JavaScript, Postscript, Word Macros, and so on have had a fundamental impact on computer security. The very concept of executable content involves fetching and running data from a most-likely untrusted site. Often, this happens behind the scenes without the client being aware of the details. For example, when a Web user requests a page with a Java applet embedded in it, the Java byte code is automatically downloaded and begins to execute on a virtual machine in the user's browser.

There are a number of technologies evolving to make mobile code safer. These include sandboxing (as implemented in the original Java JDKs) and code signing (as implemented in Microsoft's authenticode model for ActiveX controls). It is clear that future systems of executable content will involve some combination of these technologies as well as a number of others.

This special issue will be devoted to security implications of mobile code. In particular, we are interested in articles discussing:

Code signing technologies, including models for permissions, capabilities, and principals Proof-carrying code and security policy resolution Implications of existing protocols such as SSL on proxy scanning, intrusion detection, and firewalling Handling denial of service Design of secure interfaces for devices such as smart cards Security policy creation and management issues Injecting security into the software development process

Submitted articles will be subjected to peer review. ```

This web service brought to you by Somewhere.Com, LLC.