[8703] in bugtraq
NSA paper on computer security
daemon@ATHENA.MIT.EDU (Kragen)
Sun Dec 13 20:43:45 1998
Date: Fri, 11 Dec 1998 17:31:13 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Kragen <kragen@POBOX.COM>
X-To: security-audit@ferret.lmh.ox.ac.uk
To: BUGTRAQ@NETSPACE.ORG
"The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments", published by six NSA employees, was
published at the 21st National Information Systems Security Conference
in October, in Arlington, Virginia, USA. (See
<URL:http://csrc.nist.gov/nissc/1998/> and
<URL:http://csrc.nist.gov/nissc/1998/papers.html> for more on the
conference.)
The paper is available in HTML at <URL:http://www.jya.com/paperF1.htm>
and in PDF at
<URL:http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf>.
It discusses, among other things:
- why mandatory security mechanisms are useful outside the context of
classification levels, even on single-user systems;
- trusted-path mechanisms, like the PASSCRED stuff recently implemented
in Linux and NT's Ctrl-Alt-Del login feature.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
Silence may not be golden, but at least it's quiet. Don't speak unless you
can improve the silence. I have often regretted my speech, never my silence.
-- Adam Rifkin, <adam@cs.caltech.edu>
