A 60-years journey focused in technology evolution and information security, to help us understand some major events and their profound impact on society. Not to persuade us, but to inspire us to think and act.
The results of a 1973 security study of the Multics Computer System are presented detailing requirements for a new access control mechanism that would allow two levels of classified data to be used simultaneously on a single Multics system. The access control policy was derived from the Department of Defense Read more…
With the advent of resource-sharing computer systems that distribute the capabilities and components of the machine configuration among several users or several tasks, a new dimension has been added to the problem of safeguarding computer-resident classified information. The basic problems associated with machine processing of classified information are not new. Read more…
This paper presents the design of a kernel for certifiably secure computer systems being built on the Digital Equipment Corporation PDP-11/45. The design applies a general purpose mathematical model of secure computer systems to an off-the-shelf computer. An overview of the model is given. The paper includes a specification of Read more…
The military has a heavy responsibility for protection of information in its shared computer systems. The military must insure the security of its computer systems before they are put into operational use. That is, the security must be “certified”, since once military information is lost it is irretrievable and there Read more…
The DoD has established a Computer Security Initiative to foster the widespread availability of trusted computer systems. An essential element of the Initiative is the identification of criteria and guidelines for evaluating the internal protection mechanisms of computer systems. This report documents a proposed set of technical evaluation criteria. These Read more…
The Jobstream Separator (JSS) has been proposed to automate the costly, inefficient, and inconvenient manual process utilized to “change colors” (security levels) at AF WWMCCS sites. The JSS would provide complete isolation among WWMCCS users and data at differing levels by introducing a secure, centralized, certifiably correct, minicomputer system to Read more…
This report summarizes work to date toward the development of a provably secure operating system. Discussed here are a methodology for the design, implementation, and proof of properties of large computing systems, the design of a secure operating system using this methodology, the security properties to be proven about this Read more…
Security has become an important and challenging goal in the design of computer systems. This survey focuses on two system structuring concepts that support security; namely, small protection domains and extended-type objects. These two concepts are especially promising because they also support reliable software by encouraging and enforcing highly modular Read more…
This thesis distinguishes three methods of attacking internal protection mechanisms of computers: inadvertent disclosure, penetration, and subversion. Subversion is shown to be the most attractive to the serious attacker. Subversion is characterized by three phases of operations: the inserting of trap doors and Trojan horses, the exercising of them, and Read more…