Computer Security in the Real World

Computer

Volumn 37, Issue 6, 2004, Pages 37-46

  Lampson, Butler W ^a  

^a MICROSOFT   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; DATA PRIVACY; DATA STRUCTURES; REAL TIME SYSTEMS;

ACCESS CONTROL DECISION; ROOTING NAME;

SECURITY OF DATA;

EID: 17544394392     PISSN: 00189162     EISSN: None     Source Type: Journal    
DOI: 10.1109/MC.2004.17     Document Type: Article

References (24)

1. B. Lampson, “Protection,” ACM Operating Systems Rev., vol. 8, no. 1, 1974, pp. 18-24.
2. J.H. Saltzer, “Protection and the Control of Information Sharing in Multics,” Comm. ACM, July 1974, pp. 388-402.
3. D.E. Denning, “A Lattice Model of Secure Information Flow,” Comm. ACM, May 1976, pp. 236-243.
4. A.C. Myers and B. Liskov, “A Decentralized Model for Information Flow Control,” Proc. 16th ACM Symp. Operating Systems Principles, ACM Press, 1997, pp. 129-142; www.acm.org/pubs/citations/proceedings/ops/268998/p129-myers.
5. D.E. Bell and L.J. LaPadula, Secure Computer Systems, tech. report M74-244, Mitre Corporation, 1974.
6. R.L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Comm. ACM, Feb. 1978, pp. 120-126.
7. M. Abadi and R.M. Needham, “Prudent Engineering Practice for Cryptographic Protocols,” IEEE Trans. Software Eng., vol. 22, no. 1, 1995, pp. 2-15.
8. ZDNet, “Stealing Credit Cards from Babies,” ZDNet News, 12 Jan. 2000; www.zdnet.com/zdnn/stories/news/0,4586,2421377,00.html.
9. ZDNet, “Major Online Credit Card Theft Exposed,” ZDNet News, 17 Mar. 2000; www.zdnet.com/zdnn/stories/news/0,4586,2469820,00.html.
10. CERT Coordination Center, “CERT Advisory CA-2000-04 Love Letter Worm,” 2000; www.cert.org/advisories/CA-2000-04.html.
11. National Research Council, Computers at Risk, National Academies Press, 1991; http://books.nap.edu/catalog/1581.html.
12. D.D. Clark and D.R. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 1987, pp. 184-194.
13. J.H. Saltzer et al., “End-to-End Arguments in System Design,” ACM Trans. Computer Systems, Nov. 1984, pp. 277-288; http://Web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf.
14. R. Anderson, “Why Cryptosystems Fail,” Comm. ACM, Nov. 1994, pp. 32-40.
15. National Research Council, Realizing the Potential of C4I, National Academies Press, 1999; http://books.nap.edu/catalog/6457.html.
16. B. Schneier, Secrets and Lies: Digital Security in a Networked World, Wiley, 2000.
17. C. Ellison et al., “SPKI Certificate Theory,” Internet RFC 2693, Oct. 1999; www.faqs.org/rfcs/rfc2693.html.
18. J. Howell and D. Kotz, “End-to-End Authorization,” Proc. 4th Usenix Symp. Operating Systems Design and Implementation, Usenix Assoc., 2000; www.usenix.org/publications/library/proceedings/osdi2000/howell.html.
19. B. Lampson et al., “Authentication in Distributed Systems: Theory and Practice,” ACM Trans. Computer Systems, vol. 10, no. 4, ACM Press, 1992, pp. 265-310; www.acm.org/pubs/citations/journals/tocs/1992-10-4/p265-lampson.
20. E. Wobber et al., “Authentication in the Taos Operating System,” ACM Trans. Computer Systems, Feb. 1994, pp. 3-32; www.acm.org/pubs/citations/journals/tocs/1994-12-1/p3-wobber.
21. Oasis Web Services Security TC; oasis-open.org/committees/wss.
22. B.C. Neuman and T. Ts'o, “Kerberos: An Authentication Service for Computer Networks,” IEEE Comm., Sept. 1994, pp. 33-38; gost.isi.edu/publications/kerberos-neuman-tso.html.
23. D. Eastlake and C. Kaufman, “Domain Name System Security Extensions,” Internet RFC 2065, Jan. 1997; www.faqs.org/rfcs/rfc2065.html.
24. P. England et al., “A Trusted Open Platform,” Computer, July 2003, pp. 55-62.