What To Do First?

Some from the beltway suggest that we not put this in the lap of the government. I agree. Something that might help would bring together software knowledgeable people from institutions with a stake in solving these problems. Discussion, not presentations would be the goal. In about 1976 there was an unclassified meeting at NSA among builders of capability systems, organized by the NCSC (National Computer Security Center). I felt that it was very productive. Ideas spread among participants. Nothing visible to me came of it except I got some more ideas. I suppose others did too.

There are problems with too wide a variety of attendants and too narrow a variety. I would hope that groups from capsicum (England) and seL4 (Australia) could come; we need those ideas. Of course the series of systems leading to Coyotos could probably support all of these ideas as well as Keykos. Those systems have their own charms. The ideas I describe in these pages might apply to other system architectures but it is not clear to me how. Perhaps NOVA. Together we might be closer than I think.

I am unaware of other technologies that bear on this level of problem and solution but the Appleā€™s impressive work on the iPhone complements these ideas.

Owners of potential proprietary hardware platforms are needed, especially if it is strategic to use hardware components of such systems, like GPUs, in our product.

I would hope for some owners of security problems would attend. We need their input.

All in all the above list of attendees seems much too big to me. The ultimate goal is to give some momentum across several disciplines, to the notion that computer security problems are not hopeless. I think that some government sponsorship of such a meeting, or meetings, might be strategic.

An alternative to a meeting or perhaps a meeting outcome would be a mail list. That is the modern way. Some such lists have been productive. It is less clear to me if there is any government magic to be had there.