[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[JYA] Trust in Cyberspace
- To: debate@fitug.de
- Subject: [JYA] Trust in Cyberspace
- From: ralf.stephan@fitug.de
- Date: Sun, 3 Jan 1999 10:02:14 +0100
- Comment: This message comes from the debate mailing list.
- Mail-Followup-To: debate@fitug.de
- Reply-To: stephan@tmt.de
- Sender: owner-debate@fitug.de
Den folgenden Untersuchungsbericht (der auch die schon publizierte
MEII/RAND-Ergebnisse enthält und zusammenfaßt) halte ich für ein
MUSS für jede/n, der auch nur marginal mit Security und Telefonnetz/
Internet zu tun hat. Monumentalwerk. Very recommended.
http://jya.com/tic.zip
_________________________________________________________________
Contents
PREFACE
Committee Composition and Process
Acknowledgements
EXECUTIVE SUMMARY
1 INTRODUCTION (40K)
Trustworthy Networked Information Systems
What Erodes Trust
This Study in Context
Scope of This Study
References
2 PUBLIC TELEPHONE NETWORK AND INTERNET TRUSTWORTHINESS (103K)
Network Design
The Public Telephone Network
Network Services and Design
Authentication
Progress of a Typical Call
The Internet
Network Services and Design
Authentication (and other Security Protocols)
Progress of a Typical Connection
Findings
Network Failures and Fixes
Environmental Disruption
Link Failures
Congestion
Findings
Operational Errors
Findings
Software and Hardware Failures
Finding
Malicious Attacks
Attacks on the Telephone System
Routing Attacks
Database Attacks
Facilities
Findings
Attacks on the Internet
Name Server Attacks
Routing System Attacks
Protocol Design and Implementation Flaws
Findings
Emerging Issues
Internet Telephony
Finding
Is the Internet Ready for "Prime Time"?
Findings
References
3 SOFTWARE FOR NETWORKED INFORMATION SYSTEMS (127K)
Introduction
Background
The Role of Software
Development of an NIS
System Planning, Requirements, and Top-Level Design
Planning and Program Management
Requirements at the System Level
Background
The System Requirements Document
Notation and Style
Where to Focus Effort in Requirements Analysis and
Documentation
Top-Level Design
Critical Components
The Integration Plan
Project Structure, Standards, and Process
Barriers to Acceptance of New Software Technologies
Findings
Building and Acquiring Components
Component-Level Requirements
Component Design and Implementation
Programming Languages
Systematic Reuse
COTS Software
The Changing Role of COTS Software
General Problems with COTS Components
Interfacing Legacy Software
Findings
System Integration
System Assurance
Review and Inspection
Formal Methods
Testing
System Evolution
Findings
References
4 REINVENTING SECURITY (132K)
Introduction
Evolution of Security Needs and Mechanisms
Access Control Policies
Shortcomings of Formal Policy Models
A New Approach
Findings
Identification and Authentication Mechanisms
Network-Based Authentication
Cryptographic Authentication
Token-Based Mechanisms
Biometric Techniques
Findings
Cryptography and Public-Key Infrastructure
Findings
The Key-Management Problem
Key-Distribution Centers
Certification Authorities
Actual Large-Scale KDC and CA Deployments
Public-Key Infrastructure
Findings
Network Access Control Mechanisms
Closed User Groups
Virtual Private Networks
Firewalls
Limitations of Firewalls
Guards
Findings
Foreign Code and Application-Level Security
The ActiveX Approach
The Java Approach
Findings
Fine-Grained Access Control and Application Security
Findings
Language-Based Security: Software Fault Isolation and Proof
Carrying Code
Findings
Denial of Service
Findings
References
5 TRUSTWORTHY SYSTEMS FROM UNTRUSTWORTHY COMPONENTS (46K)
Introduction
Replication and Diversity
Amplifying Reliability
Amplifying Security
Findings
Monitor, Detect, Respond
Limitations in Detection
Response and Reconfiguration
Perfection and Pragmatism
Findings
Placement of Trustworthiness Functionality
Public Telephone Network
Internet
Minimum Essential Information Infrastructure
Findings
Nontraditional Paradigms
Finding
References
6 THE ECONOMIC AND PUBLIC POLICY CONTEXT (205K)
Risk Management
Risk Assessment
Nature of Consequences
Risk Management Strategies
Selecting a Strategy
Findings
Consumers and Trustworthiness
Consumer Costs
Direct Costs
Indirect Costs
Failure Costs
Imperfect Information
Issues Affecting Risk Management
Some Market Observations
Findings
Producers and Trustworthiness
The Larger Marketplace and the Trend Toward Homogeneity
Risks of Homogeneity
Producers and Their Costs
Costs of Integration and Testing
Identifying the Specific Costs Associated with
Trustworthiness
Time to Market
Other Issues
The Market for Trustworthiness
Supply and Demand Considerations
Findings
Standards and Criteria
The Character and Context of Standards
Standards and Trustworthiness
Security-Based Criteria and Evaluation
Findings
Cryptography and Trustworthiness
Export Controls
Key Recovery
Factors Inhibiting Widespread Cryptography Deployment
Cryptography and Confidentiality
Findings
Federal Government Interests in NIS Trustworthiness
Public-Private Partnerships
The Changing Market-Government Relationship
Findings
The Roles of the NSA, DARPA, and other Federal Agencies in NIS
Trustworthiness Research and Development
National Security Agency
Partnerships with Industry
R2 Program
Issues for the Future
Findings
Defense Advanced Research Projects Agency
Issues for the Future
Findings
References
Notes
7 CONCLUSIONS AND RESEARCH RECOMMENDATIONS (40K)
Protecting the Evolving Public Telephone Network
Meeting the Urgent Need for Software that Improves Trustworthiness
Reinventing Security for Computers and Communications
Building Trustworthiness from Untrustworthy Components
Social and Economic Factors that Inhibit the Deployment of
Trustworthy Technology
Implementing Trustworthiness Research and Development, the Public
Policy Role
APPENDIXES (132K)
A Study Committee Biographies
B Briefers to the Committee
C Workshop Participants and Agenda
D List of Position Papers Prepared for the Workshop
E Trends in Software
F Some Related Trustworthiness Studies
G Some Operating System Security Examples
H Types of Firewalls
I Secrecy of Design
J Research in Information System Security and Survivability Funded
by the NSA and DARPA
K Glossary
_________________________________________________________________
This is the tale of the infosys folk:
Multics to UNIX to DOS.
We once had protection that wasn't a joke
Multics to UNIX to DOS.
Now hackers and crackers and similar nerds
Pass viruses, horses, and horrible words
Through access controls that are for the birds.
Multics to UNIX to DOS.
With apologies to Franklin P. Adam.
_________________________________________________________________
ralf
--
Evolution breeds not a single winner, but diversity.
http://www.tmt.de/~stephan/