|
Dresden, Germany, 12–13 November 2003
The goal of this conference was to show and discuss future trends
at Microsoft as well as upcoming research trends related to Microsoft
and the Microsoft .NET Common Language Runtime (CLR). Topics were
Microsoft's Trustworthy Computing Initiative, a preview
into future versions of windows, an introduction to A#, Mobile IPV6, Phoenix, the next
generation .NET optimization framework which will be the basis for code
generation for all future Microsoft optimizing compilers, as well as
activities on process modelling and managing.
Presentations abstract and material
Microsoft and
Academia - Partnership in Innovation
Preview
of Windows next version (Longhorn)
Richard Banks, Microsoft UK
Windows "Longhorn"
enables user experiences beyond what is possible today. Learn about
Microsoft's user-centred approach and philosophy that motivated
these enhancements. In addition to describing our new user interface
concepts, rationale, and reasoning, the presentation will go into
more detail around the new storage experience, that allows people to
more easily manage their files.
Vulnerability
Analysis Using Attack Graphs
Jeannette Wing, Carnegie Mellon University
Attack graphs represent the ways in which an adversary can exploit
vulnerabilities to break into a system. System administrators
analyze these attack graphs to understand where their system's
weaknesses lie and to help decide which security measures will be
effective to deploy. In practice, attack graphs are produced
manually by Red Teams. Construction by hand, however, is tedious,
error-prone, and impractical for attack graphs larger than a hundred
nodes. In this talk I present a technique, based on model checking,
for generating attack graphs automatically. I also describe two
kinds of analyses of attack graphs that system administrators can
perform in trading off one security measure for another. This work
is joint with Somesh Jha and Oleg Sheyner.
Trustworthy
Computing at Microsoft
Gerold Huebner, Chief Security Officer Microsoft Germany
Neeraj Suri, University of Technology Darmstadt
Kai Rannenberg, University of Frankfurt
During this panel
discussion, the ongoing work on Trustworthy Computing at Microsoft
will be presented from different views. Gerold Huebner can give an
overview on the activities from a German point of view. Prof. Suri
is a member of the "Microsoft Research Trustworthy Computing Academic
Advisory Board" in Redmond. Prof. Rannenberg, a former
researcher of the Microsoft Research Lab in Cambridge now owns the
T-Mobile funded chair for M-Commerce in Frankfurt.
Using Phoenix
in Software Research and Engineering
John Lefor, Microsoft Research
Shahrokh Mortazavi,
Microsoft Corporation
Phoenix is the
next generation .NET optimization framework which will be the basis
for code generation for all future Microsoft optimizing compilers.
In addition to being an optimizing backend for code generation,
Phoenix is designed to support the implementation of static and
dynamic software analysis tools using an extensible architecture.
One of the major objectives of Phoenix is to offer this architecture
in a package that is flexible enough to support research in various
areas of software engineering. This talk will provide an overview of
the design goals of Phoenix as well as insight into how the building
block architecture of Phoenix can be leveraged in an academic
software research environment. In addition we will discuss several
of the ways that Phoenix will be made available to the research
community for both development and as a shipping product.
Innovation knows no borders - Public-private partnership
research
and development in Europe
Dr. Gtz-Philip Brasche,
European Microsoft Innovation Center
The European Microsoft Innovation Center (EMIC), located in Aachen,
NorthRhine-Westfalia, Germany. represents the company's latest
commitment to fostering innovation in the region and adds an
additional component to the research and development work Microsoft
carries out worldwide. Created to foster public-private partnerships
throughout Europe, the work at the EMIC will contribute information
technology expertise to public-private partnership-based projects.
Working together with academic institutions and industry partners,
the EMIC will concentrate its efforts in security and privacy,
mobility and wireless, Web services technologies and social concerns
such as e-learning and e-health.
A#
Wolfram Schulte, Microsoft Research
A# is a behavioral
specification language, tailored to provide meaning to .NET
components. A# allows to specify the behavior of a method of a in
two ways: Pre-postconditions describe the behavior of a method
(property/delegate) declaratively by stating what is required before
a method is called and what the method guarantees. Model programs
describe the meaning of a method operationally by code.
The goal of A# is to be an effective tool for programmers while
designing, debugging and testing .NET components. For instance A#
comes with a test tool, that enables to generate conformance test
suites from model programs and it also comes with a run time
assertion checking, which allows A# models to be used as test
oracles. In this talk I will describe some of A#'s new language
features and I will dive into the theory and practice of the test
tool.
Shared Source
Common Language Runtime Infrastructure, Past, present and future
Damien Watkins, Microsoft Research
The Shard
Source Common Language Infrastructure (SSCLI) is an implementation
of the ECMA CLI specification that targets multiple platforms and is
available as source code. The SSCLI therefore allows researches and
students to examine and even modify the internals of an
implementation of the CLI. In this talk we look at the history and
the future of the SSCLI.
Mobile IPV6 on
Windows
Greg O'Shea, Microsoft Research
Mobile IPv6
(MIPv6) is a protocol that allows a network device to move between
IPv6 networks without breaking existing connections and without
having to change its well-known IP address. This may be of
importance to future generations of mobile, wireless devices. MIPv6
is a relatively large protocol whose specification has taken over
seven years and an unusual amount of effort to develop. It was
approved by the IESG in July 2003. This talk describes the protocol
and our experimental implementation for Windows (CE) which is based
on earlier collabration with the University of Lancaster.
J# in Academia
Brian Keller, Microsoft Corporation
Visual J# .NET
can help teachers and students with existing Java-language
curriculum utilize Visual Studio .NET and the .NET Framework for
building great applications. This talk will explore the
Java-language support that J# provides and how this conforms to the
.NET Framework development model. We will also cover a brief
introduction to the .NET Framework and Visual Studio .NET for those
unfamiliar with those development tools.
Curriculum Request for
Proposal (RFP)
Tom Healy, Microsoft Research XEN -Unifying
Data, Tables and OO
Wolfram Schulte, Microsoft Research
Web Services
and Business Process Automation
Christof Sprenger, Microsoft Germany
Given the fact
that Web Services are being matured through GXA and industry
initiatives this talk covers concepts to demonstrate the additional
promising values of service based architectures. Other topics are
Business Processes, Orchestration and Workflow in the .NET
environment and modeling Business Protocols using BPEL.
Teaching
Introductory Programming using C# and Rotor
Judith Bishop, University of Pretoria Using the .NET
Framework in University Courses
Damien Watkins, Microsoft Research Teaching software
security: cases studies on the .NET Framework
Frank Piessens, Katholieke University Kuleuven
As more and more
software applications are directly or indirectly accessible from the
Internet, the importance of the security of these applications grows
steadily. Hence, it is important that university curricula for
computer scientists and software engineers include courses on secure
software development. Such courses should make students familiar
with the programming language technology, runtime support and
available API's for security, and they should also teach them how to
use these technological means appropriately.
At the Katholieke
Universiteit Leuven in Belgium, teaching materials for such a
software security course have been developed over the past four
years. The course teaches software security at a conceptual level,
independent of specific implementations, but subsequently
illustrates these concepts by discussing their implementations in
the .NET Framework, the Java platform, the Windows operating system
or other important system software and middleware.
In this talk, an
overview of the contents of the software security course is given,
and a number of example project assignments and case studies on the
.NET Framework are presented.
Teaching Software Maintenance using .NET and Rotor
Len Bottaci, University of Hull
The talk describes
the content and teaching of an MSc course on software maintenance.
The course covers the management and practice of maintaining large
scale software (where no one person has a detailed overall
knowledge), in the context of commercial constraints. Strategies
and techniques for understanding and navigating code are taught as
is planning and cost estimation. An extensive team-based practical
exercise is used to give the students experience. The maintenance
task is to modify the jscript compiler in the rotor source code.
Students maintain a logbook of activity and are taught to review
their experience critically in order to identify areas for
improvement.
Experiences
teaching .NET
Johannes Heigert, Munich University of Applied Science
Andreas Polze, University of Potsdam
| 
