The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments (1998)

Cached

Download Links

by Peter A. Loscocco , Stephen D. Smalley , Patrick A. Muckelbauer , Ruth C. Taylor , S. Jeff Turner , John F. Farrell

Venue:	In Proceedings of the 21st National Information Systems Security Conference
Citations:	69 - 4 self

BibTeX

@INPROCEEDINGS{Loscocco98theinevitability,
    author = {Peter A. Loscocco and Stephen D. Smalley and Patrick A. Muckelbauer and Ruth C. Taylor and S. Jeff Turner and John F. Farrell},
    title = {The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments},
    booktitle = {In Proceedings of the 21st National Information Systems Security Conference},
    year = {1998},
    pages = {303--314}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

National Security Agency Although public awareness of the need for security in computing systems is growing rapidly, current efforts to provide security are unlikely to succeed. Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. In reality, the need for secure operating systems is growing in today’s computing environment due to substantial increases in connectivity and data sharing. The goal of this paper is to motivate a renewed interest in secure operating systems so that future security efforts may build on a solid foundation. This paper identifies several secure operating system features which are lacking in mainstream operating systems, argues that these features are necessary to adequately protect general application-space security mechanisms, and provides concrete examples of how current security solutions are critically dependent on these features.

Citations

1134	Security architecture for the internet protocol - Kent, Atkinson - 1998
537	The protection of information in computer systems - Saltzer, Schroeder - 1975
339	A note on the confinement problem - Lampson
326	Kerberos: An authentication service for computer networks - Neuman, Ts’o - 1994
266	D.: Role-based access control - Ferraiolo, Kuhn - 1992
141	The Kerberos Network Authentication Service (V5 - Kohl, Neuman - 1993
128	Applied Cryptography (2nd Edition - Schneier - 1996
120	A practical alternative to hierarchical integrity policies - Boebert, Kain - 1985
109	Limitations of the Kerberos authentication system - Bellovin, Merritt - 1991
89	Building a secure computer system - Gasser
57	Java Security: Present and Near Future - Gong - 1997
55	Public Key Cryptography for Initial Authentication - Tung
47	Network firewalls - Bellovin, Cheswick - 1994
45	Building Internet Firewalls - Chapman, Zwicky - 2000
34	Operating System Structures to Support Security and Reliable - Linden - 1976
32	Providing Policy Control Over Object Operations in a Mach Based System - Minear - 1995
30	Secure applications need flexible operating systems - Maziéres, Kaashoek - 1997
26	Distributed Authentication in Kerberos Using Public Key Cryptography - Sirbu, Chuang - 1997
21	WWW electronic commerce and Java Trojan horses - Tygar, Whitten - 1996
20	The Emperor’s Old Armor - Blakley - 1996
16	Fortresses built upon sand - Baker - 1996
16	Developing applications on lock - O’BRIEN, ROGERS - 1991
15	Computer Security Technology Planning Study,” U.S. Air Force Electronic Systems Division - Anderson - 1972
12	Department of Defense Trusted Computer System Evaluation Criteria - 28-STD - 1985
10	et al., "Authentication in Distributed Systems: Theory and Practice - Lampson, Abadi - 1992
10	The DCE Web Project: Providing Authorization and Other Distributed Services to the World Wide Web - Lewontin, Zurko - 1995
9	Murphy’s Law and Computer Security - Venema - 1996
7	Web Security and Commerce. O’Reilly and Associates - Garfinkel - 1997
7	When java was one: Threats from hostile byte code - Ladue - 1997
6	et al. Microkernels meet recursive virtual machines - Ford - 1996
5	A Further Note on the Confinement Problem - Boebert, Kain - 1996
5	Kerberos Plus RSA for World Wide Web Security - Davis - 1995
4	et al. Information Security: An Integrated Collection of Essays - Abrams - 1995
4	et al., \Practical domain and type enforcement for UNIX - Badger
3	et al. A Secure Environment for Untrusted Helper Applications - Goldberg - 1996
3	L4 reference manual - Liedtke - 1996
3	et al., Public Key Utilizing Tickets for Application Servers (PKTAPP - Medvinsky - 1997
3	Authentication of Unknown Entities on an Insecure Network of Untrusted Workstations - Neuman, Steiner - 1988
3	Malicious Data and Computer Security - Sibert - 1996
3	Analysis of the SSL 3.0 - Wagner, Schneier - 1996
3	et al. Extensible security architectures for Java - Wallach - 1997
2	DTE Firewalls, Initial Measurement and Evaluation Report. Trusted Information Systems - Badger - 1997
2	Integrating Cryptography into Trusted Systems: A Criteria Approach - Brierley - 1992
2	et al. Protection in Operating Systems - Harrison - 1976
2	et al. Blocking Java Applets at the Firewall - Martin - 1997
2	An Empirical Study of a Wide-Area Distributed System - Spasojevic, Satyanarayanan - 1996
2	MISSI B-level Windows NT Feasibility Study Final Report - Sutton, Hinrichs - 1996
1	at al. Basic Flaws - Brewer - 1995
1	et al. Java Security: From HotJava to Netscape and Beyond - Dean - 1996
1	et al. Security Mechanism Independence - Eisler - 1996