A special issue of IEEE Internet Computing
November/December 1998
Guest editors:
Gary McGraw (gem@rstcorp.com) Edward W. Felten (felten@cs.princeton.edu)
Senior Research Scientist Assistant Professor
Reliable Software Technologies Department of Computer Science
Princeton University
Submissions are due **** May 12, 1998 ****
URL for submission process information: http://computer.org/internet/
Executable content systems like Java, DNA (ActiveX), JavaScript,
Postscript, Word Macros, and so on have had a fundamental impact on
computer security. The very concept of executable content involves
fetching and running data from a most-likely untrusted site. Often,
this happens behind the scenes without the client being aware of the
details. For example, when a Web user requests a page with a Java
applet embedded in it, the Java byte code is automatically downloaded
and begins to execute on a virtual machine in the user's browser.
There are a number of technologies evolving to make mobile code
safer. These include sandboxing (as implemented in the original Java
JDKs) and code signing (as implemented in Microsoft's authenticode model
for ActiveX controls). It is clear that future systems of executable
content will involve some combination of these technologies as well as
a number of others.
This special issue will be devoted to security implications of mobile
code. In particular, we are interested in articles discussing:
* Code signing technologies, including models for permissions,
capabilities, and principals
* Proof-carrying code and security policy resolution
* Implications of existing protocols such as SSL on proxy
scanning, intrusion detection, and firewalling
* Handling denial of service
* Design of secure interfaces for devices such as smart cards
* Security policy creation and management issues
* Injecting security into the software development process
Submitted articles will be subjected to peer review.