Click for next page ( 320


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 319
Index A Absolute security, philosophy of, 7, 120 121, 247 Access control, 114, 134, 300 discretionary, 114-115 granularity of, 134 mandatory, 96, 114-115 mechanisms for, as add-one, 292 operating system, 147 violations of, 44 Access level, 44, 300 Access modes, multiple, 193 ACL (access control list), 147, 292, 300 ACL2 theorem prover, 97 ActiveX, 111, 141-142, 283, 300 Ada programming language, 85-86, 300 ADSL (asymmetric digital subscriber lines), 56, 300 Advanced Automation Systems air-traffic control system, 99 Advanced Research Projects Agency network (ARPANET), 29-30, 34, 133, 283, 301 switching node for, 307 Alcatel, 220 American National Standards Institute (ANSI), 199 Anomaly detection, 9. See also Detection 319 ANSI. See American National Standards Institute APIs. See Application programming interfaces Application-level security, 139-149 Application programming interfaces (APIs), 127, 132, 226-227, 301 Applique, 138 ARPA. See Defense Advanced Research Projects Agency ARPANET. See Advanced Research Projects Agency network Assessment Technology Branch (ATB) of NASA, 222, 301 Assurance, 15, 204-205, 301. See also System assurance Asymmetric cryptography. See Cryptography Asynchronous transfer mode (ATM), 132- 133, 301 ATB. See Assessment Technology Branch of NASA ATM. See Asynchronous transfer mode AT&T, 42, 46, 220 Attacks by hostile parties, 13, 22, 47-55 damage from, 112 detecting, 160 measuring, 185 scripts for, 174

OCR for page 319
320 Authentication, 33-36, 125, 292, 301, 307 biometric, 123-124, 301 cryptographic, 7, 122, 214 need for effective, 7 network-based, 121, 124 Authenticode signatures, 141 Authority, 112. See also Certification authorities (CAB) Autonomous system (AS), 301 routing within, 53 Availability, 14, 55, 149-150, 250, 301 B Baan (software vendor), 221, 282 BAAs. See Broad area announcements BCR (black/ crypto /red) project, 133, 301 Bell and La Padula policy, 115, 118, 301 Bell Laboratories, 291, 316 Bell operating companies, 26 Beta testing, 89 BGP. See Border Gateway Protocol Biometric authentication, 8, 123-124, 229, 248, 301 Blacker devices, 35, 133, 302 "Blue boxes," 28, 302 Border Gateway Protocol (BGP), 30, 52, 301 routers for, 38, 53-55, 164 Bottom-up integration, 93 British Ministry of Defense, 202 Broad area announcements (BAAs), 233- 234, 237, 255, 301 Bugs, 32, 45, 99, 182 protecting against, 135 seriousness of, 88 C C++ programming language, 85, 302 standard template library (STL) for, 87 Cable services, 4 Caller ID, 29, 241 Call forwarding, 27-28 Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), 204, 304 Caneware, 133, 138, 302 CAP. See Complex arithmetic processor Capability Maturity Model (CMM), 78-80, 303 critique of, 80 INDEX CCF (central control function), 99, 302 CCITT. See Consultative Committee on International Telephony and Telegraphy CCv2. See Common Criteria, version 2 CDIS (central control function display information system), 99, 302 CDSA. See Common data security architecture Cellular telephony fraud, 176 Central Intelligence Agency (CIA), 223 Centralized naming-service architecture, 5 6. See also Domain Name Services CERT/CC. See Computer Emergency Response Team/Coordination Center Certificate management, 128-129, 302 Certificate revocation list (CRL), 130, 304 Certification, 197, 302 Certification authorities (CAs), 8, 128-132, 302 Certification authority private keys, recovery from compromise of, 8, 129 CGI. See Common gateway interface Checkpoint, 220 Chinese Wall (Brewer-Nash) model, 116, 302 CIA. See Central Intelligence Agency CIAO. See Critical Infrastructure Assurance Office CIC R&D. See Computing, Information, and Communications Research and Development Circuit relays, 293-294 Cisco routers, 46, 163 Clark/Wilson model, 116 CLEFs. See Commercially licensed evaluation facilities Clipper chip, 227, 303 Closed user groups (CUGs), 111, 132-133 CMM. See Capability Maturity Model COCOMO. See Constructive cost model Collective behavior, research into, 299 COM. See Common object model Commercially licensed evaluation facilities (CLEFS), 208, 303 Commercial off-the-shelf (COTS) components, 92, 118, 281, 296, 304 adapting and customizing, 6, 281-282 benefits of, 3, 63 changing role of, 87-89 DOD use of, 10, 13-15

OCR for page 319
INDEX general problems with, 89-90, 103 need for greater trustworthiness in, 4, 70, 190-191 software, 22, 87-90 Common Criteria, version 2 (CCv2), 204, 206-207 Common data security architecture (CDSA), 132, 145, 302 Common gateway interface (CGI) scripts, 32, 302 Common object model (COM), 87, 303 Common object request broker architecture (CORBA), 87, 303, 311 Communications security, new approaches to, 7-9 Communications speed, 8 Complex arithmetic processor (CAP), 97, 302 Complexity, increased problems with, 3, 16,65 Components. See also Commercial off-the- shelf (COTS) components; Critical components building and acquiring, 82-92 design and implementation, 84-85 integrating, 82-92 Computer break-ins, 17-18 Computer crime, 113 Computer Emergency Response Team/ Coordination Center (CERT/CC), 110, 302 advisories of, 150 Web site of, 15, 50 Computer networks. See Networks Computer security, new approaches to, 7-9, 118-120 Computer Security Act, 215, 218 Computer Security Technology Center, 222 Computing, Information, and Communications Research and Development (CIC R&D), 216, 223, 303, 307 Computing systems, integrating, 24, 77-78, 92-94 Concurrency, 100 Confidentiality, 125, 303 and cryptography, 214 Congestion, 3841, 149-150 Conops (concept of operations), 69-70, 303 approval of, 74 Constructive cost model (COCOMO), 67, 194, 303 321 Consultative Committee on International Telephony and Telegraphy (CCITT), 99, 302 Consumer risk management, 187-188 Contingency planning, 289 Controls personnel, 109 procedural, 297 Control theory, 16 Control tones, 28, 302 Convenience issues, 212 COPS (computer oracle password security), 44, 303 CORBA. See Common object request broker architecture Correctness, 14, 75, 92-93, 97, 303 Cost pressures, 3, 13, 38 Costs consumer, 181-184, 252 direct, 181-182 estimating, 67 indirect, 182 producer, 192-194 See also Failure costs COTS components. See Commercial off- the-shelf components CPU (central processing unit) increasing power of, 182 intensive calculations by, 41, 243 Credit card transactions, 158 CRISIS report. See Cryptography's Role in Securing the Information Society Criteria creep, 207 Critical components, 76-77 Critical Foundations: Protecting America's Infrastructures, 287 Critical Infrastructure Assurance Office (CIAO), 13, 216, 303 CRL. See Certificate revocation list Cross-connect components, 242, 304 Cryptographic authentication, 122, 135-136, 214, 247 Cryptographic protocols, 99, 124-125, 133 Cryptography. See also Authentication classified research into, 232 and confidentiality, 214 defined, 304 factors inhibiting widespread deployment of, 211-213, 253 increased use of, 289-290 promoting wider use of, 243

OCR for page 319
322 and public-key infrastructures (PKIs), 124-132 and security, 7 and trustworthiness, 55, 210-214 Cryptography's Role in Securing the Information Society (CRISIS report), 211, 289-290, 304 CSP (Communicating Sequential Process), 100, 304 CTCPEC. See Canadian Trusted Computer Product Evaluation Criteria CUGs (closed user groups), 132-133, 138, 304 Customers, and trustworthiness, 180-189 Cyberspace, trust in, 11, 111 D Damage from attacks, 112 DARPA. See Defense Advanced Research Projects Agency Database attacks, 4849 Data Encryption Standard (DES), 199, 203, 305 DCOM. See Distributed common object model Decentralization, research into, 299 Deception, research into, 299 Decision support, 289 Defense Advanced Research Projects Agency (DARPA), 172, 217, 223, 304, 308 coordinating with NSA, 228 issues for the future, 235-237, 254-255 role in trustworthiness R&D, 221, 223- 224, 232-237 sponsoring research, 5, 10, 298-299 Defense-in-depth, 127, 132, 288 Defense Information Systems Agency (DISA), 17, 217, 223-224, 305 Defense Messaging System (DMS), 137-138, 305 Defense Science Board, 12, 286 Defensive information warfare. See Information Warfare Defense Denial-of-service attacks, 44, 54, 111, 305, 315 defending against, 8-9, 149-150 Dependency analysis, 75 Depreciation, 206-207 Deregulation, today's climate of, 3, 38, 220 INDEX DES. See Data Encryption Standard Design, top level, 66-82 Design errors, 2, 13, 156, 251 research in avoiding, 6 Detection, 158-161, 180, 251 limitations in, 158-159, 161 DGSA. See DOD Goal Security Architecture Digital Equipment Corp. (DEC), 198 Digital signal processors (DSPs), 38, 305 Digital signatures, 126 DISA. See Defense Information Systems Agency Distributed common object model (DCOM), 87, 304 Diversity, 155-158, 192, 250 DMS. See Defense Messaging System DNSs. See Domain Name Services DOD. See U.S. Department of Defense DOD access control model, 115, 117 DOD Goal Security Architecture (DGSA), 117-118, 230, 305 DOE. See U.S. Department of Energy Domain Name Services (DNSs), 30-31, 46, 305 attacks via, 51, 175 Domain-specific languages, 86 DOS (disk operating system), 291, 305 Downstream service providers (DSPs), 26, 305 DSPs. See Digital signal processors DTE (domain and type enforcement), 143, 305 Dynamic packet filters, 294 Dynamic resource allocation, research into, 298 E Economic context, 171-239, 251-253 ECU. See European Currency Unit Eligible Receiver, 18, 19 Emergency systems, eliminating, 3 Encryption end-to-end packet, 301 key-escrow, 309 multiple, 154 network-level, 34-35 Encryption technology, controversial, 287 Enforcement subsystems, 147 Environmental disruption, 13, 16, 3741

OCR for page 319
INDEX Ethernets, 30, 316 European Currency Unit (ECU), introduction of, 4, 187-188 Evaluation processes, tension in, 210 Executive Order 13010, 217 Export controls, 210-211, 253 Extensible software, 111, 282-283 Exterior Gateway Protocol, 30 F FAA. See Federal Aviation Administration Failure costs, 183-184 Fault isolation, 146-149 Fault tolerance, 9, 233, 250, 306 FBI. See Federal Bureau of Investigation FCC. See Federal Communications Commission FDA. See Food and Drug Administration FEAL cipher, 203, 306 Federal Aviation Administration (FAA), 218, 222 Federal Bureau of Investigation (FBI), 18, 112, 217 Federal Communications Commission (FCC), 37, 218 Federal information processing standards (FIPS), 199, 203, 306 FIPS 46-1, 305 FIPS 140-1, 200, 203, 208 Federally funded research and development centers (FFRDCs), 228 FFRDCs. See Federally funded research and development centers FGAC. See Fine-grained access control Filters. See Packet filter firewall Fine-grained access control (FGAC), 8, 113, 249, 306 and application security, 143-146 FIPS. See Federal information processing standards Firewall, 134-137, 139, 242, 248-249 defined, 306 future of, 8 limitations of, 44, 113, 135-137 need for application-layer, 8 thriving market for, 2, 188 types of, 293-295 Food and Drug Administration (FDA), 184- 185, 218 Foreign code, 7, 111, 139-149, 249-250 323 Foreign espionage agent threat, 286 Formal methods, 7, 95-101, 103-104, 246, 306 Formal policy models, shortcomings of, 115-117, 120-121 Fortezza technology, 138, 226-227, 306 Frame relay, 132 Freeh, FBI Director Louis, 18 FTP (File Transfer Protocol), 294, 306 proxy, 294 G Gateway routing protocols, 30, 135, 212 General Accounting Office (GAO), 12, 18 Generally accepted security system principles (GSSP), 285 Government. See also individual agencies role in promoting trustworthiness, 3-4, 215-221 Graphical user interfaces (GUIs), 83, 282 Group identifiers, 292 GSSAPI (generic security services application programming interface), 145, 306 GSSP. See Generally accepted security system principles Guards, 137-139, 249 GUIs. See Graphical user interfaces H Hardware tokens, 8, 123-124, 168, 247-248, 307 Hassle factor, 182, 189 HCS. See High Confidence Systems Health maintenance organization (HMO) example, 62-63, 70-71, 82-83, 88, 90, 93-94 Heisenbug, 157, 307 Helper applications, 283 Heterogeneity, research into, 298. See also Diversity High Confidence Systems (HCS) working group, 223, 231, 307 High Performance Computing and Communications Initiative, 216 HMO. See Health maintenance organization example

OCR for page 319
324 Homogeneity rationale for, 191, 198 risks of, 191-192 see also Replication Hostile attacks. See Attacks by hostile parties HTML. See Hypertext Markup Language HTTP. See Hypertext Transfer Protocol Hypertext Markup Language (HTML), 31- 32, 307 Hypertext Transfer Protocol (HTTP), 31-32, 191, 307, 315 I JAB. See Internet Architecture Board IBM, 97, 99, 220, 292 ICMP (Internet Control Message Protocol), 307 IDE disk interface standard, 190, 307 IEEE. See Institute of Electrical and Electronics Engineers IESG. See Internet Engineering Steering Group IETF. See Internet Engineering Task Force IISP. See Information Infrastructure Standards Panel IITF. See Information Infrastructure Task Force Immunological identification, research into, 299 Imperfect information, 184-186 Implementation errors, 2, 13, 54-55, 156 research in avoiding, 6 Incident response, 289 Industry, partnership with, 226-227 Information assurance, 215-217, 288 increasing spending on, 236-237 Information Assurance Task Force, 219 Information Infrastructure Standards Panel (IISP), 199 Information Infrastructure Task Force (IITF), 216 Information science and technology activities (ISATs), 234, 237, 255, 308 Information system security, NSA and DARPA research into, 298-299 Information Systems Office (ISO), 233 Information Systems Security Research- Joint Technology Office (ISSR1TO), 224, 228, 308 INDEX Information Technology Industry Council, 200 Information Technology Management Reform Act, 215 Information Technology Office (ITO), 10, 232-236, 298-299, 308 Information Technology Security Evaluation Criteria (ITSEC), 204, 206, 208, 308 Information warfare, 20, 215, 286 Information Warfare Defense (IW-D), 286 Infosec (information security), 225 Infrastructure protection, 1-2, 12-13, 20-21, 241, 287-289 Insecurity, theory of, 109, 119-120, 160-161 Insiders, threat from, 112-113, 135 Inspections, 94-95 Institute of Electrical and Electronics Engineers (IEEE), 97 Insurance claims data, 112 demand for, 183 Insurance model, 178 Integration plans, 77-78, 103-104 bottom-up, 93 costs of, 193 of subsystems, 244-245 thread, 93-94 top-down, 93 Integrity of data, 125 Intel Corp., 97, 145, 190 Interconnections, weak points in, 3, 19, 40 41,52 Interface message processors (IMPs), 35, 307 Interfaces, 2 to facilitate intervention and control, 17 server, 284 International Computer Security Association, 197 International Organization for Standardization (ISO), 31 Internet, 5, 21, 163-164 attacks on, 50-55 business use of, 58 downloading software from, 140 managing congestion on, 3940 operational error on, 4243 protecting, 242-243 readiness for business, 56-57 security of, 36-37 telephony, 55-56 vulnerability of, 56-58

OCR for page 319
INDEX Internet Architecture Board (IAB), 201 Internet Engineering Steering Group (IESG), 201 Internet Engineering Task Force (IETF), 36, 132, 144-145, 200-201, 209, 307, 315 Internet Protocol (IP), 29, 121, 190, 308 headers in, 40 Internet service providers (ISPs), 26, 38, 308 protection offered by, 52 Internet Society (ISOC), 201, 308 Interoperability issues, 191-192, 212 Intrusion detection, 9, 113, 229, 233 IP. See Internet Protocol IPsec (IP Security), 34-36, 134, 200, 229, 307, 315 ISAKMP (International Security Association and Key Management Protocol), 229, 308 ISATs. See Information science and technology activities ISDN (integrated services digital network), 56, 308 ISO. See Information Systems Office; International Organization for Standardization ISPs. See Internet service providers ISSRlTO. See Information Systems Security Researchloint Technology Office Iteration, dynamic, 195 ITO. See Information Technology Office ITSEC. See Information Technology Security Evaluation Criteria IW-D. See Information Warfare Defense J Java, 85, 142, 283, 308 JavaBeans, 87, 308 Joint-service programmable radio, 97 Joint Technology Office. See Information Systems Security Researchloint Technology Office JVM Java virtual machine) specification, 142, 308 K KDCs. See Key-distribution centers Kernels, 164-167, 309 325 Key-distribution centers (KDCs), 127-128, 309 Key-escrow encryption, 253, 309 Key-management technologies, 8, 127-132, 248 Needham-Schroeder, 203 Key process areas (KPAs), 79, 309 Key recovery, 211 KPAs. See Key process areas L Lawrence Livermore National Laboratory, 222 LCLint tool, 99 Legacy software. See Software Leverage, 191 Link failures, 37-38 M Maintenance practices, 44 Malicious attacks. See Attacks by hostile parties Management information bases (MIBs), 31, 309 Market-government relationship, changing relationship, 220-221 MEII. See Minimum essential information infrastructure MIBs. See Management information bases Microsoft Corp., 190, 283, 305 Middleware, 282. See also SAP, PeopleSoft Military weapons, tactics intended to disrupt, 286 MILNET, 34, 304, 309 MIME (multipurpose Internet mail extension) format, 200, 309 Minimum essential information infrastructure (MEII), 9, 162, 164- 168, 287, 309 building, 250 taxonomy of, 166 MISSI. See Multilevel Information Systems Security Initiative Mitigation, risk, 23, 177-178, 289 Mobile code, 7, 111, 283-284 Model checking, 96, 101 Monitoring, 158-161, 251, 289 MS-DOS, 291

OCR for page 319
326 Mu hi c a s tin g, 8 Multics, 85, 309 compared with UNIX, 316 Multilevel Information Systems Security Initiative (MISSI), 137-138, 226, 306, 309 Multilevel security, 96 Multimode joint-service programmable radio, 97 Multinode networks, 35 MVS (multiple virtual storage), 292, 309 N Name-space management, 8 Naming-service architecture, centralized, 5-6 NASA. See National Aeronautics and Space Administration National Aeronautics and Space Administration (NASA), 222, 301 National Communications System (NCS), 217, 310 National Computer Security Center (NCSC), 226, 310 National Cryptologic Strategy for the 21st Century, 225 National Information Assurance Partnership, 208, 220 National Information Infrastructure initiative, 216 National Infrastructure Protection Center, 217 National Institute of Standards and Technology (NIST), 199, 203, 218, 220, 223, 306, 310 National Partnership for Reinventing Government (NPRG), 215, 310 National Performance Review. See National Partnership for Reinventing Government National Science Foundation (NSF), 201, 222 National Security Agency (NSA), 138, 172, 217-218, 223, 310-311 issues for the future, 230-232, 254 mission of, 225 role in trustworthiness R&D, 221-232 sponsoring research, 5, 10-11, 298-299 National Security Telecommunications Advisory Committee (NSTAC), 12, 217, 219, 310 INDEX National Voluntary Laboratory Accreditation Program, 208 Natural disasters, 289 NCS. See National Communications System NCSC. See National Computer Security Center Needham-Schroeder key-management protocol, 203 NES (Network Encryption System), 133, 310 Netcom, 43 Netware Link-State Protocol (NLSP), 35, 310 Network-based authentication, 121 Networked information systems (NISs), 245-246, 281-282, 289, 310 attacks on, 111 building, 64-66, 243 definition of, 13 research into vulnerabilities, 5-6, 11-13 software for, 62-108 trustworthiness of, 24, 13-15, 154-170, 249-250 Network Management System (NMS), 138, 310 Network operations centers (NOCs), 42-43, 310 Network Reliability and Interoperability Council (NRIC), 37, 41, 45, 218, 310 Networks, 282 controlling access to, 8, 132-139 failures, 37-55 forming, 41 layers in, 34 multinode, 35 our dependence on, 1 Network security, research into, 299 Network "sniffers," 18 Network survivability, research into, 299 NISs. See Networked information systems NIST. See National Institute of Standards and Technology NLSP. See Netware Link-State Protocol NLSP (Network-Layer Security Protocol), 35, 310 NMS. See Network Management System NOCs. See Network operations centers Nodes, disparate, 94 Nonrepudiation, 125, 310 Northeast power blackout, 19

OCR for page 319
INDEX Notation and style, 70-72 NPRG. See National Partnership for Reinventing Government NRIC. See Network Reliability and Interoperability Council NSF. See National Science Foundation NSTAC. See National Security Telecommunications Advisory Committee o OC-12 (optical carrier 12) circuits, 40, 311 Office of Management and Budget, 215 Office of Science and Technology Policy, 12, 219 Open Software Foundation, 145 Open Systems Interconnection (OSI) networks, 35, 310-311 Operating systems (OSs), 228, 291-292. See also individual operating systems add-one for, 292 defined, 311 Operational errors, 13, 16, 41-45 reducing, 4445, 243-244 Operations support systems (OSSs), 28, 36, 242, 311 interconnections to the Internet, 47 Oracle (software vendor), 282 Orange Book, 23, 311, 315 Orphan products, 91 OSSs. See Operations support systems Out-of-band signaling, 28, 56 Outsiders, threat from, 112-113 p P5 chip (Pentium processors), 97, 311 P6 chip (Pentium Pro processors), 97, 311 Packet filter firewall, 136, 293 Packet-filtering router, 196 Paperwork Reduction Act, 215 Passwords, 292, 311 Patents, 213 PCC. See Proof-carrying code PCCIP. See President's Commission on Critical Infrastructure Protection PCMCIA (Personal Computer Memory Card Interface Association), 312 cryptographic tokens, 306 327 PDD. See Presidential Decision Directive PeopleSoft (software vendor), 186, 282 Performance specifications, 70-72 Personal computers (PCs), 88, 312 Personal identification numbers (PINS), 8, 123, 248, 312 Personnel controls, 109 PGP (pretty good privacy), 36, 129, 312 Physical access, 112, 158 Physical threats, 50, 55, 174-175, 287 PKI. See Public-key infrastructure PLI. See Private line interface Postdeployment upgrades, 104, 296 PostScript, 140 Precursor information, protecting, 297 Presidential Decision Directive (PDD) 63, 13, 20, 216, 240 President's Commission on Critical Infrastructure Protection (PCCIP), 1, 12, 20, 185, 217-219, 223, 236, 287, 312 Privacy, 14, 156, 312 Private keys, 126, 128, 312 Private line interface (PLI), 133, 312 Programmable radio, 97 Program management, 66-68 Programming languages, 85-86, 91-92. See also individual languages powers of, 7, 245-246 research in, 8 Proof-carrying code (PCC), 146, 148-149, 250, 312 Proof-checking, 101 Protocol design flaws, 54-55 Prototyping, 83-84 Pseudocode, 84, 312 PTN. See Public telephone network (PTN) Public-key cryptography, 126, 301, 312-313 Public-key infrastructure (PKI), 8, 124-132, 248, 312 defined, 130-132 Public keys, 124-126, 312 Public policy context, 2, 171-239 Public-private partnerships, 219-221, 253 254 Public telephone network (PTN), 5, 21, 121, 162-163, 312 attacks on, 47-50 backup power for, 165 congestion on, 39 design of, 27-29

OCR for page 319
328 and Internet trustworthiness, 26-61 operational error on, 4142 protecting, 241-242 vulnerabilities of, 55-58 Q Quality of service (QOS), 30, 32-33, 312 guarantees of, 5, 32-33 Quarantine, research into, 299 R R2 program, 10-11, 228-232, 254, 312 R/3. See SAP Radio, programmable, 97 Radio Technical Commission for Aeronautics. See RTCA Rapid recovery, research into, 299 Reconfiguration, 159-160 Reconstitution, research into, 299 Red Book, 162, 313 Redundancy, 41 research into, 298 See also Reserve capacity Reliability, 14, 313 amplifying, 155-157 Replication, 154-158, 250 of components, 14 Report of the Defense Science Board Task Force on Information Warfare Defense, 286 Requests for proposals (RFPs), 188, 313 Requirements errors, 73-74 Research and development (R&D) agenda for, 4-11, 21, 240-255 need for, 6, 13 Reserve capacity, reducing, 3, 38-39 Resilience, research into, 299 Resource allocation, 149-150,191 research into, 298 Resource Reservation Protocol (RSVP), 32- 33, 313 Response phase, 159-160 Revenge threat, 286 Reverse engineering, defending against, 297 Reviews. See Technical reviews Revocation, 141-142 timely notification of, 8 RFC (request for comments), 201, 313 INDEX RFPs. See Requests for proposals Risk defined, 173, 313 measuring, 185 Risk assessment, 173-174 Risk avoidance strategies, 23,177,180 Risk management, 23, 58, 172-180, 289 issues affecting, 186-188 strategies for, 176-180 Risk mitigation strategies, 177-178 Robustness, 88 research into, 299 Routing attacks, 48, 51-54 Routing protocols, 30, 305 inadequacies in, 5, 44-45 RPC (Remote Procedure Call) protocol, 294, 313 RSML (requirements state machine language) notation, 98, 313 RSVP. See Resource Reservation Protocol RTCA (Radio Technical Commission for Aeronautics), 202, 313 S Safety, 14, 202, 313 Sandia National Laboratories, 222 SAP (software vendor), 87,186,188,191, 220-221, 282 Satellite-based services, 4 Scalable coherent interface (SCI) standard, 97, 313 SCI. See Scalable coherent interface SCR. See Software Cost Reduction SCSI (small computer standard interface) interface, 190, 313 SDSI. See Secure Distributed Security Infrastructure Secrecy, 314 of design, 296-297 Secret-key cryptography, 125,129, 314 Secure Distributed Security Infrastructure (SDSI), 132, 314-315 Secure Network System (SNS), 138, 314 Secure socket layer (SSL) protocol, 32,129, 196, 200, 315 Secure Telephone Unit II (STU-II) systems, 129 Secure Telephone Unit III (STU-III) systems, 35,129, 315

OCR for page 319
INDEX Security, 12-14, 88, 241, 285, 314. See also Network security amplifying, 157-158 application-level, 139-149 demonstrating, 118-120 enforcing, 143 examples of, 291-292 growing interest in, 197-198 language-based, 146-149 reinventing, 109-153, 247-250 through obscurity, 296 Security management protocols, supporting sophisticated, 8 Security needs, 253 evolution of, 110-111 Security Reference Monitor, 292 Segmentation, research into, 299 SKI. See Software Engineering Institute Self-organization, research into, 299 Self-stabilization approach, 9,168, 251 SFI. See Software fault isolation Siemens, 220 Signaling System 7 (SS7) protocol suite, 28, 242, 315 vulnerability of, 47, 50 Simple Network Management Protocol (SNMP), 31, 309, 314 Simple Public-Key Infrastructure (SPKI), 132, 315 Skill-lifetimes, increasing, 191 Smart cards, 123, 200 S/MIME (secure/multipurpose Internet mail extension) format, 36, 130, 196, 314 Snefru function, 203 SNMP. See Simple Network Management Protocol SNS. See Secure Network System (SNS) Software. See also Components barriers to innovative, 81-82 legacy, 90-91 needed to improve trustworthiness, 244-246 for networked information systems (NISs), 62-108 role of, 64-66 trends in, 281-284 Software Cost Reduction (SCR) program, 70, 98, 313 329 Software developers practices of, 21, 89-90, 95-96,124-132 scarcity of, 85, 231 Software engineering, challenges of, 6, 66 80, 82-94 Software Engineering Institute (SEI), 78-80, 302 Software fault isolation (SFI), 146,148-149, 314 Software systems, evolution of, 282 Software upgrades, timing, 284 Software wizards, 281-282 SONET (synchronous optical network), 38, 311, 314 Source code, 84-85, 314 Specification, 17, 68-69, 74-75, 314 SPKI. See Simple Public-Key Infrastructure SP3 (Security Protocol at Level 3), 35, 314 SS7. See Signaling System 7 SSL. See Secure socket layer protocol Standards and criteria, 199-210 for trustworthiness, 201-204, 251-252 Standard template library (STL), 87, 315 Static resource allocation, research into, 298 STL. See Standard template library Storage, procedural controls on, 297 Structured walkthrough, 84 STU. See Secure Telephone Unit Stubs, 93 Subsystems, 116-117 Survivability. See also Network survivability defined, 14, 315 SWAT (special weapons and tactics) teams, 100, 315 Switches, untrustworthy, 4041, 46-47, 242 Symmetric-key ciphers, 119-120,122, 306 secret, 309, 314 System administrators, cautions for, 135, 284 System architectures, 6, 23, 287 System assurance, 94-102 Systematic reuse, 86-87 System evolution, 102-103 System integration, 92-94 System management, 284 System planning, 66-82 requirements for, 68-74 Systems analysis, 289

OCR for page 319
330 System shutdown, 9 Systems requirements document, 69-70 T Tactical countermeasures, 286 Tactical information warfare, 286 Tamper resistance, 123 Tandem systems, 157 TCAS II, 98 TCL (tool command language), 86, 315 TCP (Transmission Control Protocol), 29, 293, 315 headers in, 40 TCSEC. See Trusted Computer System Evaluation Criteria Technical reviews, 94-95, 103 Telecommunications fraud, 183-184 Telephone system. See Public telephone network (PTN) Testing, 101-102, 118-119, 246 costs of, 193 research in, 104 Thread integration, 93-94 Threat detection, 289 Threats, 316 insiders versus outsiders, 112-113 taxonomy of, 286 TIU (trusted interface unit), 133, 316 Token-based mechanisms. See Hardware tokens Top-down integration, 93 Top Secret enclaves, 292, 315 Trade-offs, managing, 176, 194 Traffic profile, 41 Transparency, 294 Transport layer, 293-294 procedural controls on, 297 terminating instantiations of, 294 Trojan horse attacks, 18, 115, 316 Trust, 11 erosion of, 15-20 warranted, 255 Trusted Computer System Evaluation Criteria (TCSEC), 115, 162, 199, 206 208, 227, 315 Trustworthiness, 313 benefits of, 2-3 costs of, 2, 189, 192-196 of COTS components, 34 INDEX and cryptography, 210-214 and customers, 180-189 defined, 13-15, 240, 316 enhancing, 1-2 implementing R&D into, 253-255 marketing products for, 196-198 multidimensionality of, 252-253 new paradigms for, 168-169 of networked information systems (NISs), 2-4 placement of, 2-3 producers of products for, 190-198 studies of, 195-196, 285-290 of systems built from untrustworthy components, 9, 23, 154-170, 250-251 see also software, role of U UDP. See User Datagram Protocol U.S. Department of Defense (DOD), 10, 234-235, 286-287, 311 attacks against computers of, 17 U.S. Department of Energy (DOE), 221-223 U.S. Secret Service, 219 United States, enemies of, 286 University Research Program (URP), 228, 316 UNIX systems, 3, 157, 213, 291, 303, 316 Untrustworthy components. See Trustworthiness Upgrades, 102 postdeployment, 296 URP. See University Research Program User accounts, 44 User Datagram Protocol (UDP), 31, 34, 54, 150, 293-294, 316 User IDs, 291-292 Uses of devices, procedural controls on, 297 V Validation, 95 VDM (Vienna definition method), 100, 316 Verification, 98-99 Verity, 97, 316 Very-high-level languages, 86 VGA (video graphics adapter), 190

OCR for page 319
INDEX Virtual circuit data networks, 132-133 Virtual private networks (VPNs), 8, 133 134, 138-139, 248, 316 Visual Basic language, 86 VPNs. See Virtual private networks (VPNs) Vulnerabilities, 27, 287-288, 297 assessing, 120-121, 289 defined, 316 exploiting, 173-174, 313 failure to validate arguments, 95 intrinsic, 27 residual, 297 scanning for, 44 VVSL method, 100, 316 W Waterfall development process, 68 W3C (World Wide Web Consortium), 201, 317 331 Windows NT, 157-158, 229, 283, 291, 317 Work factor model, 178, 185, 317 World Wide Web (WWW) downloading software from, 140 exploding popularity of, 62 X X.25 protocol suite, 35,132-133, 317 XEU (Xerox encryption unit), 133, 317 y Y2K (year 2000) problem, 4, 12-13, 187-188, 317