National Computer Security Conference Proceedings 1992

Held October 13-16, 1992. Emphasizes information systems security criteria (& how it affects us), and the actions associated with organizational accreditation. These areas are highlighted by emphasizing how organizations are integrating information security solutions. Includes presentations from government, industry and academia and how they are cooperating to extend the state-of-the-art technology to information systems security. 72 referred papers, trusted systems tutorial and 23 executive summaries. Very valuable! Must buy!

Presentations of a conference. Covers a wide range of topics spanning the new draft Federal Criteria for Information Security, research and development activities, techniques for building secure computer systems and networks, and ethics issues. Papers and panels address harmonization of U.S. criteria for information technology security with international criteria, future techniques for integrating commercial off-the-shelf products into secure systems, access control and other networking challenges, etc. Numerous tables and figures.

Covers: elements of computer security; roles and responsibilities; common threats; computer security policy; computer security program and risk management; security and planning in the computer system life cycle; assurance; personnel/user issues; preparing for contingencies and disasters; computer security incident handling; awareness, training, and education; physical and environmental security; identification and authentication; logical access control; audit trails; cryptography; and assessing and mitigating the risks to a hypothetical computer system.

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to satisfy these requirements, we see that the complexity of software systems often results in implementation challenges that we are still exploring to this day. However, if a system design does not aim for achieving the secure operating system requirements, then its security features fail to protect the system in a myriad of ways. We also study systems that have been retrofit with secure operating system features after an initial deployment. In all cases, the conflict between function on one hand and security on the other leads to difficult choices and the potential for unwise compromises. From this book, we hope that systems designers and implementors will learn the requirements for operating systems that effectively enforce security and will better understand how to manage the balance between function and security. Table of Contents: Introduction / Access Control Fundamentals / Multics / Security in Ordinary Operating Systems / Verifiable Security Goals / Security Kernels / Securing Commercial Operating Systems / Case Study: Solaris Trusted Extensions / Case Study: Building a Secure Operating System for Linux / Secure Capability Systems / Secure Virtual Machine Systems / System Assurance