Computers at Risk

Safe Computing in the Information Age

Publisher: National Academies Press
ISBN: 9780309043885
eISBN Pdf: 9780309574600
Place of publication: United States
Year of digital publication: 1990
Month: January
Pages: 320
Language: English

Caption

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities.

The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators.

The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

Computers at Risk
Copyright
Preface
Acknowledgments
Contents
Executive Summary
1 Overview and Recommendations
- COMPUTER SYSTEM SECURITY CONCERNS
- TRENDS-THE GROWING POTENTIAL FOR SYSTEM ABUSE
- THE NEED TO RESPOND
- TOWARD A PLANNED APPROACH
  - Achieving Understanding
    - The Nature of Security: Vulnerability, Threat, and Countermeasure
    - Special Security Concerns Associated with Computers
    - Security Must Be Holistic—Technology, Management, and Social Elements
    - Commercial and Military Needs are Different
  - Putting the Need for Secrecy into Perspective
  - Building on Existing Foundations
- SCOPE, PURPOSE, CONTENTS, AND AUDIENCE
- RECOMMENDATIONS
  - Recommendation 1 Promulgate Comprehensive Generally Accepted System Security Principles (GSSP)
  - Recommendation 2 Take Specific Short-term Actions that Build on Readily Available Capabilities
  - Recommendation 3 Gather Information and Provide Education
  - Recommendation 4 Clarify Export Control Criteria, and Set Up a Forum for Arbitration
  - Recommendation 5 Fund and Pursue Needed Research
  - Recommendation 6 Establish an Information Security Foundation
- CONCLUSION
- NOTES
2 Concepts of Information Security
- SECURITY POLICIES-RESPONDING TO REQUIREMENTS FOR CONFIDENTIALITY,INTEGRITY, AND AVAILABILITY
  - Confidentiality
  - Integrity
  - Availability
  - Examples of Security Requirements for Different Applications
- MANAGEMENT CONTROLS-CHOOSING THE MEANS TO SECURE INFORMATION AND OPERATIONS
  - Preventing Breaches of Security—Basic Principles
  - Responding to Breaches of Security
- DEVELOPING POLICIES AND APPROPRIATE CONTROLS
- RISKS AND VULNERABILITIES
- SECURING THE WHOLE SYSTEM
- APPENDIX 2.1—PRIVACY
  - Protection of Information About Individuals
  - Employee Privacy in the Workplace
- APPENDIX 2.2—INFORMAL SURVEY TO ASSESS SECURITY REQUIREMENTS
  - User Identification
  - User Verification or Authentication
  - File Access Control
  - Terminal Controls
  - Telecommunications and Networking
  - Detection Measures
  - General Comments and Summary
- NOTES
3 Technology to Achieve Secure Computer Systems
- SPECIFICATION VS. IMPLEMENTATION
- SPECIFICATION: POLICIES, MODELS, AND SERVICES
  - Policies
  - Models
    - Flow Model
    - Access Control Model
  - Services
    - Authentication
    - Authorization
    - Auditing
- IMPLEMENTATION: THE TRUSTED COMPUTING BASE
  - Computing
    - Hardware
    - Operating System
    - Applications and the Problem of Malicious Code
    - Communications
    - Secure Channels
    - Authenticating Channels
    - Security Perimeters
  - Methodology
- CONCLUSION
- NOTES
4 Programming Methodology
- SOFTWARE IS MORE THAN CODE
- SIMPLER IS BETTER
- THE ROLE OF PROGRAMMING LANGUAGES
- THE ROLE OF SPECIFICATIONS
- RELATING SPECIFICATIONS TO PROGRAMS
- FORMAL SPECIFICATION AND VERIFICATION
- HAZARD ANALYSIS
- STRUCTURING THE DEVELOPMENT PROCESS
- MANAGING SOFTWARE PROCUREMENT
- SCHEDULING SOFTWARE DEVELOPMENT
- EDUCATION AND TRAINING
- MANAGEMENT CONCERNS IN PRODUCING SECURE SOFTWARE
- WHAT MAKES SECURE SOFTWARE DIFFERENT
- RECOMMENDED APPROACHES TO SOUND DEVELOPMENT METHODOLOGY
- NOTES
5 Criteria to Evaluate Computer and Network Security
- SECURITY EVALUATION CRITERIA IN GENERAL
  - Security Characteristics
  - Assurance Evaluation
  - Trade-offs in Grouping of Criteria
  - Comparing National Criteria Sets
  - Reciprocity Among Criteria Sets
- SYSTEM CERTIFICATION VS. PRODUCT EVALUATION
- RECOMMENDATIONS FOR PRODUCT EVALUATION AND SYSTEM CERTIFICATION CRITERIA
- NOTES
6 Why the Security Market Has Not Worked Well
- THE MARKET FOR TRUSTWORTHY SYSTEMS
- A SOFT MARKET: CONCERNS OF VENDORS
- FEDERAL GOVERNMENT INFLUENCE ON THE MARKET
  - Procurement
  - Strategic Federal Investments in Research and Development
  - Export Controls as a Market Inhibitor
    - Technology Transfer: Rationale for Controlling Security Exports
    - Export Control of Cryptographic Systems and Components
    - Export Control of Trusted Systems
    - The Commercial Imperative
- CONSUMER AWARENESS
  - Insurance as a Market Lever
  - Education and Incident Tracking for Security Awareness
    - Education
    - Incident Reporting and Tracking
  - Technical Tools to Compensate for Limited Consumer Awareness
- REGULATION AS A MARKET INFLUENCE: PRODUCT QUALITY AND LIABILITY
  - Product Quality Regulations
  - Product Liability as a Market Influence
    - Software and Systems Present Special Problems
    - Toward Equitable Allocation of Liability
- APPENDIX 6.1—EXPORT CONTROL PROCESS
- APPENDIX 6.2—INSURANCE
- NOTES
7 The Need to Establish an Information Security Foundation
- ACTIONS NEEDED TO IMPROVE COMPUTER SECURITY
- ATTRIBUTES AND FUNCTIONS OF THE PROPOSED NEW INSTITUTION
- OTHER ORGANIZATIONS CANNOT FULFILL ISF'S MISSION
  - Government Organizations
  - Private Organizations
- WHY ISF'S MISSION SHOULD BE PURSUED OUTSIDE OF THE GOVERNMENT
- A NEW NOT-FOR-PROFIT ORGANIZATION
  - Critical Aspects of an ISF Charter
  - Start-up Considerations
  - Funding the ISF
- ALTERNATIVES TO THE ISF
- APPENDIX 7.1—A HISTORY OF GOVERNMENT INVOLVEMENT
  - The National Security Agency and the DOD Perspective
  - The National Institute of Standards and Technology
  - Other Government Agency Involvement
- APPENDIX 7.2—SECURITY PRACTITIONERS
- NOTES
8 Research Topics and Funding
- A PROPOSED AGENDA FOR RESEARCH TO ENHANCE COMPUTER SECURITY
- DIRECTIONS FOR FUNDING SECURITY RESEARCH
  - Funding by the Defense Advanced Research Projects Agency
  - Funding by the National Science Foundation
  - Promoting Needed Collaboration
- NOTES
Bibliography
Appendixes
- Appendix A The Orange Book
- Appendix B Selected Topics in Computer Security Technology
  - ORANGE BOOK SECURITY
    - Library Example
    - Orange Book Security Models
  - HARDWARE ENFORCEMENT OF SECURITY AND INTEGRITY
    - VIPER Microprocessor
    - Lock Project
  - CRYPTOGRAPHY
    - Fundamental Concepts of Encryption
    - Private vs. Public Crypto-Systems
    - Digital Signatures
      - Cryptographic Checksums
      - Public-Key Crypto-systems and Digital Signatures
    - Key Management
    - Algorithms
      - One-Time Pads
      - Data Encryption Standard
      - RSA
  - PROTECTION OF PROPRIETARY SOFTWARE AND DATABASES
  - USE OF PASSWORDS FOR AUTHENTICATION
  - NETWORKS AND DISTRIBUTED SYSTEMS
    - Security Perimeters
    - Viruses
      - Keeping a Virus Out
      - Preventing Damage
      - Providing and Using Vaccines
    - Application Gateways
      - What a Gateway Is
      - Gateways as Access Control Devices
      - Application Gateways as PAC Devices
      - Routers as PAC Devices
      - Conclusions About Gateways
  - NOTES
- Appendix C Emergency Response Teams
- Appendix D Models for GSSP
  - SETTING STANDARDS—PRECEDENTS
    - Building Codes
    - Underwriters Laboratories, Inc
    - Financial Accounting Standards Board
  - LESSONS RELEVANT TO ESTABLISHING GSSP
- Appendix E High-grade Threats
  - NOTES
- Appendix F Glossary
- Appendix G List of Members of the Former Commission on Physical Sciences, Mathematics, and Resources