摘要 :
The first steps toward professional recognition include a certification program that the International Information Systems Security Certification Consortium is prepared to develop and oversee. Our profession has evolved in the las...
展开
The first steps toward professional recognition include a certification program that the International Information Systems Security Certification Consortium is prepared to develop and oversee. Our profession has evolved in the last fifteen years, and it i ...
收起
摘要 :
Commonly, a system creator will seek to limit access to various parts of an information system based on the user is and what authorities should be granted that person. With a payroll system, it would be expected that only a limite...
展开
Commonly, a system creator will seek to limit access to various parts of an information system based on the user is and what authorities should be granted that person. With a payroll system, it would be expected that only a limited number of people would be able to change data, a larger segment of managers would be able to view information on their particular department, and perhaps everyone would be able to see their own information. This sort of situation presents an interesting problem for the system designer who would like to minimize the amount of coding necessary to accomplish this level of flexibility and to simplify maintenance of the application system. We were presented with such a problem with a project accounting system. The two first implementations of this application system were based on simply locking users out of screens for which they had no authority. A polite message was displayed indicating that the user did not have authority to access the screen in question. This method had the potential of becoming a security problem because the code was replicated in each of fifteen menus. Changes had to propagated around several different menus for several different levels of authorization. This created difficulty for us in maintaining a consistent set of key strokes throughout the system. Exceptions had to be handled via replicated code. These problems led us to re-evaluate the existing system and to create a system based on the following set of user requirements: access to functions must be based on the user's level of authority; all menus should require the basic keystrokes; menus to which a user dose not have authority should not be displayed to that user; and finally, so-called ''super users'' must be able to access data from the point of view of various sub-organizations.
收起
摘要 :
This report describes a class of operating system protection errors known as 'insufficient validation of critical conditions,' or simply 'validation errors,' and outlines a scheme for finding them. This class of errors is recogniz...
展开
This report describes a class of operating system protection errors known as 'insufficient validation of critical conditions,' or simply 'validation errors,' and outlines a scheme for finding them. This class of errors is recognized as a very broad one, lying outside the scope of the basic protection mechanisms of existing systems; the extent of the problem is illustrated by a set of validation errors taken from current systems. Considerations for validity conditions and their attachment to variables and to various types of control points in procedures are explored, and categories of validation methods noted. The notion of criticality itself is analyzed, and criteria suggested for determining which variables and control points are most critical in the protection sense. Because a search for validation errors can involve substantial information processing, the report references existing or developing tools and techniques applicable to this task. (Author)
收起
摘要 :
In this paper we discuss security issues for cloud computing including storage security, data security, and network security and secure virtualization. Then we select some topics and describe them in more detail. In particular, we...
展开
In this paper we discuss security issues for cloud computing including storage security, data security, and network security and secure virtualization. Then we select some topics and describe them in more detail. In particular, we discuss a scheme for secure third party publications of documents in a cloud. Next we discuss secure federated query processing with map Reduce and Hadoop. Next we discuss the use of secure coprocessors for cloud computing. Third we discuss XACML implementation for Hadoop. We believe that building trusted applications from untrusted components will be a major aspect of secure cloud computing.
收起
摘要 :
During the President's National Security Telecommunications Advisory Committee (NSTAC) XXV Principals' Meeting of March 12-13, 2002, concern was expressed over the ability to protect the 'edges' of the Internet against attack or e...
展开
During the President's National Security Telecommunications Advisory Committee (NSTAC) XXV Principals' Meeting of March 12-13, 2002, concern was expressed over the ability to protect the 'edges' of the Internet against attack or exploitation. To defend the edge, it is first necessary to define the edge and to understand the relevant perimeter that is needed to protect the Nation's critical infrastructures. However, there is no universal definition for the edge of the Internet. Many consider the Internet borderless or without any edge. Some consider the edge of the Internet to be the end-user terminal level-the millions and millions of desktops in homes and small businesses around the Nation and around the world-while others believe it to be the point at which an Internet service provider (ISP) interconnects with the backbone network. Consequently, the task force concluded that to protect the critical infrastructure of the United States, the focus should involve all elements of the Internet rather than attempt to focus security efforts at the edge. Security practices throughout the Internet must be as fluid and dynamic as the Internet itself.
收起
摘要 :
This manual is a guide to use of the file protection mechanisms available on the Martin Marietta Energy Systems, Inc. KSV VAXes. User identification codes (UICs) and general identifiers are discussed as a basis for understanding U...
展开
This manual is a guide to use of the file protection mechanisms available on the Martin Marietta Energy Systems, Inc. KSV VAXes. User identification codes (UICs) and general identifiers are discussed as a basis for understanding UIC-based and access control list (ACL) protection. (ERA citation 14:023913)
收起
摘要 :
With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages...
展开
With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employees home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does not consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road.
收起
摘要 :
This volume is Section 10, Program Listing, of the basic document. It contains a complete listing of all computer program components (CPC's) that comprise the Security Kernel for the PDP-11/45. (Author)
摘要 :
COBIT is a set of documents that provides guidance for computer security. This report introduces COBIT by answering the following questions, after first defining acronyms and presenting definitions: 1. Why is COBIT valuable. 2. Wh...
展开
COBIT is a set of documents that provides guidance for computer security. This report introduces COBIT by answering the following questions, after first defining acronyms and presenting definitions: 1. Why is COBIT valuable. 2. What is COBIT, and 3. What documents are related to COBIT. (The answer to the last question constitutes the bulk of this report.) This report also provides more detailed review of three documents. The first two documents - COBIT Security Baseline(Trade Name) and COBIT Ouickstart(Trade Name) - are initial documents, designed to get people started. The third document-Control Practices-is a 'final' document, so to speak, designed to take people all the way down into the details. Control Practices is the detail.
收起
摘要 :
The purpose of this paper is to evaluate two Federal statutes, the Computer Fraud and Abuse Act of 1986 and the Computer Security Act of 1987, from the perspective of computer security incident response efforts. First, the major r...
展开
The purpose of this paper is to evaluate two Federal statutes, the Computer Fraud and Abuse Act of 1986 and the Computer Security Act of 1987, from the perspective of computer security incident response efforts. First, the major relevant provisions of eac ...
收起
