Software Security

How Should We Make Software Secure?

University of Washington, Microsoft Research, and Carnegie Mellon University Summer Institute

June 15–18, 2003

Home
Attendees
Schedule
Challenge Problems
Contact Information

Purpose of the Challenge Problems

This page contains a list of "challenge" problems. We have seeded the list with a couple of problems of our own and we ask you to submit your own to challenge the Institute's participants.

We hope that these challenge problems will provide a springboard for discussion of the limitations of current techniques for designing and building secure software and of promising directions for further research.

Speakers are welcome to present solutions to these problems as part of your presentations.  The Five Minute Madness session would also be a good time to present your solutions.

Challenge Problems (in flux)

bulletProgramming languages: Suppose that all programs written in C/C++ were replaced by equivalent programs rewritten in a modern language ... (with apologies to Ritchie and Thompson)
bulletMetrics: What should we count and what do the numbers mean?
bulletNaming: What's in a name?
bulletProtocols: How can we formally analyze cryptographic protocols in the context of their use?
bulletCode teasers: Spot the security flaw!
bulletBrain teasers: Knights, knaves, and commoners.

 

 

 

Home | Attendees | Schedule | Challenge Problems | Contact Information

For problems or questions regarding this website contact wing@microsoft.com
Last updated: 04/03/03.