{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T01:44:00Z","timestamp":1743126240828,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642245404"},{"type":"electronic","value":"9783642245411"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-24541-1_29","type":"book-chapter","created":{"date-parts":[[2012,1,20]],"date-time":"2012-01-20T12:08:56Z","timestamp":1327061336000},"page":"387-392","source":"Crossref","is-referenced-by-count":1,"title":["Carrying Goals to Newcastle: A Tribute to Brian Randell"],"prefix":"10.1007","author":[{"given":"Peter G.","family":"Neumann","sequence":"first","affiliation":[]}],"member":"297","reference":[{"issue":"3","key":"29_CR1","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1109\/TSE.1983.237017","volume":"9","author":"T. Anderson","year":"1983","unstructured":"Anderson, T., Knight, J.: A framework for software fault tolerance in real-time systems. IEEE Transactions on Software Engineering SE-9(3), 355\u2013364 (1983)","journal-title":"IEEE Transactions on Software Engineering SE"},{"key":"29_CR2","volume-title":"Fault-Tolerance: Principles and Practice","author":"T. Anderson","year":"1981","unstructured":"Anderson, T., Lee, P.: Fault-Tolerance: Principles and Practice. Prentice-Hall International, Englewood Cliffs (1981)"},{"issue":"1","key":"29_CR3","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1109\/TDSC.2004.2","volume":"1","author":"A. Avi\u017eienis","year":"2004","unstructured":"Avi\u017eienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing\u00a01(1), 11\u201333 (2004)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"29_CR4","volume-title":"27th AIAA\/IEEE Digital Avionics Systems Conference","author":"C. Boettcher","year":"2008","unstructured":"Boettcher, C., DeLong, R., Rushby, J., Sifre, W.: The MILS component integration approach to secure information sharing. In: 27th AIAA\/IEEE Digital Avionics Systems Conference. IEEE, St. Paul MN (2008)"},{"key":"29_CR5","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1109\/SP.1986.10018","volume-title":"Proceedings of the 1986 Symposium on Security and Privacy","author":"J. Dobson","year":"1986","unstructured":"Dobson, J., Randell, B.: Building reliable secure computing systems out of unreliable unsecure components. In: Proceedings of the 1986 Symposium on Security and Privacy, pp. 187\u2013193. IEEE Computer Society, Oakland (1986)"},{"key":"29_CR6","doi-asserted-by":"crossref","unstructured":"Horning, J., Randell, B.: Process structuring. ACM Computing Surveys 5(1) (March 1973)","DOI":"10.1145\/356612.356614"},{"key":"29_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/BFb0029359","volume-title":"Proceedings of an International Symposium on Operating Systems","author":"J. Horning","year":"1974","unstructured":"Horning, J., Lauer, H., Melliar-Smith, P., Randell, B.: A program structure for error detection and recovery. In: Proceedings of an International Symposium on Operating Systems. LNCS, vol.\u00a016, pp. 171\u2013187. Springer, Berlin (1974)"},{"key":"29_CR8","series-title":"Hardware","first-page":"128","volume-title":"Information Processing 74 (Proceedings of the IFIP Congress 1974)","author":"B. Lampson","year":"1974","unstructured":"Lampson, B.: Redundancy and robustness in memory protection. In: Information Processing 74 (Proceedings of the IFIP Congress 1974). Hardware, vol.\u00a0II, pp. 128\u2013132. North-Holland, Amsterdam (1974)"},{"issue":"7","key":"29_CR9","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1109\/TC.1982.1676059","volume":"C-31","author":"P. Melliar-Smith","year":"1982","unstructured":"Melliar-Smith, P., Schwartz, R.: Formal specification and verification of SIFT: A fault-tolerant flight control system. IEEE Transactions on Computers\u00a0C-31(7), 616\u2013630 (1982)","journal-title":"IEEE Transactions on Computers"},{"key":"29_CR10","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1145\/961053.961060","volume-title":"Proceedings of the ACM Second Symposium on Operating Systems Principles","author":"P. Neumann","year":"1969","unstructured":"Neumann, P.: The role of motherhood in the pop art of system programming. In: Proceedings of the ACM Second Symposium on Operating Systems Principles, Princeton, New Jersey, pp. 13\u201318. ACM, New York (1969), http:\/\/www.multicians.org\/pgn-motherhood.html"},{"key":"29_CR11","doi-asserted-by":"crossref","unstructured":"Neumann, P.: Practical architectures for survivable systems and networks. Tech. rep., Final Report, Phase Two, Project 1688, SRI International, Menlo Park, California (June 2000), http:\/\/www.csl.sri.com\/neumann\/survivability.html","DOI":"10.21236\/ADA368944"},{"key":"29_CR12","unstructured":"Neumann, P.: Principled assuredly trustworthy composable architectures. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (December 2004), http:\/\/www.csl.sri.com\/neumann\/chats4.html,.pdf,and.ps"},{"issue":"6","key":"29_CR13","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1145\/1218776.1218809","volume":"31","author":"P. Neumann","year":"2006","unstructured":"Neumann, P.: Holistic systems. ACM Software Engineering Notes\u00a031(6), 4\u20135 (2006)","journal-title":"ACM Software Engineering Notes"},{"key":"29_CR14","unstructured":"Neumann, P., Boyer, R., Feiertag, R., Levitt, K., Robinson, L.: A Provably Secure Operating System: The system, its applications, and proofs. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California, 2nd edn., Report CSL-116 (May 1980)"},{"key":"29_CR15","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1109\/CSAC.2003.1254326","volume-title":"Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Classic Papers section","author":"P. Neumann","year":"2003","unstructured":"Neumann, P., Feiertag, R.: PSOS revisited. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Classic Papers section, pp. 208\u2013216. IEEE Computer Society, Las Vegas (2003), http:\/\/www.acsac.org\/ , http:\/\/www.csl.sri.com\/neumann\/psos03.pdf"},{"key":"29_CR16","unstructured":"Neumann, P., Watson, R.N.: Capabilities revisited: A holistic approach to bottom-to-top assurance of trustworthy systems. In: Fourth Layered Assurance Workshop. U.S. Air Force Cryptographic Modernization Office and AFRL, Austin, Texas (December 2010), http:\/\/www.csl.sri.com\/neumann\/law10.pdf"},{"key":"29_CR17","first-page":"353","volume-title":"Proceedings of the Nineteenth National Computer Security Conference","author":"P. Porras","year":"1997","unstructured":"Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the Nineteenth National Computer Security Conference, October 22-25, pp. 353\u2013365. NIST\/NCSC, Baltimore, Maryland (1997)"},{"key":"29_CR18","unstructured":"Proctor, N., Neumann, P.: Architectural implications of covert channels. In: Proceedings of the Fifteenth National Computer Security Conference, Baltimore, Maryland, pp. 28\u201343 (October 13-16, 1992), http:\/\/www.csl.sri.com\/neumann\/ncs92.html"},{"issue":"4","key":"29_CR19","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1093\/comjnl\/29.4.300","volume":"29","author":"B. Randell","year":"1986","unstructured":"Randell, B.: System design and structuring. Computer Journal\u00a029(4), 300\u2013306 (1986)","journal-title":"Computer Journal"},{"key":"29_CR20","unstructured":"Randell, B., Dobson, J.: Reliability and security issues in distributed computing systems. In: Proceedings of the Fifth Symposium on Reliability in Distributed Software and Database Systems, Los Angeles, California (January 1986)"},{"key":"29_CR21","series-title":"Basic Research Series","volume-title":"Predictably Dependable Computing Systems","year":"1995","unstructured":"Randell, B., Laprie, J.C., Kopetz, H., Littlewood, B. (eds.): Predictably Dependable Computing Systems. Basic Research Series. Springer, Berlin (1995)"},{"key":"29_CR22","doi-asserted-by":"crossref","unstructured":"Rushby, J.: The design and verification of secure systems. In: Proceedings of the Eighth ACM Symposium on Operating System Principles, Asilomar, California, pp. 12\u201321 (December 1981), http:\/\/www.csl.sri.com\/~rushby\/abstracts\/sosp81 , ACM Operating Systems Review 15(5)","DOI":"10.1145\/1067627.806586"},{"key":"29_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1007\/3-540-11494-7_23","volume-title":"International Symposium on Programming","author":"J. Rushby","year":"1982","unstructured":"Rushby, J.: Proof of Separability\u2013a verification technique for a class of security kernels. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol.\u00a0137, pp. 352\u2013367. Springer, Heidelberg (1982)"},{"key":"29_CR24","unstructured":"Rushby, J.: A separation kernel formal security policy in PVS. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (March 2004), http:\/\/www.csl.sri.com\/~rushby\/abstracts\/"},{"key":"29_CR25","unstructured":"Rushby, J., DeLong, R.: Toward an integration framework for high-assurance secure components. Tech. rep., Computer Science Laboratory, SRI International, Menlo Park, California (December 2006)"},{"key":"29_CR26","doi-asserted-by":"crossref","unstructured":"Rushby, J., Randell, B.: A distributed secure system. Tech. Rep. 182, Computing Laboratory, University of Newcastle upon Tyne (May 1983)","DOI":"10.1109\/SP.1983.10019"},{"issue":"7","key":"29_CR27","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1109\/MC.1983.1654443","volume":"16","author":"J. Rushby","year":"1983","unstructured":"Rushby, J., Randell, B.: A distributed secure system. IEEE Computer\u00a016(7), 55\u201367 (1983)","journal-title":"IEEE Computer"},{"key":"29_CR28","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1109\/SP.1983.10019","volume-title":"Proceedings of the 1983 IEEE Symposium on Security and Privacy","author":"J. Rushby","year":"1983","unstructured":"Rushby, J., Randell, B.: A distributed secure system (extended abstract). In: Proceedings of the 1983 IEEE Symposium on Security and Privacy, pp. 127\u2013135. IEEE Computer Society, Oakland (1983)"},{"key":"29_CR29","volume-title":"Principles of Computer System Design","author":"J. Saltzer","year":"2009","unstructured":"Saltzer, J., Kaashoek, F.: Principles of Computer System Design. Morgan Kaufmann, San Francisco (2009), chapters 1-6 only, chapters 7-11 http:\/\/ocw.mit.edu\/Saltzer-Kaashoek"},{"issue":"9","key":"29_CR30","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J. Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of the IEEE\u00a063(9), 1278\u20131308 (1975), http:\/\/www.multicians.org","journal-title":"Proceedings of the IEEE"},{"key":"29_CR31","unstructured":"Watson, R.: New Approaches to Operating System Security Extensibility. Tech. rep., Ph.D. Thesis, University of Cambridge, Cambridge, UK (January 2011)"},{"key":"29_CR32","unstructured":"Watson, R., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: Practical capabilities for Unix. In: Proceedings of the 19th USENIX Security Symposium. USENIX (August 2010)"}],"container-title":["Lecture Notes in Computer Science","Dependable and Historic Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-24541-1_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T03:37:27Z","timestamp":1593574647000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-24541-1_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642245404","9783642245411"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-24541-1_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}