Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

NSA paper on computer security

From: kragen () POBOX COM (Kragen)
Date: Fri, 11 Dec 1998 17:31:13 -0500

"The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments", published by six NSA employees, was
published at the 21st National Information Systems Security Conference
in October, in Arlington, Virginia, USA. (See
<URL:http://csrc.nist.gov/nissc/1998/> and
<URL:http://csrc.nist.gov/nissc/1998/papers.html> for more on the
conference.)

The paper is available in HTML at <URL:http://www.jya.com/paperF1.htm>
and in PDF at
<URL:http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf>.

It discusses, among other things:
- why mandatory security mechanisms are useful outside the context of
   classification levels, even on single-user systems;
- trusted-path mechanisms, like the PASSCRED stuff recently implemented
   in Linux and NT's Ctrl-Alt-Del login feature.

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
Silence may not be golden, but at least it's quiet.  Don't speak unless you
can improve the silence.  I have often regretted my speech, never my silence.
-- Adam Rifkin, <adam () cs caltech edu>
Previous By Date Next
Previous By Thread Next

Current thread: