ebook img

Computer Security PDF

300 Pages·1979·12.556 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer Security

ACM MONOGRAPH SERIES Published under the auspices of the Association for Computing Machinery Inc. Editor ROBERT L. ASHENHURST The University of Chicago A. FINERMAN (Ed.) University Education in Computing Science, 1968 A. GINZBURG Algebraic Theory of Automata, 1968 E. F. CODD Cellular Automata, 1968 G. ERNST AND A. NEWELL GPS: A Case Study in Generality and Problem Solving, 1969 M. A. GAVRILOV AND A. D. ZAKREVSKII (Eds.) LYaPAS: A Programming Language for Logic and Coding Algorithms, 1969 THEODOR D. STERLING, EDGAR A. BERING, JR., SEYMOUR V. POLLACK, AND HERBERT VAUGHAN, JR. (Eds.) Visual Prosthesis: The Interdisciplinary Dialogue, 1971 JOHN R. RICE (Ed.) Mathematical Software, 1971 ELLIOTT I. ORGANICK Computer System Organization: The B5700/B6700 Series, 1973 NEIL D. JONES Computability Theory: An Introduction, 1973 ARTO SALOMAA Formal Languages, 1973 HARVEY ABRAMSON Theory and Application of a Bottom-Up Syntax- Directed Translator, 1973 GLEN G. LANGDON, JR. Logic Design: A Review of Theory and Practice, 1974 MONROE NEWBORN Computer Chess, 1975 ASHOK K. AGRAWALA AND TOMLINSON G. RAUSCHER Foundations of Mi- croprogramming: Architecture, Software, and Applications, 1975 P. J. COURTOIS Decomposability: Queueing and Computer System Appli- cations, 1977 JOHN R. METZNER AND BRUCE H. BARNES Decision Table Languages and Systems, 1977 ANITA K. JONES (Ed.) Perspectives on Computer Science: From the 10th Anniversary Symposium at the Computer Science Department, Carne- gie-Mellon University, 1978 DAVID K. HSIAO, DOUGLAS S. KERR, AND STUART E. MADNICK Computer Security, 1979 Previously published and available from The Macmillan Company, New York City V. KRYLOV Approximate Calculation of Integrals (Translated by A. H. Stroud), 1962 Computer Security DAVID Κ. HSIAO Department of Computer and Information Science Ohio State University Columbus, Ohio DOUGLAS S. KERR Department of Computer and Information Science Ohio State University Columbus, Ohio STUART E. MADNICK Sloan School of Management Massachusetts Institute of Technology Cambridge, Massachusetts ACADEMIC PRESS New York San Francisco London 1979 A Subsidiary of Harcourt Brace Jovanovich, Publishers COPYRIGHT © 1979, BY ACADEMIC PRESS, INC. ALL RIGHTS RESERVED. NO PART OF THIS PUBLICATION MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS, ELECTRONIC OR MECHANICAL, INCLUDING PHOTOCOPY, RECORDING, OR ANY INFORMATION STORAGE AND RETRIEVAL SYSTEM, WITHOUT PERMISSION IN WRITING FROM THE PUBLISHER. ACADEMIC PRESS, INC. Ill Fifth Avenue, New York, New York 10003 United Kingdom Edition published by ACADEMIC PRESS, INC. (LONDON) LTD. 24/28 Oval Road, London NW1 7DX Library of Congress Cataloging in Publication Data Hsiao, David Κ Date Computer security- Includes bibliographies. 1. Computers—Access control. 2. Electronic data processing departments—Security measures. I. Kerr, Douglas S., joint author. II. Madnick, Stuart E., joint author. III. Title. QA76.9.A25H74 658.4'7 79-14503 ISBN 0-12-357650-4 PRINTED IN THE UNITED STATES OF AMERICA 80 81 82 9 8 7 6 5 4 3 2 TO DORA, ETHEL, AND WAUNETA FOREWORD The Office of Naval Research program in computer security has had the objective, not simply of ensuring the integrity of stored data, but also of encouraging information sharing by building managerial confidence in our ability to control the sharing process. Along with other DOD and nondefense government funding agencies, ONR has a long history of investing resources in creating approaches or solutions for the multiplicity of problems germane to achieving a secure com- putational environment. While there have been some successes over the past 10 years, time has taught us the lessons both of the illusive nature of a total solution to the security problem, and of the enormous complexity of the many issues and interactions that impact on the mat- ter of computer security. It is the purpose of this ONR supported book to examine and report on the history of security research. Our deeper interest, constituting a challenge to the authors, was to distill from the past insights into prom- ising directions for future research. Growing national concern with computer security and privacy, extending beyond the conventional military requirement to cover the entire civilian and business com- munity, has underscored the urgency of reinforcing and redefining research activity. We are convinced that this book establishes research objectives and directions—the long-term realization of which will represent important progress in resolving the national concern with security and privacy issues. MARVIN DENICOFF Director of Information Systems Program Office of Naval Research xi PREFACE Huck, have you ever told anybody about—that? 'Bout what? You know what. Oh—course ί haven't. Never a word? Never a solitary word, so help me. What makes you ask? Mark Twain—The Adventures of Tom Sawyer The work reported in this monograph was suggested by Marvin Denicoff, Director of the Information Systems Program of the Office of Naval Research in the Summer of 1976. The work is intended to pro- duce a technical review of recent research in the area of computer security. Furthermore, it is intended to provide some assessment and evaluation of the work reviewed. Some projections and speculations of future activities in computer security research are also included. Because the monograph is written for technical managers, program monitors, and other managerial people who are not directly conducting such research, we have tried to present the review in a tutorial and il- lustrative manner. We have also attempted to introduce some of the necessary terminology with intuitive and informal definitions. To allow readers to have a comprehensive and coherent coverage of computer security research, we endeavored to give our personal views on various subjects and attempted to include all relevant areas for consideration. We would like the reader to bear with us in our expression of these views. To allow further pursuit of recent work in computer security, we have also provided a rather complete bibliography with annotations. Although the bibliography covers published work in computer security from 1974 through 1978, much of the work covered up to 1977 was compiled and annotated by Philip F. Sherburne. The authors would like to thank him for the assistance. xiii xiv COMPUTER SECURITY The authors would also like to thank Shelley Green, Robyn Lerch- backer, and Nancy Parkinson for typing several drafts of the manuscript. Last, but not least, the authors would like to thank ONR for their support of the work. ACKNOWLEDGMENTS Figure 5-2 is adapted from Madnick, Stuart E. and Donovan, John J., Operating Systems, © 1974, McGraw-Hill, New York, p. 45. Adapted from Hsiao, David K., Systems Programming—Concepts of Operating and Database Systems, © 1975, Addison-Wesley, pp. 192, 194, 302, 308, 306 are the following, respectively: Figure 5-4, Figure 5-5, Figure 8-8, Figure 8-9, Section 8.3.2, 28 lines of textual material. Adapted from Hoffman, Lance J., Modern Methods for Computer Security and Privacy, © 1977 by Prentice-Hall, Englewood Cliffs, New Jersey, pp. 122, 110, 44, 40 are the following, respectively: Figure 5-3, Figure 5-13, Figures 6-1 and 6-4, and Figure 7-1. Figure 5-1 is from p. 113. Figure 5-7 is adapted from Organick, Elliott, J., The Multics System: An Examination of Its Structure, © 1972, M.I.T. Press, pages 148, 152, 153. By permission of M.I.T. Press. Figure 5-12 is adapted from Lipner, Steve, "A Minicomputer Security Control System," in Proceedings of the leee COMPCON Conference, 1974, San Francisco, California. By permission of the Institute of Elec- trical and Electronics Engineers, Inc. Figure 6-2 is adapted from Feistel, H., "Cryptography and Computer Privacy," Scientific American, 228, No. 5 (May, 1973), pp. 21 and 22. Figure 7-2 is adapted from Lampson, Butler, "Protection," in Pro- ceedings of the Fifth Princeton Symposium on Information Sciences XV xvi COMPUTER SECURITY and Systems, Princeton University, March 1971, pp. 437-443, and reprinted in Operating Systems Review, 8, 1, January, 1974, p. 22. Figure 7-3 is adapted from Scherr, A. L., "Functional Structure of IBM Virtual Storage Operatings Systems, Part II: OS/VS2-2 Concepts and Philosophies," IBM Systems Journal, 12, No. 4, 1973, p. 390. Reprinted by permission from IBM Systems Journal © 1973 by International Business Machines Corporation. The sample statistical database in Section 8.1.2 is adapted (with simplication) from Denning, Dorothy, "Are Statistical Data Bases Secure?" AFiPS Conference Proceedings—1978 NCC, 47, 1978, pp. 525-530. © 1978 AFIPS Press, Montvale, New Jersey. Figure 8-5a is adapted from Wong, E. and Chiang, F., "Canonical Structures in Attribute-Based File Organization," Communications of the ACM, 14, No. 9 (Sept. 1971), pp. 593-597. Copyright 1971, Associa- tion for Computing Machinery, Inc., reprinted by permission. Figure 8-14 is copied from a figure in Baum, Richard R. and Hsiao, David K., "Data Base Computers—A Step Toward Data Utilities," IEEE Transactions on Computers, c-25, 12 (Dec, 1976), 1254-1259. Reprinted by permission of the Institute of Electrical and Electronics Engineers, Inc. Chapter 1 INTRODUCTION Computer security deals with the managerial procedures and technological safeguards applied to computer hardware, software, and data to assure against accidental or deliberate unauthorized access to and dissemination of computer system data. Computer privacy, on the other hand, is concerned with the moral and legal requirements to pro- tect data from unauthorized access and dissemination. The issues in- volved in computer privacy are therefore political decisions regarding who may have access to what and who may disseminate what, whereas the issues involved in computer security are procedures and safeguards for enforcing the privacy decisions. The motivations for security and privacy can be found in the desire for secrecy in military affairs, for nondisclosure in industrial applications, and for information-sharing in modern society. These motivations have become particularly acute where computers are used since computers play a major and important role in processing and storing of secret and proprietary information and in providing effective sharing of useful information. The relationships between privacy issues and security measures are depicted in Fig. 1-1. By referring to it, we note that through legislative measures privacy issues affect all aspects of computer security. With due consideration of its social implications, legislation for computer privacy determines the type of information collected and by whom, the type of access and dissemination, the subject rights, the penalties, and the licensing matters. In Chapter 2, a discussion on privacy issues, legislative measures, and their implications on security 1

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.