912 lines
49 KiB
Plaintext
912 lines
49 KiB
Plaintext
BIBLIOGRAPHY OF TECHNICAL PAPERS ON COMPUTER SECURITY
|
||
|
||
Note: This bibliography was prepared in 1988. A bibliography is
|
||
currently being developed that will encompass 1989.
|
||
|
||
ACCESS CONTROL
|
||
|
||
|
||
AUTHOR: Arsenault, Alfred W.
|
||
|
||
TITLE: Developments in Guidance for Trusted
|
||
Computer Networks
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: National Computer Security Center
|
||
Ft. George G. Meade, MD
|
||
DESCRIPTION: Discusses the current status and
|
||
future plans for guidance in the area of trusted
|
||
computer networks.
|
||
|
||
|
||
|
||
AUTHOR: Branstad, Dennis K.
|
||
|
||
TITLE: Considerations for Security in the OSI
|
||
Architecture
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
National Institute of Standards
|
||
and Technology
|
||
Gaithersburg, MD 20899
|
||
DESCRIPTION: Discusses several goals of security
|
||
in the OIS architecture as well as where and how
|
||
the security services that satisfy them could be
|
||
implemented.
|
||
|
||
|
||
AUTHOR: Branstad, Dennis K.
|
||
|
||
TITLE: SP4: A Transport Encapsulation Security
|
||
Protocol
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: National Institute of Standards and
|
||
Technology
|
||
DESCRIPTION: Discusses SDNS architecture that is
|
||
designed to satisfy the security requirements of
|
||
both classified and unclassified applications.
|
||
|
||
|
||
AUTHOR: Clyde, Allan R.
|
||
|
||
TITLE: Insider Threat Identification Systems
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: A.R. Clyde Associates
|
||
10101 Grosvenor Place, #2006
|
||
Rockville, MD 20852
|
||
DESCRIPTION: Discusses basic components of a
|
||
insider threat identification system and how
|
||
internal surveillance affects such a system.
|
||
|
||
|
||
AUTHOR: Engelman, Captain Paul D.
|
||
|
||
TITLE: The Application of "Orange Book" Standards
|
||
to Secure Telephone Switching Systems
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Scott Air Force Base
|
||
IL 62225
|
||
DESCRIPTION: Discusses reference monitor concept
|
||
and provides the motivation for applying "Orange
|
||
Book" standards to telephone systems.
|
||
|
||
|
||
AUTHOR: Fellow, Jon, Hemenway, Judy, Kelem, Nancy
|
||
and Romero, Sandra
|
||
TITLE: The Architecture of a Distributed Trusted
|
||
Computing Base
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Unisys
|
||
2525 Colorado Blvd.
|
||
Santa Monica, CA 90405
|
||
DESCRIPTION: Explores the difference between
|
||
monolithic and distributed trusted computing bases,
|
||
using as an example an actual system.
|
||
|
||
|
||
AUTHOR: Halpern, Daniel J. & Owre, Sam
|
||
|
||
TITLE: Specification and Verification Tools for
|
||
Secure Distributed Systems
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Sytek, Inc.
|
||
1225 Charleston Road
|
||
Mountain View, CA 94043
|
||
DESCRIPTION: This paper examines the fields of
|
||
formal specification and verification, software
|
||
engineering support, and security.
|
||
|
||
|
||
|
||
|
||
AUTHOR: Johnson, Howard L. & Layne, Daniel J.
|
||
|
||
TITLE: A Mission - Critical Approach to Network
|
||
Security
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Computer Technology Associates, Inc.
|
||
7150 Campus Drive, Suite 100
|
||
Colorado Springs, CO 80918
|
||
DESCRIPTION: This paper presents an approach to
|
||
network security that treats sensitivity issues
|
||
independent of criticality issues to gain
|
||
architectural and economic advantage.
|
||
|
||
|
||
|
||
AUTHOR: Linn, John
|
||
|
||
TITLE: SDNS Products in the Type II Environment
|
||
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: BBN Communications Corporation
|
||
Cambridge, MA
|
||
DESCRIPTION: This paper examines the ramifications
|
||
of communications security for the type II
|
||
environment and considers the role that SDNS can
|
||
play in satisfying that environments needs.
|
||
|
||
|
||
|
||
AUTHOR: Loscocco, Peter
|
||
|
||
TITLE: A Security Policy and Model for a MLS LAN
|
||
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Office of Research and Development
|
||
National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper explains in detail the
|
||
MLS LAN implemented into the Department of
|
||
Defense Security Policy.
|
||
|
||
|
||
|
||
AUTHOR: Mizuno, Massaaki & Oldehoef, Arthur E.
|
||
|
||
TITLE: Information Flow Control in a Distributed
|
||
Object - Oriented System with Statically
|
||
Bound Object Variables
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Department of Computer Science
|
||
Iowa State University
|
||
Ames, Iowa 50011
|
||
DESCRIPTION: This paper presents a combined
|
||
approach of compile-time and run-time information
|
||
flow certification.
|
||
|
||
|
||
AUTHOR: Nelson, Ruth
|
||
|
||
TITLE: SDNS Services and Architecture
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Electronic Defense Communications
|
||
Directorate
|
||
GTE Government Systems Corporation
|
||
77 A Street, Needham, MA 02194
|
||
DESCRIPTION: This paper focuses on the protocols
|
||
and system architecture of the secure data network
|
||
system.
|
||
|
||
|
||
AUTHOR: Parker, T.A.
|
||
|
||
TITLE: Security in Open Systems: A Report on the
|
||
Standards Work of ECMA'S TC32/TG9
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: ICL Defence Systems UK
|
||
DESCRIPTION: This paper addresses the topic of
|
||
access authorization and offers a uniform approach
|
||
which caters for a spectrum of access control
|
||
schemes ranging from capability systems to access
|
||
control lists.
|
||
|
||
|
||
AUTHOR: Rogers, Herbert L.
|
||
|
||
TITLE: An Overview of the Caneware Program
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: National Security Agency - C6
|
||
Ft. George G. Meade, MD 20755
|
||
DESCRIPTION: The purpose of this paper is to
|
||
present an overview of the caneware program
|
||
functionality and its concern with communications
|
||
security.
|
||
|
||
|
||
AUTHOR: Schnackenberg, Dan
|
||
|
||
TITLE: Applying the Orange Book to an MLS LAN
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Boeing Aerospace Company
|
||
Mail Stop 87-06
|
||
P.O. Box 3999
|
||
Seattle, WA 98124
|
||
DESCRIPTION: This paper presents an overview of
|
||
Boeing's multilevel secure local area network and
|
||
a discussion of the issues that have arisen from
|
||
applying the DOD Trusted Computer System Evaluation
|
||
Criteria to this MLS LAN.
|
||
|
||
|
||
AUTHOR: Sheehan, Edward R.
|
||
|
||
TITLE: Access Control Within SDNS
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Analytics Incorporated
|
||
9821 Broken Land Parkway
|
||
Columbia, MD 21046
|
||
|
||
DESCRIPTION: This paper addresses the subject of
|
||
access control within the Secure Data Network
|
||
System and its fundamental elements.
|
||
|
||
|
||
|
||
AUTHOR: Tater, Gary L. & Kerut, Edmund G.
|
||
|
||
TITLE: The Secure Data Network System:
|
||
An Overview
|
||
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: None Specified
|
||
DESCRIPTION: This paper discusses the rationale
|
||
and programmatic decisions for the Secure Data
|
||
Network System project.
|
||
|
||
|
||
AUTHOR: Teng, Henry S. & Brown, Dr. David C.
|
||
|
||
TITLE: An Expert System Approach to Security
|
||
Inspection of a VAX/VMS System in a
|
||
Network Environment
|
||
CATEGORY: Access Control
|
||
ORGANIZATION: Artificial Intelligence Research
|
||
Group
|
||
Computer Science Department
|
||
Worcester Polytechnic Institute
|
||
Worcester, MA 01609
|
||
DESCRIPTION: This paper addresses the development
|
||
of the XSAFE prototype expert system and its use
|
||
for computer security inspection of a VAX/VMS
|
||
system in a network environment.
|
||
|
||
|
||
AUDIT AND EVALUATION
|
||
|
||
|
||
|
||
AUTHOR: Lanenga, David
|
||
|
||
TITLE: Security Evaluations of Computer Systems
|
||
|
||
CATEGORY: Audit and Evaluation
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper describes the process of
|
||
computer security evaluations as presently
|
||
performed by the National Computer Security Center.
|
||
|
||
|
||
CERTIFICATION
|
||
|
||
|
||
|
||
AUTHOR: Ferris, Martin & Cerulli, Andrea
|
||
|
||
TITLE: Certification: A Risky Business
|
||
|
||
CATEGORY: Certification
|
||
ORGANIZATION: National Security Agency
|
||
Ft. George G. Meade. MD 20755
|
||
DESCRIPTION: This paper addresses certification
|
||
in management terms, provides examples of
|
||
certification in everyday life, and examines ways
|
||
to maximize the use of national resources and
|
||
policies to achieve a certified AIS application.
|
||
|
||
CONTINGENCY PLANNING
|
||
|
||
|
||
AUTHOR: Judd, Thomas C. & Ward, Howard W. Jr.
|
||
|
||
TITLE: Return to Normalcy: Issues in Contingency
|
||
Planning
|
||
|
||
CATEGORY: Contingency Planning
|
||
ORGANIZATION: Federal Reserve System
|
||
Culpepper, Va
|
||
DESCRIPTION: This paper presents a "Cook Book"
|
||
approach as an effort to provide a kind of
|
||
checklist of things to do.
|
||
|
||
|
||
|
||
AUTHOR: Pardo, O.R.
|
||
|
||
TITLE: Computer Disaster Recovery Planning: A
|
||
Fast - Track Approach
|
||
|
||
CATEGORY: Contingency Planning
|
||
ORGANIZATION: Bechtel Eastern Power Corporation
|
||
15740 Shady Grove Road
|
||
Gaithersburg, MD 20877
|
||
(301) 258-4023
|
||
DESCRIPTION: This paper outlines a method of
|
||
implementing a contingency plan in a single,
|
||
relatively short effort.
|
||
|
||
|
||
DATA BASE MANAGEMENT
|
||
|
||
|
||
AUTHOR: Hale, Michael W.
|
||
|
||
TITLE: Status of Trusted Database Management
|
||
System Interpretations
|
||
|
||
CATEGORY: Data Base Management
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
(301) 859-4452
|
||
DESCRIPTION: This paper addresses the rationale
|
||
and security issues that are unique to database
|
||
management systems.
|
||
|
||
|
||
|
||
AUTHOR: Henning, Ronda R. and Walker, Swen A.
|
||
|
||
TITLE: Data Integrity vs. Data Security: A
|
||
Workable Compromise
|
||
|
||
CATEGORY: Data Base Management
|
||
ORGANIZATION: National Computer Security Center
|
||
Office of Research and Development
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper addresses the issue of
|
||
unauthorized modification of data and the
|
||
implementation of the current state of the art in
|
||
integrity policies.
|
||
|
||
|
||
AUTHOR: Knode, Ronald B.
|
||
|
||
TITLE: TRUDATA: The Road To a Trusted DBMS
|
||
|
||
CATEGORY: Data Base Management
|
||
ORGANIZATION: ORI/Intercom Systems Corporation
|
||
9710 Patuxent Woods Drive
|
||
Columbia, MD 21046
|
||
(301) 381-9740
|
||
DESCRIPTION: This paper describes the INTERCON
|
||
Trusted Data Base Management System, including
|
||
its development, guidelines, system architecture,
|
||
security policy, and implementation status.
|
||
|
||
|
||
AUTHOR: Rougeau, Patricia A. & Sturms, Edwards D.
|
||
|
||
TITLE: The SYBASE Secure Dataserver: A Solution
|
||
To The Multilevel Secure DBMS Problem
|
||
|
||
CATEGORY: Data Base Management
|
||
ORGANIZATION: TRW Federal Systems Group
|
||
2751 Prosperity Avenue
|
||
P.O. Box 10440
|
||
Fairfax, VA 22031
|
||
DESCRIPTION: This paper presents the Sybase Secure
|
||
Dataserver (SYSDS) approach to solving the problem
|
||
of a cost-effective, reliable multilevel secure
|
||
Database Management System (DBMS) without loosing
|
||
essential performance characteristics.
|
||
|
||
|
||
GENERAL SECURITY
|
||
|
||
|
||
AUTHOR: Taylor, Phillip H.
|
||
|
||
TITLE: The National Computer Security Center
|
||
Technical Guidelines Program
|
||
CATEGORY: General Security
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
(301) 859-4452
|
||
DESCRIPTION: The purpose of this paper is to
|
||
provide a national computer security literature
|
||
base that distributes computer security knowledge
|
||
and techniques, instills an accepted computer
|
||
security terminology, and applies research to
|
||
practical problems of computer security.
|
||
|
||
|
||
|
||
PHYSICAL SECURITY & HARDWARE
|
||
|
||
|
||
AUTHOR: Saydjari, Sami O., Beckman, Joseph M. and
|
||
Leaman, Jeffrey R.
|
||
TITLE: Locking Computers Securely
|
||
|
||
CATEGORY: Physical Security & Hardware
|
||
ORGANIZATION: Office of Research and Development
|
||
National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper describes the Logical
|
||
Coprocessing Kernal (LOCK) project and the need for
|
||
secure computing in both defense and industry.
|
||
|
||
|
||
PRIVACY
|
||
|
||
|
||
AUTHOR: Campbell, Marlene Dr.
|
||
|
||
TITLE: Security and Privacy: Issues of
|
||
Issues of Professional Ethics
|
||
|
||
CATEGORY: Privacy
|
||
ORGANIZATION: Murray State University
|
||
Murray, Kentucky 42071
|
||
|
||
DESCRIPTION: The purpose of this paper is to
|
||
provide academicians with both motivation and ideas
|
||
for bringing ethics formulation into the computer
|
||
information systems classroom.
|
||
|
||
|
||
AUTHOR: Denning, Dorothy E., Newmann, Peter G. and
|
||
Parker, Donn B.
|
||
TITLE: Social Aspects of Computer Security
|
||
|
||
CATEGORY: Privacy
|
||
ORGANIZATION: SRI International
|
||
333 Ravenswood Avenue
|
||
Menlo Park, CA 94025
|
||
DESCRIPTION: This papers objective is to examine
|
||
social aspects of computer security, particularly
|
||
with respect to some of the technologies being
|
||
developed.
|
||
|
||
RISK MANAGEMENT
|
||
|
||
|
||
AUTHOR: Moses, Robin H. and Clark, Rodney
|
||
|
||
TITLE: Risk Analysis and Management in Practice
|
||
for the UK Government The CCTA Risk
|
||
Analysis and Management Methodology: CRAMM
|
||
|
||
CATEGORY: Risk Management
|
||
ORGANIZATION: UK Central Computer and
|
||
Telecommunications Agency (CCTA)
|
||
Riverwalk House, 157-161 Millbank,
|
||
London, SW1P 9PN, England
|
||
DESCRIPTION: This paper discusses a risk analysis
|
||
and management methodology for Information
|
||
Technology (IT) Security developed by the UK
|
||
Government.
|
||
|
||
|
||
|
||
AUTHOR: Pinsky, Sylvan Dr.
|
||
|
||
TITLE: A Panel Discussion on Risk Management: A
|
||
Plan for the Future
|
||
|
||
CATEGORY: Risk Management
|
||
ORGANIZATION: Office of Research and Development
|
||
National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper addresses a panel
|
||
discussion on the major issues of risk management
|
||
and the steps necessary to resolve the commonly
|
||
known problems.
|
||
|
||
|
||
|
||
SECURITY MANAGEMENT
|
||
|
||
|
||
AUTHOR: Arsenault, Alfred W.
|
||
|
||
TITLE: Advisory Memorandum on Office Automation
|
||
Security: An Overview
|
||
|
||
CATEGORY: Security Management
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
(301) 859-4452
|
||
DESCRIPTION: This paper presents an overview of
|
||
National Telecommunications and Automated
|
||
Information Systems Security Advisory Memorandum
|
||
on Office Automation Security, which was issued
|
||
by COMPUSEC January 1987.
|
||
|
||
|
||
|
||
AUTHOR: Brown, Leonard R.
|
||
|
||
TITLE: Specification for a Canonical Configuration
|
||
Accounting Tool
|
||
|
||
CATEGORY: Security Management
|
||
ORGANIZATION: Computer Security Office, M1/055
|
||
The Aerospace Corporation
|
||
P.O. Box 92957
|
||
Los Angeles, CA 90009
|
||
DESCRIPTION: This paper describes the TCCS system
|
||
that has been designed as an aid in evaluation of
|
||
configuration accounting systems for use in
|
||
development of a secure system.
|
||
|
||
|
||
|
||
AUTHOR: Maria, Arturo PhD
|
||
|
||
TITLE: RACF Implementation at Puget Power
|
||
|
||
CATEGORY: Security Management
|
||
ORGANIZATION: Information Systems Consultant
|
||
DESCRIPTION: This document describes the approach
|
||
taken at Puget Sound Power and Light Company to
|
||
implement IBM's Resource Access Control Facility.
|
||
|
||
|
||
|
||
AUTHOR: Neugent, William
|
||
|
||
TITLE: Management Actions for Improving DoD
|
||
Computer Security
|
||
CATEGORY: Security Management
|
||
ORGANIZATION: The MITRE Corporation
|
||
HQ USAREUR, ODCSOPS
|
||
APO New York 09063
|
||
Tel. 011-49-6221-372710
|
||
DESCRIPTION: This paper focusses on the current
|
||
computer security practice in the field of the
|
||
Department of Defense computer security activities.
|
||
|
||
|
||
|
||
SOFTWARE & OPERATING SYSTEM SECURITY
|
||
|
||
|
||
AUTHOR: Addison, Katherine, Baron, Larry
|
||
Copple, Mark, Cragun, Don and
|
||
Hospers, Keith
|
||
TITLE: Computer Security at Sun Microsystems, Inc.
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Sun Microsystems, Inc.
|
||
Mountain View, CA
|
||
DESCRIPTION: This paper describes the "Secure Sun
|
||
OS) product history, status, and goals. This paper
|
||
also describes some of Sun's future directions in
|
||
the secure systems marketplace.
|
||
|
||
|
||
|
||
AUTHOR: Bunch, Steve
|
||
|
||
TITLE: The Setuid Feature in UNIX and Security
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Gould Computer Systems Divisions
|
||
1101 E. University
|
||
Urbana, Ill. 61801
|
||
(217) 384-8515
|
||
DESCRIPTION: This paper defines some important
|
||
terms with the SETUID/SETGID concepts and examines
|
||
some of the properties and uses of this mechanism.
|
||
It also examines some of the security implications
|
||
of this mechanism.
|
||
|
||
|
||
AUTHOR: Burger, Wilhelm
|
||
|
||
TITLE: Networking of Secure Xenix Systems
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: IBM Corporation Federal Systems
|
||
708 Quince Orchard Road
|
||
Gaithersburg, MD 20878
|
||
DESCRIPTION: This paper describes design and
|
||
implementation aspects of a network of Secure Xenix
|
||
systems.
|
||
|
||
|
||
|
||
AUTHOR: Castro, Lawrence
|
||
|
||
TITLE: An Overview of the DoD Computer Security
|
||
Research and Development Program
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: The purpose of this paper is to
|
||
inform of the progress of and plans for the
|
||
research, development, testing, and evaluation
|
||
efforts by the Department of Defense Computer
|
||
Security Program.
|
||
|
||
|
||
AUTHOR: Craigen, Dan
|
||
|
||
TITLE: m-EVES
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Research and Technology
|
||
I.P. Sharp Associates Limited
|
||
265 Carling Avenue, Suite 600
|
||
Ottawa, Ontario K1S 2E1 Canada
|
||
DESCRIPTION: This paper reports briefly upon the
|
||
progress of the m-EVES research and development
|
||
project. m-EVES is a prototype verification system
|
||
being developed by I.P. Sharp Associates Limited.
|
||
|
||
|
||
|
||
AUTHOR: Di Vito, Ben L. and Johnson, Larry A.
|
||
|
||
TITLE: A Gypsy Verifier's Assistant
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: TRW Defense Systems Group
|
||
One Space Park
|
||
Redondo Beach, CA 90278
|
||
DESCRIPTION: This paper describes an IR&D effort
|
||
underway at TRW to augment the gypsy verification
|
||
environment with a knowledge-based "verifier's
|
||
assistant."
|
||
|
||
|
||
AUTHOR: Eckman, Steven T.
|
||
|
||
TITLE: Ina Flo: The FDM Flow Tool
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: West Coast Research Center
|
||
System Development Group
|
||
Unisys Corporation
|
||
DESCRIPTION: This paper describes a new information
|
||
flow tool for the Ina Jo specification language.
|
||
The flow tool is being used for covert channel
|
||
analysis in ongoing A1 development projects.
|
||
|
||
|
||
AUTHOR: Guaspari, David, Harper, Douglas C. and
|
||
Ramsey, Norman
|
||
TITLE: An ADA Verification Environment
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Odyssey Research Associates
|
||
1283 Trumansburg Road
|
||
Ithaca, New York 14850
|
||
(607) 277-2020
|
||
DESCRIPTION: This paper reviews and compares two
|
||
types of verification systems, PolyAnna and Anna.
|
||
A explanation of why these are suited to Ada
|
||
verification is included.
|
||
|
||
|
||
AUTHOR: Israel, Howard
|
||
|
||
TITLE: Computer Viruses: Myth or Reality?
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper addresses computer virus
|
||
defense by using protection mechanisms. It also
|
||
discusses possible protection mechanisms that
|
||
address the Trojan Horse threat.
|
||
|
||
|
||
AUTHOR: Joseph, Mark K.
|
||
|
||
TITLE: Towards the Elimination of the Effects of
|
||
Malicious Logic: Fault Tolerance
|
||
Approaches
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Computer Science Department
|
||
University of California,
|
||
Los Angeles, CA
|
||
DESCRIPTION: This paper addresses two possible
|
||
effects of malicious logic, denial-of-service and
|
||
compromising data integrity. Presented are several
|
||
techniques that are designed to reduce the risk
|
||
posed by malicious logic.
|
||
|
||
|
||
AUTHOR: Kaufmann, Matt and Young, William D.
|
||
|
||
TITLE: Comparing Specification Paradigms for
|
||
Secure Systems: Gypsy and the Boyer-Moore
|
||
Logic
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Institute for Computing Science and
|
||
Computer Applications
|
||
The University of Texas at Austin
|
||
Austin, Texas 78712
|
||
DESCRIPTION: This paper investigates the viability
|
||
of the Boyer-Moore logic as a specification
|
||
language for secure system modelling efforts by
|
||
comparing it to gypsy on a significant example.
|
||
|
||
|
||
|
||
AUTHOR: Knowles, Frank and Bunch, Steve
|
||
|
||
TITLE: A Least Privilege Mechanism for UNIX
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Gould Computer Systems Division
|
||
1101 East University Avenue
|
||
Urbana, IL 61801
|
||
(217) 384-8500
|
||
DESCRIPTION: This paper describes a privilege
|
||
control mechanism for the UNIX operating system.
|
||
This system is designed to provide control over
|
||
access by users to services and objects.
|
||
|
||
|
||
|
||
|
||
AUTHOR: Pittelli, Paul A.
|
||
|
||
TITLE: The Bell-LaPadula Computer Security Model
|
||
Represented as a Special Case of the
|
||
Harrison-Ruzzo-Ullman Model
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Department of Defense
|
||
DESCRIPTION: This paper describes a Bell-LaPadula
|
||
Model and an HRU model. It covers the access
|
||
control security that each has to offer.
|
||
|
||
|
||
|
||
|
||
AUTHOR: Rowe, Kenneth E. and
|
||
Ferguson, Clarence O.
|
||
TITLE: Ada Technology/COMPUSEC Insertion
|
||
Status Report
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: National Computer Security Center
|
||
Office of Research and Development
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This report defines the problem of
|
||
developing same suite in Ada as a multilevel secure
|
||
(MLS) suite.
|
||
|
||
|
||
|
||
AUTHOR: Sibert, Olin W., Traxler, Holly M.
|
||
Downs, Deborah D. Dr. and Glass, Jeffrey
|
||
TITLE: UNIX and B2: Are They Compatible?
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper presents the results of a
|
||
study done on a prototype secure system assessing
|
||
the compatibility with the B2 assurance
|
||
requirements defined in the Trusted Computer System
|
||
Evaluation Criteria.
|
||
|
||
|
||
|
||
|
||
AUTHOR: Stoll, Cliff
|
||
|
||
TITLE: What Do You Feed a Trojan Horse?
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Lawrence Berkeley Laboratory
|
||
Berkeley, CA 94720
|
||
DESCRIPTION: This paper addresses what to do when
|
||
you choose to track the penetration of a Trojan
|
||
Horse.
|
||
|
||
|
||
AUTHOR: Taylor, Tad and Hartman, Bret
|
||
|
||
TITLE: Formal Models, Bell and LaPadula, and
|
||
Gypsy
|
||
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Research Triangle Institute
|
||
P.O. Box 12194
|
||
RTP, NC 27709
|
||
DESCRIPTION: This paper is an approach for
|
||
developing formal security models. It is
|
||
accompanied by a technique for expressing and
|
||
proving models in gypsy.
|
||
|
||
|
||
AUTHOR: Woodcock, Mark E.
|
||
|
||
TITLE: The Use of Ada in Secure and Reliable
|
||
Software
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: National Computer Security Center
|
||
Office of Research and Development
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This paper describes the history of
|
||
Ada language and the current efforts to expand
|
||
to make it a secure reliable language.
|
||
|
||
|
||
AUTHOR: Young, Catherine L.
|
||
TITLE: Taxonomy of Computer Virus Defense
|
||
Mechanisms
|
||
CATEGORY: Software & Operating System Security
|
||
ORGANIZATION: Office of Research and Development
|
||
National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
DESCRIPTION: This taxonomy aids in evaluating virus
|
||
defenses and provides a foundation for designing
|
||
new virus defenses.
|
||
|
||
|
||
TRAINING & AWARENESS
|
||
|
||
|
||
AUTHOR: Grandy, Patricia
|
||
|
||
TITLE: Department of the Navy Automated Data
|
||
Processing Security Program Training
|
||
|
||
CATEGORY: Training & Awareness
|
||
ORGANIZATION: Navy Regional Data Automation
|
||
Center San Francisco
|
||
NAS Alameda, CA 94501-5007
|
||
(415) 869-5300
|
||
DESCRIPTION: This document explains in detail the
|
||
training that is available for computer security
|
||
through the Department of the Navy.
|
||
|
||
|
||
AUTHOR: Markey, Elizabeth
|
||
|
||
TITLE: Getting Organizations Involved in Computer
|
||
Security: The Role of Security Awareness
|
||
|
||
CATEGORY: Training & Awareness
|
||
ORGANIZATION: Office of Information Systems
|
||
Security
|
||
Bureau of Diplomatic Security
|
||
U.S. Department of State
|
||
DESCRIPTION: This paper addresses the problem of
|
||
getting organizations aware and involved in
|
||
computer security through on-going training and
|
||
awareness programs aimed at employees at all
|
||
levels.
|
||
|
||
|
||
AUTHOR: Sohmer, Eliot
|
||
|
||
TITLE: The Computer Security Training Base of 1985
|
||
|
||
CATEGORY: Training & Awareness
|
||
ORGANIZATION: National Computer Security Center
|
||
9800 Savage Road
|
||
Ft. George G. Meade, MD 20755-6000
|
||
(301) 859-4452
|
||
DESCRIPTION: This paper outlines the recommended
|
||
training categories for personnel by the National
|
||
Computer Security Center in October of 1985.
|
||
|
||
|