Computers at Risk -- Copyright -- Preface -- Acknowledgments -- Contents -- Executive Summary -- 1 Overview and Recommendations -- COMPUTER SYSTEM SECURITY CONCERNS -- TRENDS-THE GROWING POTENTIAL FOR SYSTEM ABUSE -- THE NEED TO RESPOND -- TOWARD A PLANNED APPROACH -- Achieving Understanding -- The Nature of Security: Vulnerability, Threat, and Countermeasure -- Special Security Concerns Associated with Computers -- Security Must Be Holistic-Technology, Management, and Social Elements -- Commercial and Military Needs are Different -- Putting the Need for Secrecy into Perspective -- Building on Existing Foundations -- SCOPE, PURPOSE, CONTENTS, AND AUDIENCE -- RECOMMENDATIONS -- Recommendation 1 Promulgate Comprehensive Generally Accepted System Security Principles (GSSP) -- Recommendation 2 Take Specific Short-term Actions that Build on Readily Available Capabilities -- Recommendation 3 Gather Information and Provide Education -- Recommendation 4 Clarify Export Control Criteria, and Set Up a Forum for Arbitration -- Recommendation 5 Fund and Pursue Needed Research -- Recommendation 6 Establish an Information Security Foundation -- CONCLUSION -- NOTES -- 2 Concepts of Information Security -- SECURITY POLICIES-RESPONDING TO REQUIREMENTS FOR CONFIDENTIALITY,INTEGRITY, AND AVAILABILITY -- Confidentiality -- Integrity -- Availability -- Examples of Security Requirements for Different Applications -- MANAGEMENT CONTROLS-CHOOSING THE MEANS TO SECURE INFORMATION AND OPERATIONS -- Preventing Breaches of Security-Basic Principles -- Responding to Breaches of Security -- DEVELOPING POLICIES AND APPROPRIATE CONTROLS -- RISKS AND VULNERABILITIES -- SECURING THE WHOLE SYSTEM -- APPENDIX 2.1-PRIVACY -- Protection of Information About Individuals -- Employee Privacy in the Workplace -- APPENDIX 2.2-INFORMAL SURVEY TO ASSESS SECURITY REQUIREMENTS.

User Identification -- User Verification or Authentication -- File Access Control -- Terminal Controls -- Telecommunications and Networking -- Detection Measures -- General Comments and Summary -- NOTES -- 3 Technology to Achieve Secure Computer Systems -- SPECIFICATION VS. IMPLEMENTATION -- SPECIFICATION: POLICIES, MODELS, AND SERVICES -- Policies -- Models -- Flow Model -- Access Control Model -- Services -- Authentication -- Authorization -- Auditing -- IMPLEMENTATION: THE TRUSTED COMPUTING BASE -- Computing -- Hardware -- Operating System -- Applications and the Problem of Malicious Code -- Communications -- Secure Channels -- Authenticating Channels -- Security Perimeters -- Methodology -- CONCLUSION -- NOTES -- 4 Programming Methodology -- SOFTWARE IS MORE THAN CODE -- SIMPLER IS BETTER -- THE ROLE OF PROGRAMMING LANGUAGES -- THE ROLE OF SPECIFICATIONS -- RELATING SPECIFICATIONS TO PROGRAMS -- FORMAL SPECIFICATION AND VERIFICATION -- HAZARD ANALYSIS -- STRUCTURING THE DEVELOPMENT PROCESS -- MANAGING SOFTWARE PROCUREMENT -- SCHEDULING SOFTWARE DEVELOPMENT -- EDUCATION AND TRAINING -- MANAGEMENT CONCERNS IN PRODUCING SECURE SOFTWARE -- WHAT MAKES SECURE SOFTWARE DIFFERENT -- RECOMMENDED APPROACHES TO SOUND DEVELOPMENT METHODOLOGY -- NOTES -- 5 Criteria to Evaluate Computer and Network Security -- SECURITY EVALUATION CRITERIA IN GENERAL -- Security Characteristics -- Assurance Evaluation -- Trade-offs in Grouping of Criteria -- Comparing National Criteria Sets -- Reciprocity Among Criteria Sets -- SYSTEM CERTIFICATION VS. PRODUCT EVALUATION -- RECOMMENDATIONS FOR PRODUCT EVALUATION AND SYSTEM CERTIFICATION CRITERIA -- NOTES -- 6 Why the Security Market Has Not Worked Well -- THE MARKET FOR TRUSTWORTHY SYSTEMS -- A SOFT MARKET: CONCERNS OF VENDORS -- FEDERAL GOVERNMENT INFLUENCE ON THE MARKET -- Procurement.

Strategic Federal Investments in Research and Development -- Export Controls as a Market Inhibitor -- Technology Transfer: Rationale for Controlling Security Exports -- Export Control of Cryptographic Systems and Components -- Export Control of Trusted Systems -- The Commercial Imperative -- CONSUMER AWARENESS -- Insurance as a Market Lever -- Education and Incident Tracking for Security Awareness -- Education -- Incident Reporting and Tracking -- Technical Tools to Compensate for Limited Consumer Awareness -- REGULATION AS A MARKET INFLUENCE: PRODUCT QUALITY AND LIABILITY -- Product Quality Regulations -- Product Liability as a Market Influence -- Software and Systems Present Special Problems -- Toward Equitable Allocation of Liability -- APPENDIX 6.1-EXPORT CONTROL PROCESS -- APPENDIX 6.2-INSURANCE -- NOTES -- 7 The Need to Establish an Information Security Foundation -- ACTIONS NEEDED TO IMPROVE COMPUTER SECURITY -- ATTRIBUTES AND FUNCTIONS OF THE PROPOSED NEW INSTITUTION -- OTHER ORGANIZATIONS CANNOT FULFILL ISF'S MISSION -- Government Organizations -- Private Organizations -- WHY ISF'S MISSION SHOULD BE PURSUED OUTSIDE OF THE GOVERNMENT -- A NEW NOT-FOR-PROFIT ORGANIZATION -- Critical Aspects of an ISF Charter -- Start-up Considerations -- Funding the ISF -- ALTERNATIVES TO THE ISF -- APPENDIX 7.1-A HISTORY OF GOVERNMENT INVOLVEMENT -- The National Security Agency and the DOD Perspective -- The National Institute of Standards and Technology -- Other Government Agency Involvement -- APPENDIX 7.2-SECURITY PRACTITIONERS -- NOTES -- 8 Research Topics and Funding -- A PROPOSED AGENDA FOR RESEARCH TO ENHANCE COMPUTER SECURITY -- DIRECTIONS FOR FUNDING SECURITY RESEARCH -- Funding by the Defense Advanced Research Projects Agency -- Funding by the National Science Foundation -- Promoting Needed Collaboration -- NOTES -- Bibliography -- Appendixes.

Appendix A The Orange Book -- Appendix B Selected Topics in Computer Security Technology -- ORANGE BOOK SECURITY -- Library Example -- Orange Book Security Models -- HARDWARE ENFORCEMENT OF SECURITY AND INTEGRITY -- VIPER Microprocessor -- Lock Project -- CRYPTOGRAPHY -- Fundamental Concepts of Encryption -- Private vs. Public Crypto-Systems -- Digital Signatures -- Cryptographic Checksums -- Public-Key Crypto-systems and Digital Signatures -- Key Management -- Algorithms -- One-Time Pads -- Data Encryption Standard -- RSA -- PROTECTION OF PROPRIETARY SOFTWARE AND DATABASES -- USE OF PASSWORDS FOR AUTHENTICATION -- NETWORKS AND DISTRIBUTED SYSTEMS -- Security Perimeters -- Viruses -- Keeping a Virus Out -- Preventing Damage -- Providing and Using Vaccines -- Application Gateways -- What a Gateway Is -- Gateways as Access Control Devices -- Application Gateways as PAC Devices -- Routers as PAC Devices -- Conclusions About Gateways -- NOTES -- Appendix C Emergency Response Teams -- Appendix D Models for GSSP -- SETTING STANDARDS-PRECEDENTS -- Building Codes -- Underwriters Laboratories, Inc -- Financial Accounting Standards Board -- LESSONS RELEVANT TO ESTABLISHING GSSP -- Appendix E High-grade Threats -- NOTES -- Appendix F Glossary -- Appendix G List of Members of the Former Commission on Physical Sciences, Mathematics, and Resources.