Fred B. Schneider
Ph.D. State University of New York at Stony Brook, 1978
My research focuses on techniques to support construction of
concurrent and distributed systems for high-integrity,
The TACOMA project-a collaboration involving Cornell and the
University of Tromsų (Norway)-is studying the use of mobile processes,
or agents, for structuring distributed systems. Agents are a promising
new paradigm for implementing services in large, open, distributed
systems, like the Internet. Work at Cornell on TACOMA has emphasized
fault-tolerance. Joint with Y. Minsky, S. Stoller, and R. van Renesse,
a number of solutions to the "agent-integrity problem" have been
developed over the past year. Agents comprising an application must
not only survive (possibly malicious) failures of the hosts they
visit, but they must also be resilient to potentially hostile actions
by other hosts. Replication and voting enable an application to
survive some failures of the hosts it visits. However, even hosts that
are not visited by agents can masquerade and confound a
replica-management scheme. We want correctness of a computation to be
independent of hosts that would not be visited in a failure-free run,
and we have developed protocols that use cryptographic techniques in
novel ways for this purpose.
I have also been heavily involved in developing approaches for
assertional reasoning about systems, since this is one way to gain
confidence that a component satisfies its specification. I succeeded
in identifying ways that assertional reasoning can drive the design of
a distributed program. David Gries and I continue investigating
first-order equational logics and the calculational-style of proof.
This year, we studied the handling of undefined terms (i.e. partial
functions) and developed an axiomatization for Dijkstra's "everywhere"
- Professor-at-Large, University of Tromsų, Tromsų, Norway
- Member: College of Engineering Affirmative Action Committee;
Computer Science Faculty Recruiting Committee; Computer Science
Computing Facilities Committee
- Editor-in-chief: Distributed Computing
- Editor: Information Processing Letters; IEEE Transactions on
Software Engineering; High Integrity Systems; Annals
of Software Engineering; ACM Computing Surveys
- Co-Editor: Texts and Monographs in Computer Science,
- Program Committee Member: 4th International School and Symposium
Formal Techniques in Real Time and Fault Tolerant Systems; Fifth IFIP
Working Conference on Dependable Computing for Critical Applications;
Sixteenth IEEE International Real-Time Systems Symposium; DIMACS
Workshop on Verification and Control of Hybrid Systems; ACM SIGSOFT
'96 Fourth Symposium on the Foundations of Software Engineering
- Steering Committee: Center for High Integrity Software Systems
Assurance (CHISSA); National Institute of Standards and Technology;
Information Systems Trustworthiness; Computer Science and
Telecommunications Board; National Research Council; National Academy
- Member: ARPA ISAT Defensive Information Warfare Study Group; ACM
Karl V. Karlstrom Outstanding Educator Award Committee
- Co-Organizer: Dagstuhl Seminar on Time Services; Dagstuhl Seminar
on Mobile Agents
- Organizer: IFIP Working Group 2.3 Meeting
- Member: IFIP Working Group 2.3 (Programming Methodology).
- Survivable distributed information systems. Defense Science
Board. Fort Meade, MD, May 1996.
- Ensuring agent integrity. University of Tromsų. Tromsų,
Norway, May 1996.
- Adding fault-tolerance, virtually. University of Tromsų.
Tromsų, Norway, May 1996.
- Computer science at Cornell. Kodak Research Center. Rochester,
NY, March 1996.
- Research on fault-tolerant and real-time distributed computing.
National Academy of Sciences Mathematics Board, Review of AFOSR.
Washington, DC, February 1996.
- (Mis)Adventures with AAS: My experiences. MIT/LCS Principles of
Computer Systems Seminar Series. Cambridge, MA, February 1996.
- The TACOMA project: Theory and practice of exploiting agents.
ARPA Formal Methods PI Meeting. San Diego, CA, January 1996.
- ISAT study: Defensive information warfare. ARPA Formal Methods PI
Meeting. San Diego, CA. January 1996.
- Panelist: Do hollow computers make sense? Fifteenth ACM
Symposium on Operating Systems Principles. Copper Mountain Resort, CO,
- Fault-tolerant distributed systems. 3-Day Short Course, SAIC. San
Diego, CA, December 1995. (with Keith Marzullo).
- Adding fault-tolerance virtually. Carnegie-Mellon
University. Pittsburgh, PA, November 1995.
- Adding fault-tolerance virtually. Washington
University. St. Louis, MO, October 1995.
- ISAT defensive information warfare study. ARPA Workshop on
Architecture Definition Languages and Security. Institute for Defense
Analysis, VA, October 1995.
- Defensive information warfare. ARPA ISAT Status Briefing. Woods
Hole, MA, August 1995.
- Placing agents on airplanes: Potential and problems. CSTO Joint
PI Meeting. Fort Lauderdale, FL, July 1995.
- Formal methods and the ARPA-ISAT defensive information warfare
study. CHISSA steering committee meeting. National Institute of
Standards and Technology. Gaithersburg, MD, July 1995.
- Reasoning when terms are partial. IFIP WG2.3 Meeting. Ithaca, NY,
- Hypervisor-based fault tolerance. ACM Transactions on Computer
Systems 14, 1 (Feb. 1996), 80-107 (with T. Bressoud).
- A role for formal methodists. Dependable Computing and
Fault-Tolerant Systems 9 (eds. F. Cristian, G. LeLann, T. Lunt),
Springer-Verlag, 1995, 43-45.
- Avoiding the undefined by underspecification. In Jan van Leeuwen
(ed.), Computer Science Today. LNCS 1000, Springer-Verlag, 1995,
366-373 (with D. Gries).
- Hypervisor-based fault tolerance. Proceedings of the Fifteenth
ACM Symposium on Operating Systems Principles, Operating Systems
Review 29, 5 (Copper Mountain Resort, Colorado, Dec. 1995), 1-11 (with
- Teaching math more effectively, through the design of
calculational proofs. The Mathematical Monthly (October 1995),
691-697 (with D. Gries).
- Faster possibility detection by combining two approaches.
Proceedings 9th International Workshop, WDAG '95, (Le
Mont-Saint-Michel, France, Sept. 1995). LNCS 972, Springer-Verlag,
1995, 318-332 (with Scott Stoller).
- Avoiding AAS mistakes. Proceedings of the Air Traffic Management
Workshop (eds. L. Tobais, M. Tashker, A. Boyle). NASA Conference
Publication 10151, NASA Ames Research Center, 133-149.
- Fault tolerant computer system with shadow virtual processor.
United States patent number 5,488,716, Jan. 30, 1996. Co-inventors:
E. Balkovich, B. Lampson, and D. Thiel.
1995-1996 Annual Report Home Page
Departmental Home Page
If you have questions or comments please contact:
Last modified: 2 November 1996 by Denise Moore