Peter G. Neumann

Orcid: 0009-0008-1197-8000

  • SRI International, Menlo Park, California, USA

According to our database1, Peter G. Neumann authored at least 218 papers between 1957 and 2024.

Collaborative distances:


ACM Fellow

ACM Fellow 1994, "For his dedicated service as founder and moderator of the ACM Forum on Risks to the Public in the Use of Computers and Related Systems. His work with RISKS Forum on-line, in the Software Engineering Notes, and in CACM has increased awareness of security".



In proceedings 
PhD thesis 


Online presence:



Randomized Testing of RISC-V CPUs Using Direct Instruction Injection.
IEEE Des. Test, February, 2024

Bugs in our pockets: the risks of client-side scanning.
J. Cybersecur., January, 2024

Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety.
Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2024

Computer-Related Risks and Remediation Challenges.
Commun. ACM, June, 2023

Risks to the Public.
ACM SIGSOFT Softw. Eng. Notes, April, 2023

Architectural Contracts for Safe Speculation.
Proceedings of the 41st IEEE International Conference on Computer Design, 2023

CompartOS: CHERI Compartmentalization for Embedded Systems.
CoRR, 2022

Toward total-system trustworthiness.
Commun. ACM, 2022

The risks of election believability (or lack thereof).
Commun. ACM, 2021

A holistic view of future risks.
Commun. ACM, 2020

Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Position Paper: Defending Direct Memory Access with CHERI Capabilities.
Proceedings of the HASP@MICRO 2020: Hardware and Architectural Support for Security and Privacy, 2020

CHERI Concentrate: Practical Compressed Capabilities.
IEEE Trans. Computers, 2019

How might we increase system trustworthiness?
Commun. ACM, 2019

Through computer architecture, darkly.
Commun. ACM, 2019

Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

CHERIvoke: Characterising Pointer Revocation using CHERI Capabilities for Temporal Memory Safety.
Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, 2019

CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment.
Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, 2019

The big picture.
Commun. ACM, 2018

Trustworthiness and truthfulness are essential.
Commun. ACM, 2017

The future of the internet of things.
Commun. ACM, 2017

CHERI JNI: Sinking the Java Security Model into the C.
Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, 2017

Automated Car Woes - Whoa There!
Ubiquity, 2016

Fast Protection-Domain Crossing in the CHERI Capability-System Architecture.
IEEE Micro, 2016

CHERI: A Hardware-Software System to Support the Principle of Least Privilege.
ERCIM News, 2016

Risks of automation: a cautionary total-system perspective of our cyberfuture.
Commun. ACM, 2016

The risks of self-auditing systems.
Commun. ACM, 2016

Keys under doormats: mandating insecurity by requiring government access to all data and communications.
J. Cybersecur., 2015

Far-sighted thinking about deleterious computer-related events.
Commun. ACM, 2015

Keys under doormats.
Commun. ACM, 2015

CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

Reminiscences on SOSP history day.
Proceedings of the SOSP History Day 2015, Monterey, California, USA, October 4, 2015, 2015

Clean Application Compartmentalization with SOAAP.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine.
Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, 2015

Blueswitch: Enabling Provably Consistent Configuration of Network Switches.
Proceedings of the Eleventh ACM/IEEE Symposium on Architectures for networking and communications systems, 2015

The IEEE Symposium on Security and Privacy, in Retrospect.
IEEE Secur. Priv., 2014

Risks and myths of cloud computing and cloud storage.
Commun. ACM, 2014

The CHERI capability model: Revisiting RISC in an age of risk.
Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture, 2014

More sight on foresight.
Commun. ACM, 2013

Towards a Theory of Application Compartmentalisation.
Proceedings of the Security Protocols XXI, 2013

Lost Treasures.
IEEE Secur. Priv., 2012

The IEEE Symposium on Security and Privacy Is Moving to San Francisco.
IEEE Secur. Priv., 2012

The foresight saga, redux.
Commun. ACM, 2012

Carrying Goals to Newcastle: A Tribute to Brian Randell.
Proceedings of the Dependable and Historic Computing, 2011

Combatting Insider Threats.
Proceedings of the Insider Threats in Cyber Security, 2010

Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Inside risks - U.S. election after-math.
Commun. ACM, 2009

Computer-Related Risk Futures.
Proceedings of the Twenty-Fifth Annual Computer Security Applications Conference, 2009

Risking Communications Security: Potential Hazards of the Protect America Act.
IEEE Secur. Priv., 2008

Reflections on computer-related risks.
Commun. ACM, 2008

Risks of neglecting infrastructure.
Commun. ACM, 2008

E-migrating risks?
Commun. ACM, 2007

Widespread network failures.
Commun. ACM, 2007

Toward a safer and more secure cyberspace.
Commun. ACM, 2007

Internal surveillance, external risks.
Commun. ACM, 2007

Reflections on systems trustworthiness.
Adv. Comput., 2007

Risks of RFID.
Commun. ACM, 2006

The foresight saga.
Commun. ACM, 2006

Risks relating to system compositions.
Commun. ACM, 2006

Trustworthy systems revisited.
Commun. ACM, 2006

The ultra challenge: software systems beyond big.
Proceedings of the Companion to the 21th Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2006

System and network trustworthiness in perspective.
Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006

Risks of Untrustworthiness.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

Disability-related risks.
Commun. ACM, 2005

Anticipating disasters.
Commun. ACM, 2005

Responsibilities of technologists.
Commun. ACM, 2005

Commun. ACM, 2004

Optimistic optimization.
Commun. ACM, 2004

When Can Formal Methods Make a Real Difference?
Proceedings of the Formal Methods and Software Engineering, 2004

Verification for Electronic Balloting Systems.
Proceedings of the Secure Electronic Voting, 2003

Information system security redux.
Commun. ACM, 2003

Risks in trusting untrustworthiness.
Commun. ACM, 2003

E-epistemology and misinformation.
Commun. ACM, 2003

Gambling on system accountability.
Commun. ACM, 2003

Security by obscurity.
Commun. ACM, 2003

Achieving Principled Assuredly Trustworthy Composable Systems and Networks.
Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), 2003

Social and Technical Implications of Nonproprietary Software.
Proceedings of BSDCon 2003, San Mateo, California, USA, September 8-12, 2003, 2003

PSOS Revisited.
Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003

ICANN in Year 3.
Proceedings of the 12th Annual Conference on Computers, Freedom and Privacy, 2002

Plenary Session #5: how to hack an election.
Proceedings of the 12th Annual Conference on Computers, Freedom and Privacy, 2002

Machanizing proof: computing, risk, and trust.
Ubiquity, 2001

Inside Risks: Risks of Panic.
Commun. ACM, 2001

Risks of National Identity Cards.
Commun. ACM, 2001

Computers: boon or bane?
Commun. ACM, 2001

What to know about risks.
Commun. ACM, 2001

System integrity revisited.
Commun. ACM, 2001

Certitude and rectitude.
Ubiquity, 2000

Risks in our information infrastructures.
Ubiquity, 2000

Internet Risks.
Commun. ACM, 2000

Missile defense.
Commun. ACM, 2000

Risks in retrospect.
Commun. ACM, 2000

Denial-of-Service Attacks.
Commun. ACM, 2000

A Tale of Two Thousands.
Commun. ACM, 2000

Robust Nonproprietary Software.
Proceedings of the 2000 IEEE Symposium on Security and Privacy, 2000

Requirements-Related Risks in Critical Systems.
Proceedings of the 4th International Conference on Requirements Engineering, 2000

IC Online Exclusive Interview: Internet Security - Beyond Cryptography.
IEEE Internet Comput., 1999

Risks of Content Filtering.
Commun. ACM, 1999

Risks of Y2K.
Commun. ACM, 1999

Risks of Insiders.
Commun. ACM, 1999

Information is a Double-Edged Sword.
Commun. ACM, 1999

Robust Open-Source Software.
Commun. ACM, 1999

Experience with EMERALD to Date.
Proceedings of the Workshop on Intrusion Detection and Network Monitoring, 1999

Risks of E-Education.
Commun. ACM, 1998

Y2K Update.
Commun. ACM, 1998

Laptops in Congress?
Commun. ACM, 1998

Internet Gambling.
Commun. ACM, 1998

Are Computers Addictive?
Commun. ACM, 1998

Protecting the Infrastructures.
Commun. ACM, 1998

The risks of key recovery, key escrow, and trusted third-party encryption.
World Wide Web J., 1997

Spam, Spam, Spam!
Commun. ACM, 1997

System Development Woes.
Commun. ACM, 1997

Integrity in Software Development.
Commun. ACM, 1997

Crypto Key Management.
Commun. ACM, 1997

Identity-Ralated Misuse.
Commun. ACM, 1997

The Big Picture.
Commun. ACM, 1997

Hopes for Fewer Risks?
Commun. ACM, 1997

Security and Privacy Issues in Computer and Communication Systems.
Proceedings of the Computer Science and Engineering Handbook, 1997

Risks to the public in computers and related systems.
ACM SIGSOFT Softw. Eng. Notes, 1996

W(h)ither Research and Education?
Commun. ACM, 1996

Using Formal Methods to Reduce Risks.
Commun. ACM, 1996

Linguistic Risks.
Commun. ACM, 1996

A Risks-related Bookshelf.
Commun. ACM, 1996

Risks of Anonymity.
Commun. ACM, 1996

Distributed Systems have Distributed Risks.
Commun. ACM, 1996

Disinformation Theory.
Commun. ACM, 1996

Risks in Digital Commerce.
Commun. ACM, 1996

Risks of Technology.
Proceedings of the Computerization and Controversy, 2nd Ed., 1996

Fatal Defect: Chasing Killer Computer Bugs.
ACM SIGSOFT Softw. Eng. Notes, 1995

Safeware: System Safety and Computers.
ACM SIGSOFT Softw. Eng. Notes, 1995

Book review: Software Creativity by Robert L. Glass.
ACM SIGSOFT Softw. Eng. Notes, 1995

Computer Vulnerabilities: Exploitation or Avoidance.
Commun. ACM, 1995

Reviewing the Risks Archives.
Commun. ACM, 1995

Risks of Easy Answers.
Commun. ACM, 1995

Reassessing the Crypto Debate.
Commun. ACM, 1995

Risks, Responsibilities, and the Future: Walking the Tightwire.
Proceedings of the 1995 ACM 23rd Annual Conference on Computer Science, CSC '95, Nashville, TN, USA, February 28, 1995

Computer-related risks.
Addison-Wesley, ISBN: 978-0-201-55805-0, 1995

Inside "Inside Risks".
Commun. ACM, 1994

Expectations of Security and Privacy.
Commun. ACM, 1994

Friendly Fire.
Commun. ACM, 1994

Risks on the Information Superhighway.
Commun. ACM, 1994

Alternative Passwords.
Commun. ACM, 1994

Risks of Passwords.
Commun. ACM, 1994

Technology, Laws, and Society.
Commun. ACM, 1994

Crypto Policy Perspectives.
Commun. ACM, 1994

Introduction to Special Issue on Software for Critical Systems.
IEEE Trans. Software Eng., 1993

Animal Crackers.
Commun. ACM, 1993

Risks of Surveillance.
Commun. ACM, 1993

Risks on the Rails.
Commun. ACM, 1993

Modeling and Simulation.
Commun. ACM, 1993

The Role of Software Engineering.
Commun. ACM, 1993

Using Names as Identifiers.
Commun. ACM, 1993

Risks of Technology.
Commun. ACM, 1993

Are Dependable Systems Feasible?
Commun. ACM, 1993

Risks Considered Global(ly).
Commun. ACM, 1993

Effects of multilevel security on real-time applications.
Proceedings of the Ninth Annual Computer Security Applications Conference, 1993

Illustrative risks to the public in the use of computer systems and related technology.
ACM SIGSOFT Softw. Eng. Notes, 1992

Avoiding Weak Links.
Commun. ACM, 1992

Where to Place Trust.
Commun. ACM, 1992

Accidental Financial Losses.
Commun. ACM, 1992

Fraud by Computer.
Commun. ACM, 1992

Leap-Year Problems.
Commun. ACM, 1992

Inside "Risks of Risks".
Commun. ACM, 1992

What's in a Name?
Commun. ACM, 1992

Aggravation by Computer: Life, Death, and Taxes.
Commun. ACM, 1992

Survivable Systems.
Commun. ACM, 1992

Developing Complex Software for Critical Systems.
Proceedings of the Information als Produktionsfaktor, 1992

Collaborative Effords.
Commun. ACM, 1991

The Human Element.
Commun. ACM, 1991

The Clock Grows at Midnight.
Commun. ACM, 1991

Certifying Professionals.
Commun. ACM, 1991

Putting on Your Best Interface.
Commun. ACM, 1991

Interpreting (Mis)information.
Commun. ACM, 1991

Expecting the Unexpected Mayday.
Commun. ACM, 1991

Computers, Ethics, and Values.
Commun. ACM, 1991

The Not-So-Accidental Holist.
Commun. ACM, 1991

Some Reflections on a Telephone Switching Problem.
Commun. ACM, 1990

Insecurity about Security?
Commun. ACM, 1990

A Few Old Coincidences.
Commun. ACM, 1990

Ghosts, Mysteries and Uncertainty.
Commun. ACM, 1990

Risks in Computerized Elections.
Commun. ACM, 1990

IDES: a progress report [Intrusion-Detection Expert System].
Proceedings of the Sixth Annual Computer Security Applications Conference, 1990

Errata - Interchanged pages in the previous issue: SEN 14-1: Page 31 and Page 46.
ACM SIGSOFT Softw. Eng. Notes, 1989

Risks to the public.
ACM SIGSOFT Softw. Eng. Notes, 1988

Risks to the public and related systems.
ACM SIGSOFT Softw. Eng. Notes, 1988

Views for Multilevel Database Security.
IEEE Trans. Software Eng., 1987

On Hierarchical Design of Computer Systems for Critical Applications.
IEEE Trans. Software Eng., 1986

Risks to the public in computer systems.
ACM SIGSOFT Softw. Eng. Notes, 1986

Views for Multilevel Database Security.
Proceedings of the 1986 IEEE Symposium on Security and Privacy, 1986

Review of "The Sachertorte algorithm and other antidotes to computer anxiety" by John Shore. Viking 1985.
ACM SIGSOFT Softw. Eng. Notes, 1985

Review of "The hacker's dictionary: a guide to the world of computer wizards" by Guy L. Steele, Donald R. Woods, Raphael A. Finkel, Mark R. Crispin, Richard M. Stallman, and Geoffrey S. Goodfellow. Harper & Row Publishers 1983.
ACM SIGSOFT Softw. Eng. Notes, 1984

A Further View of the First Quarter Century, Introduction to the April 1984 Special Section.
Commun. ACM, 1984

Computer Security Technology: Guest Editors' Introduction.
Computer, 1983

Psychosocial implications of computer software development and use: Zen and the art of computing.
ACM SIGSOFT Softw. Eng. Notes, 1982

Retrospective introduction to VERkshop II.
ACM SIGSOFT Softw. Eng. Notes, 1981

Recent SRI work in verification.
ACM SIGSOFT Softw. Eng. Notes, 1981

The foundations of a provably secure operating system (PSOS).
Proceedings of the 1979 International Workshop on Managing Requirements Knowledge, 1979

Computer system - Security evaluation.
Proceedings of the American Federation of Information Processing Societies: 1978 National Computer Conference, 1978

Software Development and Proofs of Multi-Level Security.
Proceedings of the 2nd International Conference on Software Engineering, 1976

Error-Correcting Codes for Byte-Organized Arithmetic Processors.
IEEE Trans. Computers, 1975

On attaining reliable software for a secure operating system.
Proceedings of the International Conference on Reliable Software 1975, 1975

Toward a Methodology for Designing Large Systems and Verifying Their Properties.
Proceedings of the GI - 4. Jahrestagung, Berlin, 9.-12. Oktober 1974, 1974

Security kernels.
Proceedings of the American Federation of Information Processing Societies: 1974 National Computer Conference, 1974

Report of evening session protection.
Proceedings of the Proceeding of ACM SIGPLAN-SIGOPS Interface Meeting on Programming Languages, 1973

The role of motherhood in the pop art of system programming.
Proceedings of the Second Symposium on Operating Systems Principles, 1969

A note on Gilbert burst-correcting codes.
IEEE Trans. Inf. Theory, 1965

A general-purpose file system for secondary storage.
Proceedings of the 1965 fall joint computer conference, part I, 1965

Error-limiting coding using information-lossless sequential machines.
IEEE Trans. Inf. Theory, 1964

On a class of cyclically permutable error-correcting codes.
IEEE Trans. Inf. Theory, 1964

On error-limiting variable-length codes (Corresp.).
IEEE Trans. Inf. Theory, 1963

A Note on Cyclic Permutation Error-Correcting Codes
Inf. Control., March, 1962

On a class of efficient error-limiting variable-length codes.
IRE Trans. Inf. Theory, 1962

Efficient error-limiting variable-length codes.
IRE Trans. Inf. Theory, 1962

Encoding and Decoding for Cyclic Permutation Codes.
IRE Trans. Electron. Comput., 1962

On the Logical Design of Noiseless Load-Sharing Matrix Switches.
IRE Trans. Electron. Comput., 1962

An experiment in musical composition.
IRE Trans. Electron. Comput., 1957