UnderGround Information
UnderGround Information
BIBLIOGRAPHY OF TECHNICAL PAPERS ON COMPUTER SECURITY
Note: This bibliography was prepared in 1988. A bibliography is
currently being developed that will encompass 1989.
ACCESS CONTROL
AUTHOR: Arsenault, Alfred W.
TITLE: Developments in Guidance for Trusted
Computer Networks
CATEGORY: Access Control
ORGANIZATION: National Computer Security Center
Ft. George G. Meade, MD
DESCRIPTION: Discusses the current status and
future plans for guidance in the area of trusted
computer networks.
AUTHOR: Branstad, Dennis K.
TITLE: Considerations for Security in the OSI
Architecture
CATEGORY: Access Control
ORGANIZATION: Institute for Computer Sciences
and Technology
National Institute of Standards
and Technology
Gaithersburg, MD 20899
DESCRIPTION: Discusses several goals of security
in the OIS architecture as well as where and how
the security services that satisfy them could be
implemented.
AUTHOR: Branstad, Dennis K.
TITLE: SP4: A Transport Encapsulation Security
Protocol
CATEGORY: Access Control
ORGANIZATION: National Institute of Standards and
Technology
DESCRIPTION: Discusses SDNS architecture that is
designed to satisfy the security requirements of
both classified and unclassified applications.
AUTHOR: Clyde, Allan R.
TITLE: Insider Threat Identification Systems
CATEGORY: Access Control
ORGANIZATION: A.R. Clyde Associates
10101 Grosvenor Place, #2006
Rockville, MD 20852
DESCRIPTION: Discusses basic components of a
insider threat identification system and how
internal surveillance affects such a system.
AUTHOR: Engelman, Captain Paul D.
TITLE: The Application of "Orange Book" Standards
to Secure Telephone Switching Systems
CATEGORY: Access Control
ORGANIZATION: Scott Air Force Base
IL 62225
DESCRIPTION: Discusses reference monitor concept
and provides the motivation for applying "Orange
Book" standards to telephone systems.
AUTHOR: Fellow, Jon, Hemenway, Judy, Kelem, Nancy
and Romero, Sandra
TITLE: The Architecture of a Distributed Trusted
Computing Base
CATEGORY: Access Control
ORGANIZATION: Unisys
2525 Colorado Blvd.
Santa Monica, CA 90405
DESCRIPTION: Explores the difference between
monolithic and distributed trusted computing bases,
using as an example an actual system.
AUTHOR: Halpern, Daniel J. & Owre, Sam
TITLE: Specification and Verification Tools for
Secure Distributed Systems
CATEGORY: Access Control
ORGANIZATION: Sytek, Inc.
1225 Charleston Road
Mountain View, CA 94043
DESCRIPTION: This paper examines the fields of
formal specification and verification, software
engineering support, and security.
AUTHOR: Johnson, Howard L. & Layne, Daniel J.
TITLE: A Mission - Critical Approach to Network
Security
CATEGORY: Access Control
ORGANIZATION: Computer Technology Associates, Inc.
7150 Campus Drive, Suite 100
Colorado Springs, CO 80918
DESCRIPTION: This paper presents an approach to
network security that treats sensitivity issues
independent of criticality issues to gain
architectural and economic advantage.
AUTHOR: Linn, John
TITLE: SDNS Products in the Type II Environment
CATEGORY: Access Control
ORGANIZATION: BBN Communications Corporation
Cambridge, MA
DESCRIPTION: This paper examines the ramifications
of communications security for the type II
environment and considers the role that SDNS can
play in satisfying that environments needs.
AUTHOR: Loscocco, Peter
TITLE: A Security Policy and Model for a MLS LAN
CATEGORY: Access Control
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper explains in detail the
MLS LAN implemented into the Department of
Defense Security Policy.
AUTHOR: Mizuno, Massaaki & Oldehoef, Arthur E.
TITLE: Information Flow Control in a Distributed
Object - Oriented System with Statically
Bound Object Variables
CATEGORY: Access Control
ORGANIZATION: Department of Computer Science
Iowa State University
Ames, Iowa 50011
DESCRIPTION: This paper presents a combined
approach of compile-time and run-time information
flow certification.
AUTHOR: Nelson, Ruth
TITLE: SDNS Services and Architecture
CATEGORY: Access Control
ORGANIZATION: Electronic Defense Communications
Directorate
GTE Government Systems Corporation
77 A Street, Needham, MA 02194
DESCRIPTION: This paper focuses on the protocols
and system architecture of the secure data network
system.
AUTHOR: Parker, T.A.
TITLE: Security in Open Systems: A Report on the
Standards Work of ECMA'S TC32/TG9
CATEGORY: Access Control
ORGANIZATION: ICL Defence Systems UK
DESCRIPTION: This paper addresses the topic of
access authorization and offers a uniform approach
which caters for a spectrum of access control
schemes ranging from capability systems to access
control lists.
AUTHOR: Rogers, Herbert L.
TITLE: An Overview of the Caneware Program
CATEGORY: Access Control
ORGANIZATION: National Security Agency - C6
Ft. George G. Meade, MD 20755
DESCRIPTION: The purpose of this paper is to
present an overview of the caneware program
functionality and its concern with communications
security.
AUTHOR: Schnackenberg, Dan
TITLE: Applying the Orange Book to an MLS LAN
CATEGORY: Access Control
ORGANIZATION: Boeing Aerospace Company
Mail Stop 87-06
P.O. Box 3999
Seattle, WA 98124
DESCRIPTION: This paper presents an overview of
Boeing's multilevel secure local area network and
a discussion of the issues that have arisen from
applying the DOD Trusted Computer System Evaluation
Criteria to this MLS LAN.
AUTHOR: Sheehan, Edward R.
TITLE: Access Control Within SDNS
CATEGORY: Access Control
ORGANIZATION: Analytics Incorporated
9821 Broken Land Parkway
Columbia, MD 21046
DESCRIPTION: This paper addresses the subject of
access control within the Secure Data Network
System and its fundamental elements.
AUTHOR: Tater, Gary L. & Kerut, Edmund G.
TITLE: The Secure Data Network System:
An Overview
CATEGORY: Access Control
ORGANIZATION: None Specified
DESCRIPTION: This paper discusses the rationale
and programmatic decisions for the Secure Data
Network System project.
AUTHOR: Teng, Henry S. & Brown, Dr. David C.
TITLE: An Expert System Approach to Security
Inspection of a VAX/VMS System in a
Network Environment
CATEGORY: Access Control
ORGANIZATION: Artificial Intelligence Research
Group
Computer Science Department
Worcester Polytechnic Institute
Worcester, MA 01609
DESCRIPTION: This paper addresses the development
of the XSAFE prototype expert system and its use
for computer security inspection of a VAX/VMS
system in a network environment.
AUDIT AND EVALUATION
AUTHOR: Lanenga, David
TITLE: Security Evaluations of Computer Systems
CATEGORY: Audit and Evaluation
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper describes the process of
computer security evaluations as presently
performed by the National Computer Security Center.
CERTIFICATION
AUTHOR: Ferris, Martin & Cerulli, Andrea
TITLE: Certification: A Risky Business
CATEGORY: Certification
ORGANIZATION: National Security Agency
Ft. George G. Meade. MD 20755
DESCRIPTION: This paper addresses certification
in management terms, provides examples of
certification in everyday life, and examines ways
to maximize the use of national resources and
policies to achieve a certified AIS application.
CONTINGENCY PLANNING
AUTHOR: Judd, Thomas C. & Ward, Howard W. Jr.
TITLE: Return to Normalcy: Issues in Contingency
Planning
CATEGORY: Contingency Planning
ORGANIZATION: Federal Reserve System
Culpepper, Va
DESCRIPTION: This paper presents a "Cook Book"
approach as an effort to provide a kind of
checklist of things to do.
AUTHOR: Pardo, O.R.
TITLE: Computer Disaster Recovery Planning: A
Fast - Track Approach
CATEGORY: Contingency Planning
ORGANIZATION: Bechtel Eastern Power Corporation
15740 Shady Grove Road
Gaithersburg, MD 20877
(301) 258-4023
DESCRIPTION: This paper outlines a method of
implementing a contingency plan in a single,
relatively short effort.
DATA BASE MANAGEMENT
AUTHOR: Hale, Michael W.
TITLE: Status of Trusted Database Management
System Interpretations
CATEGORY: Data Base Management
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: This paper addresses the rationale
and security issues that are unique to database
management systems.
AUTHOR: Henning, Ronda R. and Walker, Swen A.
TITLE: Data Integrity vs. Data Security: A
Workable Compromise
CATEGORY: Data Base Management
ORGANIZATION: National Computer Security Center
Office of Research and Development
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper addresses the issue of
unauthorized modification of data and the
implementation of the current state of the art in
integrity policies.
AUTHOR: Knode, Ronald B.
TITLE: TRUDATA: The Road To a Trusted DBMS
CATEGORY: Data Base Management
ORGANIZATION: ORI/Intercom Systems Corporation
9710 Patuxent Woods Drive
Columbia, MD 21046
(301) 381-9740
DESCRIPTION: This paper describes the INTERCON
Trusted Data Base Management System, including
its development, guidelines, system architecture,
security policy, and implementation status.
AUTHOR: Rougeau, Patricia A. & Sturms, Edwards D.
TITLE: The SYBASE Secure Dataserver: A Solution
To The Multilevel Secure DBMS Problem
CATEGORY: Data Base Management
ORGANIZATION: TRW Federal Systems Group
2751 Prosperity Avenue
P.O. Box 10440
Fairfax, VA 22031
DESCRIPTION: This paper presents the Sybase Secure
Dataserver (SYSDS) approach to solving the problem
of a cost-effective, reliable multilevel secure
Database Management System (DBMS) without loosing
essential performance characteristics.
GENERAL SECURITY
AUTHOR: Taylor, Phillip H.
TITLE: The National Computer Security Center
Technical Guidelines Program
CATEGORY: General Security
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: The purpose of this paper is to
provide a national computer security literature
base that distributes computer security knowledge
and techniques, instills an accepted computer
security terminology, and applies research to
practical problems of computer security.
PHYSICAL SECURITY & HARDWARE
AUTHOR: Saydjari, Sami O., Beckman, Joseph M. and
Leaman, Jeffrey R.
TITLE: Locking Computers Securely
CATEGORY: Physical Security & Hardware
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper describes the Logical
Coprocessing Kernal (LOCK) project and the need for
secure computing in both defense and industry.
PRIVACY
AUTHOR: Campbell, Marlene Dr.
TITLE: Security and Privacy: Issues of
Issues of Professional Ethics
CATEGORY: Privacy
ORGANIZATION: Murray State University
Murray, Kentucky 42071
DESCRIPTION: The purpose of this paper is to
provide academicians with both motivation and ideas
for bringing ethics formulation into the computer
information systems classroom.
AUTHOR: Denning, Dorothy E., Newmann, Peter G. and
Parker, Donn B.
TITLE: Social Aspects of Computer Security
CATEGORY: Privacy
ORGANIZATION: SRI International
333 Ravenswood Avenue
Menlo Park, CA 94025
DESCRIPTION: This papers objective is to examine
social aspects of computer security, particularly
with respect to some of the technologies being
developed.
RISK MANAGEMENT
AUTHOR: Moses, Robin H. and Clark, Rodney
TITLE: Risk Analysis and Management in Practice
for the UK Government The CCTA Risk
Analysis and Management Methodology: CRAMM
CATEGORY: Risk Management
ORGANIZATION: UK Central Computer and
Telecommunications Agency (CCTA)
Riverwalk House, 157-161 Millbank,
London, SW1P 9PN, England
DESCRIPTION: This paper discusses a risk analysis
and management methodology for Information
Technology (IT) Security developed by the UK
Government.
AUTHOR: Pinsky, Sylvan Dr.
TITLE: A Panel Discussion on Risk Management: A
Plan for the Future
CATEGORY: Risk Management
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper addresses a panel
discussion on the major issues of risk management
and the steps necessary to resolve the commonly
known problems.
SECURITY MANAGEMENT
AUTHOR: Arsenault, Alfred W.
TITLE: Advisory Memorandum on Office Automation
Security: An Overview
CATEGORY: Security Management
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: This paper presents an overview of
National Telecommunications and Automated
Information Systems Security Advisory Memorandum
on Office Automation Security, which was issued
by COMPUSEC January 1987.
AUTHOR: Brown, Leonard R.
TITLE: Specification for a Canonical Configuration
Accounting Tool
CATEGORY: Security Management
ORGANIZATION: Computer Security Office, M1/055
The Aerospace Corporation
P.O. Box 92957
Los Angeles, CA 90009
DESCRIPTION: This paper describes the TCCS system
that has been designed as an aid in evaluation of
configuration accounting systems for use in
development of a secure system.
AUTHOR: Maria, Arturo PhD
TITLE: RACF Implementation at Puget Power
CATEGORY: Security Management
ORGANIZATION: Information Systems Consultant
DESCRIPTION: This document describes the approach
taken at Puget Sound Power and Light Company to
implement IBM's Resource Access Control Facility.
AUTHOR: Neugent, William
TITLE: Management Actions for Improving DoD
Computer Security
CATEGORY: Security Management
ORGANIZATION: The MITRE Corporation
HQ USAREUR, ODCSOPS
APO New York 09063
Tel. 011-49-6221-372710
DESCRIPTION: This paper focusses on the current
computer security practice in the field of the
Department of Defense computer security activities.
SOFTWARE & OPERATING SYSTEM SECURITY
AUTHOR: Addison, Katherine, Baron, Larry
Copple, Mark, Cragun, Don and
Hospers, Keith
TITLE: Computer Security at Sun Microsystems, Inc.
CATEGORY: Software & Operating System Security
ORGANIZATION: Sun Microsystems, Inc.
Mountain View, CA
DESCRIPTION: This paper describes the "Secure Sun
OS) product history, status, and goals. This paper
also describes some of Sun's future directions in
the secure systems marketplace.
AUTHOR: Bunch, Steve
TITLE: The Setuid Feature in UNIX and Security
CATEGORY: Software & Operating System Security
ORGANIZATION: Gould Computer Systems Divisions
1101 E. University
Urbana, Ill. 61801
(217) 384-8515
DESCRIPTION: This paper defines some important
terms with the SETUID/SETGID concepts and examines
some of the properties and uses of this mechanism.
It also examines some of the security implications
of this mechanism.
AUTHOR: Burger, Wilhelm
TITLE: Networking of Secure Xenix Systems
CATEGORY: Software & Operating System Security
ORGANIZATION: IBM Corporation Federal Systems
708 Quince Orchard Road
Gaithersburg, MD 20878
DESCRIPTION: This paper describes design and
implementation aspects of a network of Secure Xenix
systems.
AUTHOR: Castro, Lawrence
TITLE: An Overview of the DoD Computer Security
Research and Development Program
CATEGORY: Software & Operating System Security
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: The purpose of this paper is to
inform of the progress of and plans for the
research, development, testing, and evaluation
efforts by the Department of Defense Computer
Security Program.
AUTHOR: Craigen, Dan
TITLE: m-EVES
CATEGORY: Software & Operating System Security
ORGANIZATION: Research and Technology
I.P. Sharp Associates Limited
265 Carling Avenue, Suite 600
Ottawa, Ontario K1S 2E1 Canada
DESCRIPTION: This paper reports briefly upon the
progress of the m-EVES research and development
project. m-EVES is a prototype verification system
being developed by I.P. Sharp Associates Limited.
AUTHOR: Di Vito, Ben L. and Johnson, Larry A.
TITLE: A Gypsy Verifier's Assistant
CATEGORY: Software & Operating System Security
ORGANIZATION: TRW Defense Systems Group
One Space Park
Redondo Beach, CA 90278
DESCRIPTION: This paper describes an IR&D effort
underway at TRW to augment the gypsy verification
environment with a knowledge-based "verifier's
assistant."
AUTHOR: Eckman, Steven T.
TITLE: Ina Flo: The FDM Flow Tool
CATEGORY: Software & Operating System Security
ORGANIZATION: West Coast Research Center
System Development Group
Unisys Corporation
DESCRIPTION: This paper describes a new information
flow tool for the Ina Jo specification language.
The flow tool is being used for covert channel
analysis in ongoing A1 development projects.
AUTHOR: Guaspari, David, Harper, Douglas C. and
Ramsey, Norman
TITLE: An ADA Verification Environment
CATEGORY: Software & Operating System Security
ORGANIZATION: Odyssey Research Associates
1283 Trumansburg Road
Ithaca, New York 14850
(607) 277-2020
DESCRIPTION: This paper reviews and compares two
types of verification systems, PolyAnna and Anna.
A explanation of why these are suited to Ada
verification is included.
AUTHOR: Israel, Howard
TITLE: Computer Viruses: Myth or Reality?
CATEGORY: Software & Operating System Security
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper addresses computer virus
defense by using protection mechanisms. It also
discusses possible protection mechanisms that
address the Trojan Horse threat.
AUTHOR: Joseph, Mark K.
TITLE: Towards the Elimination of the Effects of
Malicious Logic: Fault Tolerance
Approaches
CATEGORY: Software & Operating System Security
ORGANIZATION: Computer Science Department
University of California,
Los Angeles, CA
DESCRIPTION: This paper addresses two possible
effects of malicious logic, denial-of-service and
compromising data integrity. Presented are several
techniques that are designed to reduce the risk
posed by malicious logic.
AUTHOR: Kaufmann, Matt and Young, William D.
TITLE: Comparing Specification Paradigms for
Secure Systems: Gypsy and the Boyer-Moore
Logic
CATEGORY: Software & Operating System Security
ORGANIZATION: Institute for Computing Science and
Computer Applications
The University of Texas at Austin
Austin, Texas 78712
DESCRIPTION: This paper investigates the viability
of the Boyer-Moore logic as a specification
language for secure system modelling efforts by
comparing it to gypsy on a significant example.
AUTHOR: Knowles, Frank and Bunch, Steve
TITLE: A Least Privilege Mechanism for UNIX
CATEGORY: Software & Operating System Security
ORGANIZATION: Gould Computer Systems Division
1101 East University Avenue
Urbana, IL 61801
(217) 384-8500
DESCRIPTION: This paper describes a privilege
control mechanism for the UNIX operating system.
This system is designed to provide control over
access by users to services and objects.
AUTHOR: Pittelli, Paul A.
TITLE: The Bell-LaPadula Computer Security Model
Represented as a Special Case of the
Harrison-Ruzzo-Ullman Model
CATEGORY: Software & Operating System Security
ORGANIZATION: Department of Defense
DESCRIPTION: This paper describes a Bell-LaPadula
Model and an HRU model. It covers the access
control security that each has to offer.
AUTHOR: Rowe, Kenneth E. and
Ferguson, Clarence O.
TITLE: Ada Technology/COMPUSEC Insertion
Status Report
CATEGORY: Software & Operating System Security
ORGANIZATION: National Computer Security Center
Office of Research and Development
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This report defines the problem of
developing same suite in Ada as a multilevel secure
(MLS) suite.
AUTHOR: Sibert, Olin W., Traxler, Holly M.
Downs, Deborah D. Dr. and Glass, Jeffrey
TITLE: UNIX and B2: Are They Compatible?
CATEGORY: Software & Operating System Security
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper presents the results of a
study done on a prototype secure system assessing
the compatibility with the B2 assurance
requirements defined in the Trusted Computer System
Evaluation Criteria.
AUTHOR: Stoll, Cliff
TITLE: What Do You Feed a Trojan Horse?
CATEGORY: Software & Operating System Security
ORGANIZATION: Lawrence Berkeley Laboratory
Berkeley, CA 94720
DESCRIPTION: This paper addresses what to do when
you choose to track the penetration of a Trojan
Horse.
AUTHOR: Taylor, Tad and Hartman, Bret
TITLE: Formal Models, Bell and LaPadula, and
Gypsy
CATEGORY: Software & Operating System Security
ORGANIZATION: Research Triangle Institute
P.O. Box 12194
RTP, NC 27709
DESCRIPTION: This paper is an approach for
developing formal security models. It is
accompanied by a technique for expressing and
proving models in gypsy.
AUTHOR: Woodcock, Mark E.
TITLE: The Use of Ada in Secure and Reliable
Software
CATEGORY: Software & Operating System Security
ORGANIZATION: National Computer Security Center
Office of Research and Development
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper describes the history of
Ada language and the current efforts to expand
to make it a secure reliable language.
AUTHOR: Young, Catherine L.
TITLE: Taxonomy of Computer Virus Defense
Mechanisms
CATEGORY: Software & Operating System Security
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This taxonomy aids in evaluating virus
defenses and provides a foundation for designing
new virus defenses.
TRAINING & AWARENESS
AUTHOR: Grandy, Patricia
TITLE: Department of the Navy Automated Data
Processing Security Program Training
CATEGORY: Training & Awareness
ORGANIZATION: Navy Regional Data Automation
Center San Francisco
NAS Alameda, CA 94501-5007
(415) 869-5300
DESCRIPTION: This document explains in detail the
training that is available for computer security
through the Department of the Navy.
AUTHOR: Markey, Elizabeth
TITLE: Getting Organizations Involved in Computer
Security: The Role of Security Awareness
CATEGORY: Training & Awareness
ORGANIZATION: Office of Information Systems
Security
Bureau of Diplomatic Security
U.S. Department of State
DESCRIPTION: This paper addresses the problem of
getting organizations aware and involved in
computer security through on-going training and
awareness programs aimed at employees at all
levels.
AUTHOR: Sohmer, Eliot
TITLE: The Computer Security Training Base of 1985
CATEGORY: Training & Awareness
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: This paper outlines the recommended
training categories for personnel by the National
Computer Security Center in October of 1985.