The DGSA: Unmet information security challenges for operating system designers

Operating Systems Review (ACM)

Volumn 32, Issue 1, 1998, Pages 3-20

  Feustel, Edward A ^a   Mayfield, Terry ^a  

^a INSTITUTE FOR DEFENSE ANALYSES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0002713585     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/280559.280562     Document Type: Article

References (26)

1. D.E. Bell and L.J. La Padula. 1975. Secure Computer Systems: Unified Exposition and Multics Interpretation. Air Force Electronic Systems Division, Hanscom AFB, MA. ESD-TR-75-306. (Also available through National Technical Information Service, Springfield, VA as NTIS AD-A023588).
2. William J. Bolosky, Richard P. Draves, Robert P. Fitzgerald, Christopher W. Fraser, Michael B. Jones, Todd B. Knoblock, and Rick Rashid. 1997. Operating System Directions for the Next Millennium. http://www.research.microsoft.com/research/os/Millennium/mgoals.html. January 1997.
3. David D. Clark and David R. Wilson. 1987. A comparison of commercial and military computer security policies. In Proceedings IEEE Symposium on Security and Privacy, pages 184-194, Oakland, CA, April 1987.
4. DARPA/ISO. 1997. Security Architecture for the AITS Reference Architecture: Draft - Revision 0.62 http://www.hokie.bs1.prc.com/straw/rev062.htm. June 25, 1997.
5. DARPA/ITO. 1997. Research Challenges in Operating System Security. http://www.ito.arpa.mil/Proceedings/OS_Security/challenges/challenges_long.html. July 2, 1997.
6. Spencer E. Minear. 1995. Providing Policy Control Over Object Operations in a Mach Based System. In Proceedings of the Fifth USENIX UNIX Security Symposium, pages 141-156, June 1995.
7. National Security Agency. 1993. Department of Defense (DoD) Information Systems Security Policy, DISSP-SP. 1. February 1993.
8. Defense Information Systems Agency, Center for Standards. 1996. Department of Defense Technical Architecture Framework for Information Management (TAFIM), Version 3.0, April 1996.
9. Defense Information Systems Agency, Center for Standards. Department of Defense (DoD) Goal Security Architecture (DGSA), Version 3.0, April 1996.
10. Volume 6 of TAFIM - The DGSA is available through http://www-library.itsi.disa.mil:8018/tafim/as Volume 6 of Version 3.0 and may be downloaded in a variety of forms. The DGSA is available from the NIST Security BBS in WordPerfect and Post-Script formats. The NIST BBS is accessible by anonymous FTP Internet service at csrc.nist.gov (129.6.54.11) and by dial-up modem (9600 baud) at 301-948-5140. For FTP, the files are located in the /bbs/secpubs directory. For download the files are located in #13 directory. Refer to V6README.TXT for a list of the individual files.
11. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 1: Overview. ISO/IEC 10181-1: 1996.
12. International Organization for Standardization (ISO). 1996, Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 2: Authentication.ISO/IEC 10181-2: 1996.
13. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 3: Access Control. ISO/IEC 10181-3: 1996.
14. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 4: Non-Repudiation. ISO/IEC DIS 10181-4.
15. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 5: Confidentiality Framework. ISO/IEC 10181-5: 1996.
16. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 6: Integrity Framework. ISO/IEC 10181-6: 1996.
17. International Organization for Standardization (ISO). 1996. Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems - Part 7: Security Audit and Alarms Framework. ISO/IEC 10181-7: 1996.
18. Henry Rothkopf et. al. 1996. Common Imagery Interoperability Facilities Security Services Analysis. http://www-ismc.itsi.disa.mil/ciiwg/ciif/ciifref.html. September 30, 1996.
19. Jerome H. Saltzer and Michael D. Schroeder. 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE Volume 63, September 1975. IEEE, Piscataway, N.J. pp 1278-1308.
20. David L. Tennenhouse, Jonathan M. Smith, W. David Sincoskie, David J. Wetherall, and Gary J. Minden. 1997. A Survey of Active Network Research. IEEE Communications Magazine, Volume 35, Number 1. pages 80-86. January 1997.
21. William A. Wulf, Chenxi Wang, and Darrell Kienzle, 1996. A New Security Model for Distributed Systems, Proceeding of the New Security Paradigms Workshop, Lake Arrowhead, California. 1996.
22. Morrie Gasser. 1988. Building a Secure Computer System. Van Nostrand Rheinhold Company, New York, ISBN 0-442-23022-2, 1988.
23. _. 1991. Integrity in Automated Information Systems. National Computer Security Center, Fort George G. Meade, MD. September 1991.
24. International Organization for Standardization (ISO). 1989. Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. ISO/IEC 7498-2: 1989.
25. International Organization for Standardization (ISO). 1989. Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 4: Management Framework. ISO/IEC 7498-4: 1989.
26. International Organization for Standardization (ISO). 1997. Information Technology - Vocabulary - Part 8: Security (Revision of ISO 2382-8:1986). ISO/IEC DIS 2382-8.