[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-audit
Subject:    NSA paper on computer security
From:       kragen () pobox ! com (Kragen)
Date:       1998-12-11 22:31:13
[Download RAW message or body]

"The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments", published by six NSA employees, was
published at the 21st National Information Systems Security Conference
in October, in Arlington, Virginia, USA. (See
<URL:http://csrc.nist.gov/nissc/1998/> and
<URL:http://csrc.nist.gov/nissc/1998/papers.html> for more on the
conference.)

The paper is available in HTML at <URL:http://www.jya.com/paperF1.htm>
and in PDF at
<URL:http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf>.

It discusses, among other things:
- why mandatory security mechanisms are useful outside the context of
   classification levels, even on single-user systems;
- trusted-path mechanisms, like the PASSCRED stuff recently implemented
   in Linux and NT's Ctrl-Alt-Del login feature.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
Silence may not be golden, but at least it's quiet.  Don't speak unless you
can improve the silence.  I have often regretted my speech, never my silence.
-- Adam Rifkin, <adam@cs.caltech.edu>

[prev in list] [next in list] [prev in thread] [next in thread]