UnderGround Information










UnderGround Information




           BIBLIOGRAPHY OF TECHNICAL PAPERS ON COMPUTER SECURITY 

Note:  This bibliography was prepared in 1988.  A bibliography is
currently being developed that will encompass 1989.

                         ACCESS CONTROL

                                                            
          AUTHOR:   Arsenault, Alfred W.                     
                                                            
          TITLE:  Developments in Guidance for Trusted       
                 Computer Networks                          
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  National Computer Security Center   
                        Ft. George G. Meade, MD             
         DESCRIPTION:  Discusses the current status and     
         future plans for guidance in the area of trusted   
         computer networks.                                 


                                                           
          AUTHOR:   Branstad, Dennis K.                      
                                                            
          TITLE:  Considerations for Security in the OSI     
                 Architecture                               
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:   Institute for Computer Sciences    
                         and Technology                     
                         National Institute of Standards    
                         and Technology                     
                         Gaithersburg, MD 20899             
         DESCRIPTION:  Discusses several goals of security  
         in the OIS architecture as well as where and how   
         the security services that satisfy them could be   
         implemented.                                       

                                                            
          AUTHOR:   Branstad, Dennis K.                      
                                                            
          TITLE:  SP4: A Transport Encapsulation Security    
                 Protocol                                   
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  National Institute of Standards and 
         Technology                                         
         DESCRIPTION:  Discusses SDNS architecture that is  
         designed to satisfy the security requirements of   
         both classified and unclassified applications.     

                                                        
          AUTHOR:   Clyde, Allan R.                          
                                                            
          TITLE:   Insider Threat Identification Systems     
                                                            
          CATEGORY: Access Control                           
          ORGANIZATION:  A.R. Clyde Associates               
                        10101 Grosvenor Place, #2006        
                        Rockville, MD 20852                 
         DESCRIPTION: Discusses basic components of a       
         insider threat identification system and how       
         internal surveillance affects such a system.       

                                                     
          AUTHOR:   Engelman, Captain Paul D.                
                                                            
          TITLE:  The Application of "Orange Book" Standards 
                 to Secure Telephone Switching Systems      
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  Scott Air Force Base                
                        IL 62225                            
         DESCRIPTION:  Discusses reference monitor concept  
         and provides the motivation for applying "Orange   
         Book" standards to telephone systems.              

                                                            
          AUTHOR:  Fellow, Jon, Hemenway, Judy, Kelem, Nancy 
                  and Romero, Sandra                        
          TITLE:  The Architecture of a Distributed Trusted  
                 Computing Base                             
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  Unisys                              
                        2525 Colorado Blvd.                 
                        Santa Monica, CA 90405              
         DESCRIPTION:  Explores the difference between      
         monolithic and distributed trusted computing bases,
         using as an example an actual system.              

                                                            
          AUTHOR:   Halpern, Daniel J. & Owre, Sam           
                                                            
          TITLE:  Specification and Verification Tools for    
                 Secure Distributed Systems                 
                                                            
          CATEGORY: Access Control                           
          ORGANIZATION:  Sytek, Inc.                         
                        1225 Charleston Road                
                        Mountain View, CA 94043             
         DESCRIPTION: This paper examines the fields of     
         formal  specification and verification, software   
         engineering support, and security.                 



                                                            
          AUTHOR:   Johnson, Howard L. & Layne, Daniel J.    
                                                            
          TITLE:  A Mission - Critical Approach to Network   
                 Security                                   
                                                            
          CATEGORY:   Access Control                         
          ORGANIZATION: Computer Technology Associates, Inc. 
                       7150 Campus Drive, Suite 100         
                       Colorado Springs, CO 80918           
         DESCRIPTION:  This paper presents an approach to   
         network security that treats sensitivity issues    
         independent of criticality issues to gain          
         architectural and economic advantage.              


                                                           
          AUTHOR:   Linn, John                               
                                                            
          TITLE:  SDNS Products in the Type II Environment   
                                                            
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  BBN Communications Corporation      
                        Cambridge, MA                       
         DESCRIPTION:  This paper examines the ramifications
         of communications security for the type II         
         environment and considers the role that SDNS can   
         play in satisfying that environments needs.        


                                                      
          AUTHOR:   Loscocco, Peter                          
                                                            
          TITLE:  A Security Policy and Model for a MLS LAN  
                                                            
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  Office of Research and Development  
                        National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  This paper explains in detail the    
         MLS LAN implemented into the Department of         
         Defense Security Policy.                           


                                                           
          AUTHOR:   Mizuno, Massaaki & Oldehoef, Arthur E.   
                                                            
          TITLE:  Information Flow Control in a Distributed  
                 Object - Oriented System with Statically   
                 Bound Object Variables                     
          CATEGORY: Access Control                           
          ORGANIZATION:  Department of Computer Science      
                        Iowa State University               
                        Ames, Iowa 50011                    
         DESCRIPTION:  This paper presents a combined       
         approach of compile-time and run-time information  
         flow certification.                                

                                                           
          AUTHOR:  Nelson, Ruth                              
                                                            
          TITLE:   SDNS Services and Architecture            
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  Electronic Defense Communications   
                        Directorate                         
                        GTE Government Systems Corporation  
                        77 A Street,  Needham, MA 02194     
         DESCRIPTION: This paper focuses on the protocols   
         and system architecture of the secure data network 
         system.                                            

                                                          
          AUTHOR:   Parker, T.A.                             
                                                            
          TITLE: Security in Open Systems:  A Report on the  
                Standards Work of ECMA'S TC32/TG9           
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  ICL Defence Systems UK              
         DESCRIPTION:  This paper addresses the topic of    
         access authorization and offers a uniform approach 
         which caters for a spectrum of access control      
         schemes ranging from capability systems to access  
         control lists.                                     

                                                            
          AUTHOR:   Rogers, Herbert L.                       
                                                            
          TITLE:   An Overview of the Caneware Program       
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  National Security Agency - C6       
                        Ft. George G. Meade, MD 20755       
         DESCRIPTION: The purpose of this paper is to       
         present an overview of the caneware program        
         functionality and its concern with communications  
         security.                                          

                                                            
          AUTHOR:   Schnackenberg, Dan                       
                                                            
          TITLE:  Applying the Orange Book to an MLS LAN     
                                                            
          CATEGORY: Access Control                           
          ORGANIZATION:  Boeing Aerospace Company            
                        Mail Stop 87-06                     
                        P.O. Box 3999                       
                        Seattle, WA 98124                   
         DESCRIPTION:  This paper presents an overview of   
         Boeing's multilevel secure local area network and  
         a discussion of the issues that have arisen from   
         applying the DOD Trusted Computer System Evaluation
         Criteria to this MLS LAN.                          

                                                      
          AUTHOR:   Sheehan, Edward R.                       
                                                            
          TITLE:   Access Control Within SDNS                
                                                            
          CATEGORY:  Access Control                          
          ORGANIZATION:  Analytics Incorporated              
                        9821 Broken Land Parkway            
                        Columbia, MD 21046                  
                                                            
         DESCRIPTION: This paper addresses the subject of   
         access control within the Secure Data Network      
         System and its fundamental elements.               


                                                            
          AUTHOR:   Tater, Gary L. & Kerut, Edmund G.        
                                                            
          TITLE:  The Secure Data Network System:            
                 An Overview                                
                                                            
          CATEGORY:   Access Control                         
          ORGANIZATION:  None Specified                      
         DESCRIPTION: This paper discusses the rationale    
         and programmatic decisions for the Secure Data     
         Network System project.                            

                                                            
          AUTHOR:  Teng, Henry S. & Brown, Dr. David C.      
                                                            
          TITLE:  An Expert System Approach to Security      
                 Inspection of a VAX/VMS System in a        
                 Network Environment                        
          CATEGORY:  Access Control                          
          ORGANIZATION:  Artificial Intelligence Research    
                        Group                               
                        Computer Science Department         
                        Worcester Polytechnic Institute     
                        Worcester, MA 01609                 
         DESCRIPTION: This paper addresses the development  
         of the XSAFE prototype expert system and its use   
         for computer security inspection of a VAX/VMS      
         system in a network environment.                   


                      AUDIT AND EVALUATION


                                                            
          AUTHOR:   Lanenga, David                           
                                                            
          TITLE:   Security Evaluations of Computer Systems  
                                                            
          CATEGORY:  Audit and Evaluation                    
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION: This paper describes the process of   
         computer security evaluations as presently         
         performed by the National Computer Security Center.


                          CERTIFICATION


                                                            
          AUTHOR:  Ferris, Martin & Cerulli, Andrea          
                                                            
          TITLE:   Certification:  A Risky Business          
                                                            
          CATEGORY:  Certification                           
          ORGANIZATION:  National Security Agency            
                        Ft. George G. Meade. MD 20755       
         DESCRIPTION:  This paper addresses certification   
         in management terms, provides examples of          
         certification in everyday life, and examines ways  
         to maximize the use of national resources and      
         policies to achieve a certified AIS application.   

                      CONTINGENCY PLANNING

                                                            
          AUTHOR:  Judd, Thomas C. & Ward, Howard W. Jr.     
                                                            
          TITLE:  Return to Normalcy:  Issues in Contingency 
                 Planning                                   
                                                            
          CATEGORY:  Contingency Planning                    
          ORGANIZATION:  Federal Reserve System              
                        Culpepper, Va                       
         DESCRIPTION:  This paper presents a "Cook Book"    
         approach as an effort to provide a kind of         
         checklist of things to do.                         


                                                         
          AUTHOR:   Pardo, O.R.                              
                                                            
          TITLE:  Computer Disaster Recovery Planning: A     
                 Fast - Track Approach                      
                                                            
          CATEGORY:  Contingency Planning                    
          ORGANIZATION:  Bechtel Eastern Power Corporation   
                        15740 Shady Grove Road              
                        Gaithersburg, MD 20877              
                        (301) 258-4023                      
         DESCRIPTION:  This paper outlines a method of      
         implementing a contingency plan in a single,       
         relatively short effort.                           


                      DATA BASE MANAGEMENT

                                                           
          AUTHOR:   Hale, Michael W.                         
                                                            
          TITLE:  Status of Trusted Database Management      
                 System Interpretations                     
                                                            
          CATEGORY:  Data Base Management                    
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
                        (301) 859-4452                      
         DESCRIPTION: This paper addresses the rationale    
         and security issues that are unique to database    
         management systems.                                


                                                           
          AUTHOR:  Henning, Ronda R. and Walker, Swen A.     
                                                            
          TITLE:  Data Integrity vs. Data Security: A        
                 Workable Compromise                        
                                                            
          CATEGORY:  Data Base Management                    
          ORGANIZATION:  National Computer Security Center   
                        Office of Research and Development  
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION: This paper addresses the issue of     
         unauthorized modification of data and the          
         implementation of the current state of the art in  
         integrity policies.                                

                                                            
          AUTHOR:   Knode, Ronald B.                         
                                                            
          TITLE:  TRUDATA:  The Road To a Trusted DBMS       
                                                            
          CATEGORY:  Data Base Management                    
          ORGANIZATION:  ORI/Intercom Systems Corporation    
                        9710 Patuxent Woods Drive           
                        Columbia, MD 21046                  
                        (301) 381-9740                      
         DESCRIPTION: This paper describes the INTERCON     
         Trusted Data Base Management System, including     
         its development, guidelines, system architecture,  
         security policy, and implementation status.        

                                                           
          AUTHOR: Rougeau, Patricia A. & Sturms, Edwards D.  
                                                            
          TITLE:  The SYBASE Secure Dataserver:  A Solution  
                 To The Multilevel Secure DBMS Problem      
                                                            
          CATEGORY:  Data Base Management                    
          ORGANIZATION:  TRW Federal Systems Group           
                        2751 Prosperity Avenue              
                        P.O. Box 10440                      
                        Fairfax, VA 22031                   
         DESCRIPTION:  This paper presents the Sybase Secure
         Dataserver (SYSDS) approach to solving the problem 
         of a cost-effective, reliable multilevel secure    
         Database Management System (DBMS) without loosing  
         essential performance characteristics.             


                        GENERAL SECURITY

                                                            
          AUTHOR: Taylor, Phillip H.                         
                                                            
          TITLE:  The National Computer Security Center      
                 Technical Guidelines Program               
          CATEGORY:  General Security                        
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
                        (301) 859-4452                      
         DESCRIPTION: The purpose of this paper is to       
         provide a national computer security literature    
         base that distributes computer security knowledge  
         and techniques, instills an accepted computer      
         security terminology, and applies research to      
         practical problems of computer security.           



                  PHYSICAL SECURITY & HARDWARE 

                                                           
          AUTHOR: Saydjari, Sami O., Beckman, Joseph M. and  
                 Leaman, Jeffrey R.                         
          TITLE:  Locking Computers Securely                 
                                                            
          CATEGORY:  Physical Security & Hardware            
          ORGANIZATION:  Office of Research and Development  
                        National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  This paper describes the Logical     
         Coprocessing Kernal (LOCK) project and the need for
         secure computing in both defense and industry.     


                             PRIVACY

                                                            
          AUTHOR:  Campbell, Marlene Dr.                     
                                                            
          TITLE:  Security and Privacy: Issues of            
                 Issues of Professional Ethics              
                                                            
          CATEGORY:  Privacy                                 
          ORGANIZATION:  Murray State University             
                        Murray, Kentucky 42071              
                                                            
         DESCRIPTION:  The purpose of this paper is to      
         provide academicians with both motivation and ideas
         for bringing ethics formulation into the computer  
         information systems classroom.                     

                                                            
          AUTHOR: Denning, Dorothy E., Newmann, Peter G. and 
                 Parker, Donn B.                            
          TITLE:  Social Aspects of Computer Security        
                                                            
          CATEGORY:  Privacy                                 
          ORGANIZATION:  SRI International                   
                        333 Ravenswood Avenue               
                        Menlo Park, CA 94025                
         DESCRIPTION: This papers objective is to examine   
         social aspects of computer security, particularly  
         with respect to some of the technologies being     
         developed.                                         

                         RISK MANAGEMENT

                                                           
          AUTHOR:   Moses, Robin H. and Clark, Rodney        
                                                            
          TITLE:  Risk Analysis and Management in Practice   
                 for the UK Government  The CCTA Risk       
                 Analysis and Management Methodology: CRAMM 
                                                            
          CATEGORY:  Risk Management                         
          ORGANIZATION:  UK Central Computer and             
                        Telecommunications Agency (CCTA)    
                        Riverwalk House, 157-161 Millbank,  
                        London, SW1P 9PN, England           
         DESCRIPTION:  This paper discusses a risk analysis 
         and management methodology for Information         
         Technology (IT) Security developed by the UK       
         Government.                                        


                                                           
          AUTHOR:  Pinsky, Sylvan Dr.                        
                                                            
          TITLE:  A Panel Discussion on Risk Management: A   
                 Plan for the Future                        
                                                            
          CATEGORY: Risk Management                          
          ORGANIZATION:  Office of Research and Development  
                        National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  This paper addresses a panel         
         discussion on the major issues of risk management  
         and the steps necessary to resolve the commonly    
         known problems.                                    



                       SECURITY MANAGEMENT

                                                            
          AUTHOR:  Arsenault, Alfred W.                      
                                                            
          TITLE:  Advisory Memorandum on Office Automation   
                 Security:  An Overview                     
                                                            
          CATEGORY:  Security Management                     
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
                        (301) 859-4452                      
         DESCRIPTION:  This paper presents an overview of   
         National Telecommunications and Automated          
         Information Systems Security Advisory Memorandum   
         on Office Automation Security, which was issued    
         by COMPUSEC January 1987.                          


                                                          
          AUTHOR:  Brown, Leonard R.                         
                                                            
          TITLE: Specification for a Canonical Configuration 
                Accounting Tool                             
                                                            
          CATEGORY:  Security Management                     
          ORGANIZATION:  Computer Security Office, M1/055    
                        The Aerospace Corporation           
                        P.O. Box 92957                      
                        Los Angeles, CA 90009               
         DESCRIPTION:  This paper describes the TCCS system 
         that has been designed as an aid in evaluation of  
         configuration accounting systems for use in        
         development of a secure system.                    


                                                            
          AUTHOR:   Maria, Arturo PhD                        
                                                            
          TITLE:  RACF Implementation at Puget Power         
                                                            
          CATEGORY:  Security Management                     
          ORGANIZATION:  Information Systems Consultant      
         DESCRIPTION: This document describes the approach  
         taken at Puget Sound Power and Light Company to    
         implement IBM's Resource Access Control Facility.  


                                                            
          AUTHOR:   Neugent, William                         
                                                            
          TITLE:  Management Actions for Improving DoD       
                 Computer Security                          
          CATEGORY: Security Management                      
          ORGANIZATION:  The MITRE Corporation               
                        HQ USAREUR, ODCSOPS                 
                        APO New York 09063                  
                   Tel. 011-49-6221-372710                  
         DESCRIPTION:  This paper focusses on the current   
         computer security practice in the field of the     
         Department of Defense computer security activities.



              SOFTWARE & OPERATING SYSTEM SECURITY

                                                           
          AUTHOR: Addison, Katherine, Baron, Larry           
                 Copple, Mark, Cragun, Don and              
                 Hospers, Keith                             
          TITLE:  Computer Security at Sun Microsystems, Inc.
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Sun Microsystems, Inc.              
                        Mountain View, CA                   
         DESCRIPTION:  This paper describes the "Secure Sun 
         OS) product history, status, and goals. This paper 
         also describes some of Sun's future directions in  
         the secure systems marketplace.                    


                                                     
          AUTHOR:  Bunch, Steve                              
                                                            
          TITLE:  The Setuid Feature in UNIX and Security    
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Gould Computer Systems Divisions    
                        1101 E. University                  
                        Urbana, Ill. 61801                  
                        (217) 384-8515                      
         DESCRIPTION:  This paper defines some important    
         terms with the SETUID/SETGID concepts and examines 
         some of the properties and uses of this mechanism. 
         It also examines some of the security implications 
         of this mechanism.                                 

                                                         
          AUTHOR:  Burger, Wilhelm                           
                                                            
          TITLE:  Networking of Secure Xenix Systems         
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  IBM Corporation Federal Systems     
                        708 Quince Orchard Road             
                        Gaithersburg, MD 20878              
         DESCRIPTION: This paper describes design and       
         implementation aspects of a network of Secure Xenix
         systems.                                           


                                                        
          AUTHOR:   Castro, Lawrence                         
                                                            
          TITLE:   An Overview of the DoD Computer Security  
                  Research and Development Program          
          CATEGORY: Software & Operating System Security     
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  The purpose of this paper is to      
         inform of the progress of and plans for the        
         research, development, testing, and evaluation     
         efforts by the Department of Defense Computer      
         Security Program.                                  

                                                            
          AUTHOR: Craigen, Dan                               
                                                            
          TITLE:    m-EVES                                   
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Research and Technology             
                        I.P. Sharp Associates Limited       
                        265 Carling Avenue, Suite 600       
                        Ottawa, Ontario K1S 2E1 Canada      
         DESCRIPTION:  This paper reports briefly upon the  
         progress of the m-EVES research and development    
         project.  m-EVES is a prototype verification system
         being developed by I.P. Sharp Associates Limited.  


                                                            
          AUTHOR: Di Vito, Ben L. and Johnson, Larry A.      
                                                            
          TITLE:  A Gypsy Verifier's Assistant               
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  TRW Defense Systems Group           
                        One Space Park                      
                        Redondo Beach, CA 90278             
         DESCRIPTION: This paper describes an IR&D effort   
         underway at TRW to augment the gypsy verification  
         environment with a knowledge-based "verifier's     
         assistant."                                        

                                                     
          AUTHOR:   Eckman, Steven T.                        
                                                            
          TITLE:  Ina Flo: The FDM Flow Tool                 
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  West Coast Research Center          
                        System Development Group            
                        Unisys Corporation                  
         DESCRIPTION: This paper describes a new information
         flow tool for the Ina Jo specification language.   
         The flow tool is being used for covert channel     
         analysis in ongoing A1 development projects.       

                                                        
          AUTHOR:  Guaspari, David, Harper, Douglas C. and   
                  Ramsey, Norman                            
          TITLE:  An ADA Verification Environment            
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Odyssey Research Associates         
                        1283 Trumansburg Road               
                        Ithaca, New York 14850              
                        (607) 277-2020                      
         DESCRIPTION: This paper reviews and compares two   
         types of verification systems, PolyAnna and Anna.  
         A explanation of why these are suited to Ada       
         verification is included.                          

                                                            
          AUTHOR:   Israel, Howard                           
                                                            
          TITLE:   Computer Viruses:  Myth or Reality?       
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  This paper addresses computer virus  
         defense by using protection mechanisms. It also    
         discusses possible protection mechanisms that      
         address the Trojan Horse threat.                   

                                                            
          AUTHOR:   Joseph, Mark K.                          
                                                            
          TITLE:  Towards the Elimination of the Effects of  
                 Malicious Logic:  Fault Tolerance          
                 Approaches                                 
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Computer Science Department         
                        University of California,           
                        Los Angeles, CA                     
         DESCRIPTION: This paper addresses two possible     
         effects of malicious logic, denial-of-service and  
         compromising data integrity.  Presented are several
         techniques that are designed to reduce the risk    
         posed by malicious logic.                          

                                                        
          AUTHOR:  Kaufmann, Matt and Young, William D.      
                                                            
          TITLE:  Comparing Specification Paradigms for      
                 Secure Systems: Gypsy and the Boyer-Moore  
                 Logic                                      
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Institute for Computing Science and 
                        Computer Applications               
                        The University of Texas at Austin   
                        Austin, Texas 78712                 
         DESCRIPTION:  This paper investigates the viability
         of the Boyer-Moore logic as a specification        
         language for secure system modelling efforts by    
         comparing it to gypsy on a significant example.    


                                                            
          AUTHOR:   Knowles, Frank and Bunch, Steve          
                                                            
          TITLE:   A Least Privilege Mechanism for UNIX      
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Gould Computer Systems Division     
                        1101 East University Avenue         
                        Urbana, IL 61801                    
                        (217) 384-8500                      
         DESCRIPTION:  This paper describes a privilege     
         control mechanism for the UNIX operating system.   
         This system is designed to provide control over    
         access by users to services and objects.           



                                                            
          AUTHOR:  Pittelli, Paul A.                         
                                                            
          TITLE:  The Bell-LaPadula Computer Security Model  
                 Represented as a Special Case of the       
                 Harrison-Ruzzo-Ullman Model                
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Department of Defense               
         DESCRIPTION: This paper describes a Bell-LaPadula  
         Model and an HRU model. It covers the access       
         control security that each has to offer.           



                                                            
          AUTHOR:   Rowe, Kenneth E. and                     
                   Ferguson, Clarence O.                    
          TITLE:  Ada Technology/COMPUSEC Insertion          
                 Status Report                              
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  National Computer Security Center   
                        Office of Research and Development  
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION: This report defines the problem of    
         developing same suite in Ada as a multilevel secure
         (MLS) suite.                                       


                                                      
          AUTHOR:  Sibert, Olin W., Traxler, Holly M.        
                  Downs, Deborah D. Dr. and Glass, Jeffrey  
          TITLE:  UNIX and B2: Are They Compatible?          
                                                            
          CATEGORY:   Software & Operating System Security   
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION: This paper presents the results of a  
         study done on a prototype secure system assessing  
         the compatibility with the B2 assurance            
         requirements defined in the Trusted Computer System
         Evaluation Criteria.                               



                                                            
          AUTHOR:  Stoll, Cliff                              
                                                            
          TITLE:  What Do You Feed a Trojan Horse?           
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Lawrence Berkeley Laboratory        
                        Berkeley, CA 94720                  
         DESCRIPTION:  This paper addresses what to do when 
         you choose to track the penetration of a Trojan    
         Horse.                                             

                                                            
          AUTHOR: Taylor, Tad and Hartman, Bret              
                                                            
          TITLE:  Formal Models, Bell and LaPadula, and      
                 Gypsy                                      
                                                            
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  Research Triangle Institute         
                        P.O. Box 12194                      
                        RTP, NC 27709                       
         DESCRIPTION:  This paper is an approach for        
         developing formal security models. It is           
         accompanied by a technique for expressing and       
         proving models in gypsy.                           

                                                  
          AUTHOR:   Woodcock, Mark E.                        
                                                            
          TITLE:  The Use of Ada in Secure and Reliable      
                 Software                                   
          CATEGORY:  Software & Operating System Security    
          ORGANIZATION:  National Computer Security Center   
                        Office of Research and Development  
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION:  This paper describes the history of  
         Ada language and the current efforts to expand     
         to make it a secure reliable language.             

                                                            
          AUTHOR:  Young, Catherine L.                       
          TITLE:  Taxonomy of Computer Virus Defense         
                 Mechanisms                                 
          CATEGORY: Software & Operating System Security     
          ORGANIZATION:  Office of Research and Development  
                        National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
         DESCRIPTION: This taxonomy aids in evaluating virus
         defenses and provides a foundation for designing   
         new virus defenses.                                


                      TRAINING & AWARENESS

                                                           
          AUTHOR:   Grandy, Patricia                         
                                                            
          TITLE:  Department of the Navy Automated Data      
                 Processing Security Program Training       
                                                            
          CATEGORY:  Training & Awareness                    
          ORGANIZATION:  Navy Regional Data Automation       
                        Center San Francisco                
                        NAS Alameda, CA 94501-5007          
                        (415) 869-5300                      
         DESCRIPTION:  This document explains in detail the 
         training that is available for computer security   
         through the Department of the Navy.                

                                                       
          AUTHOR:   Markey, Elizabeth                        
                                                            
          TITLE:  Getting Organizations Involved in Computer 
                 Security:  The Role of Security Awareness  
                                                            
          CATEGORY:  Training & Awareness                    
          ORGANIZATION:  Office of Information Systems        
                        Security                            
                        Bureau of Diplomatic Security       
                        U.S. Department of State            
         DESCRIPTION: This paper addresses the problem of   
         getting organizations aware and involved in        
         computer security through on-going training and    
         awareness programs aimed at employees at all       
         levels.                                            

                                                            
          AUTHOR:   Sohmer, Eliot                            
                                                            
          TITLE:  The Computer Security Training Base of 1985
                                                            
          CATEGORY:  Training & Awareness                    
          ORGANIZATION:  National Computer Security Center   
                        9800 Savage Road                    
                        Ft. George G. Meade, MD 20755-6000  
                        (301) 859-4452                      
         DESCRIPTION: This paper outlines the recommended   
         training categories for personnel by the National  
         Computer Security Center in October of 1985.