Thirty years later: Lessons from the Multics security evaluation

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2002-January, Issue , 2002, Pages 119-126

  Karger, Paul A ^a   Schell, Roger R ^b  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b Aesec Corporation   (United States)

Author keywords

Application software; Communication standards; Communication system security; Computer security; Data security; Grid computing; Internet; Microcomputers; Operating systems; Protection

Indexed keywords

APPLICATION PROGRAMS; GRID COMPUTING; INTERNET; INTRUSION DETECTION; MALWARE; MICROCOMPUTERS; NETWORK SECURITY; SECURITY OF DATA; SECURITY SYSTEMS;

COMMUNICATION STANDARDS; COMMUNICATION SYSTEM SECURITY; DESIGN AND IMPLEMENTATIONS; INTRUSION DETECTION SCHEME; MANDATORY ACCESS CONTROL; PROTECTION; PROTECTION MECHANISMS; VULNERABILITY ASSESSMENTS;

COMPUTER OPERATING SYSTEMS;

EID: 84948969398     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2002.1176285     Document Type: Conference Paper

References (46)

1. Broward Officials Want Students to Try Hacking Mock Election, in Assoc. Press 16 August 2001: Ft. Lauderdale, FL. URL: http://www.wtsp.com/news/2001-08/16-mock-election.htm
2. Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, December 1985: Washington, DC. URL: http://csrc.nist.gov/publications/history/dod85.pdf
3. Final Evaluation Report of Multics, MR11.0, CSC-EPL-85/003 (releasable only to US Government and their contractors), 1 September 1985, National Computer Security Center: Ft. George G. Meade, MD. URL: http://www.radium.ncsc.mil/tpep/library/fers/tcsec-fers.html
4. Multilevel Computer Security Requirements of the World Wide Military Command and Control System (WWMCCS), LCD-78-106, 5 April 1978, General Accounting Office: Washington, DC. URL: http://www.gao.gov/docdblite/summary.php?&rptno=LCD-78-106
5. Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements-Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments, CSC-STD-004-85, 25 June 1985, DoD Computer Security Center: Ft. George G. Meade, MD
6. Aleph One, Smashing the Stack for Fun and Profit. Phrack, 8 November 1996. 7(49). URL: http://www.phrack.org/show.php?p=49&a=14
7. Alexander, T., Waiting for the Great Computer Rip-off. Fortune, 1974. XC(1): p. 142-150
8. Anderson, E.A., III, A Demonstration of the Subversion Threat: Facing a Critical Responsibility in the Defense of Cyberspace, M.S. in Computer Science 2002, Naval Postgraduate School: Monterrey, CA. URL: http://theses.nps.navy.mil/Thesis-02Mar-Anderson-Emory.pdf
9. Berger, J.L., J. Picciotto, et al., Compartmented Mode Workstation: Prototype Highlights. IEEE Transactions on Software Engineering, June 1990. 16(6): p. 608-618
10. Biba, K.J., S.R. Ames, et al., A Preliminary Specification of a Multics Security Kernel, WP-20119, April 1975, The MITRE Corporation: Bedford, MA
11. Blotcky, S., K. Lynch, et al. SE/VMS: Implementing Mandatory Security in VAX/VMS. in Proceedings of the 9th National Computer Security Conference. 15-18 September 1986, Gaithersburg, MD National Bureau of Standards. p. 47-54
12. Butler, R., V. Welch, et al., A National-Scale Authentication Infrastructure. Computer, December 2000. 33(12): p. 60-66
13. Carr, D.F., The Hot Hand in the ASP Game. Internet World, 15 January 2000. 6(2): p. 53. URL: http://www.internetworld.com/magazine.php?inc=011500/1.15c over-story.html
14. Cooper, C., Who says paranoia doesn't pay off? CNET News.com, 20 September 2002. URL: http://news.com.com/2010-1071-958721.html
15. Corbató, F.J., PL/I As a Tool for System Programming. Datamation, May 1969. 15(5): p. 68-76. URL: http://home.nycap.rr.com/pflass/plisprg.htm
16. Corbató, F.J. and V.A. Vyssotsky. Introduction and Overview of the Multics System. in Fall Joint Computer Conference. 1965, Washington, DC Vol. AFIPS Conference Proceedings Vol
17. Spartan Books. p. 185-196. URL: http://www.multicians.org/fjcc1.html
18. Cowan, C., P. Wagle, et al. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. in DARPA Information Survivability Conference and Expo (DISCEX). 25-27 January 2000, Hilton Head Island, SC Vol. 2. p. 119-129. URL: http://www.immunix.org/StackGuard/discex00.pdf
19. David, E.E., Jr. and R.M. Fano. Some Thoughts About the Social Implications of Accessible Computing. in Fall Joint Computer Conference. 1965, Washington, DC Vol. AFIPS Conference Proceedings Vol. 27 Spartan Books. p. 243-247. URL: http://www.multicians.org/fjcc6.html
20. Dougherty, C., Trojan Horse OpenSSH Distribution, CERT® Advisory CA-2002-24, 2 August 2002, CERT Coordination Center, Carnegie Mellon University: Pittsburgh, PA. URL: http://www.cert.org/advisories/CA-2002-24.html
21. Forsdick, H.C. and D.P. Reed, Patterns of Security Violations: Multiple References to Arguments, in Ancillary Reports: Kernel Design Project, D.D. Clark, Editor, June 1977, MIT/LCS/TM-87, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. p. 34-49
22. Foster, I., C. Kesselman, et al. A Security Architecture for Computational Grids. in Proceedings of the 5th ACM Conference on Computer and Communications Security. 2-5 November 1998, San Francisco, CA p. 83-92
23. Jaeger, T., Personal Communication, 30 July 2002, IBM Corp., T. J. Watson Research Center: Hawthorne, NY
24. Jelen, G.F., Information Security: An Elusive Goal, P-85-8, June 1985, Program on Information Resources Policy, Harvard University: Cambridge, MA. URL: http://www.pirp.harvard.edu/publications/pdf-blurb.asp?id=238
25. Karger, P.A. and R.R. Schell, Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193, Vol. II, June 1974, HQ Electronic Systems Division: Hanscom AFB, MA. URL: http://csrc.nist.gov/publications/history/karg74.pdf
26. Karger, P.A., M.E. Zurko, et al., A Retrospective on the VAX VMM Security Kernel. IEEE Transactions on Software Engineering, November 1991. 17(11): p. 1147-1165
27. Logsdon, T., Computers & Social Controversy, 1980, Computer Science Press: Potomoc, MD. p. 170-175, 185
28. Loscocco, P. and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. in Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01). 2001, Boston, MA. URL: http://www.nsa.gov/selinux/doc/freenix01.pdf
29. Saltzer, J.H., Repaired Security Bugs in Multics, in Ancillary Reports: Kernel Design Project, D.D. Clark, Editor, June 1977, MIT/LCS/TM-87, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. p. 1-4
30. Saltzer, J.H. and D. Hunt, Some Recently Repaired Security Holes of Multics, in Ancillary Reports: Kernel Design Project, D.D. Clark, Editor, June 1977, MIT/LCS/TM-87, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. p. 28-33
31. Saltzer, J.H., P. Jansen, et al., Some Multics Security Holes Which Were Closed by 6180 Hardware, in Ancillary Reports: Kernel Design Project, D.D. Clark, Editor, June 1977, MIT/LCS/TM-87, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. p. 22-27
32. Schell, R.R. Computer security: the Achilles' heel of the electronic Air Force? in Air University Review. January-February 1979, Vol. 30 p. 16-33. URL: http://www.airpower.maxwell.af.mil/airchronicles/aureview/197 9/jan-feb/schell.html
33. Schell, R.R., T.F. Tao, et al. Designing the GEMSOS Security Kernel for Security and Performance. in Proceedings of the 8th National Computer Security Conference. 30 September-3 October 1985, Gaithersburg, MD DoD Computer Security Center and National Bureau of Standards. p. 108-119
34. Schiller, W.L., P.T. Withington, et al., Top Level Specification of a Multics Security Kernel, WP-20810, 9 July 1976, The MITRE Corporation: Bedford, MA
35. Schroeder, M.D., Engineering a Security Kernel for Multics. Proceedings of the Fifth Symposium on Operating Systems Principles, Operating Systems Review, November 1975. 9(5): p. 25-32
36. Schroeder, M.D., D.D. Clark, et al., The Multics Kernel Design Project. Proceedings of the Seventh ACM Symposium on Operating Systems Principles, Operating Systems Review, November 1977. 11(5): p. 43-56
37. Schwartz, J. and B. Tedeschi, New Software Quietly Diverts Sales Commissions. The New York Times, 27 September 2002: p. C1-C4. URL: http://www.nytimes.com/2002/09/27/technology/27FREE.html
38. Smalley, S., Configuring the SELinux Policy, NAI Labs Report #02-007, June 2002, NAI Labs: Glenwood, MD. URL: http://www.nsa.gov/selinux/policy2-abs.html
39. Stern, J., Multics Security Kernel Top Level Specification, ESD-TR-76-368, November 1976, Honeywell Information Sys-tems, Inc., McLean, VA, HQ Electronic Systems Division: Hanscom AFB, MA
40. Thompson, K., On Trusting Trust. Unix Review, November 1989. 7(11): p. 70-74
41. Thompson, K., Reflections on Trusting Trust. Communications of the ACM, August 1984. 27(8): p. 761-763
42. Voydock, V.L., A Census of Ring 0, in Ancillary Reports: Kernel Design Project, D.D. Clark, Editor, June 1977, MIT/LCS/TM-87, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. p. 5-27
43. Weissman, C. BLACKER: Security for the DDN. Examples of A1 Security Engineering Trades. in 1992 IEEE Computer Society Symposium on Research in Security and Privacy. 4-6 May 1992, Oakland, CA p. 286-292
44. Whiteside, T., Trapdoors and Trojan Horses, in Computer Capers. 1978, Thomas Y. Crowell Co.: New York. p. 115-126
45. Whitmore, J., A. Bensoussan, et al., Design for Multics Security Enhancements, ESD-TR-74-176, December 1973, Honeywell Information Systems, Inc., HQ Electronic Systems Division: Hanscom AFB, MA. URL: http://csrc.nist.gov/publications/history/whit74.pdf
46. Zemmin, F., B. Henk, et al., Multics Site History: GM, T.H. Van Vleck, Editor, 20 October 1998. URL: http://www.multicians.org/site-gm.html