Bugtraq mailing list archives
NSA paper on computer security
From: kragen () POBOX COM (Kragen)
Date: Fri, 11 Dec 1998 17:31:13 -0500
"The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments", published by six NSA employees, was published at the 21st National Information Systems Security Conference in October, in Arlington, Virginia, USA. (See <URL:http://csrc.nist.gov/nissc/1998/> and <URL:http://csrc.nist.gov/nissc/1998/papers.html> for more on the conference.) The paper is available in HTML at <URL:http://www.jya.com/paperF1.htm> and in PDF at <URL:http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf>. It discusses, among other things: - why mandatory security mechanisms are useful outside the context of classification levels, even on single-user systems; - trusted-path mechanisms, like the PASSCRED stuff recently implemented in Linux and NT's Ctrl-Alt-Del login feature. -- <kragen () pobox com> Kragen Sitaker <http://www.pobox.com/~kragen/> Silence may not be golden, but at least it's quiet. Don't speak unless you can improve the silence. I have often regretted my speech, never my silence. -- Adam Rifkin, <adam () cs caltech edu>
Current thread:
- [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
- Call For Papers Marco de Vivo [UCV] (Dec 07)
- Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
- Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
- NSA paper on computer security Kragen (Dec 11)
- about the ip header id Salvatore Sanfilippo (Dec 14)
- Learning security Kevin M. Myer (Dec 14)
- Administrivia Aleph One (Dec 10)
- RealSystem passwords Guy Cohen (Dec 10)
- Titan 3.0 Released Aleph One (Dec 10)
- Vulnerability in IRIX fcagent daemon SGI Security Coordinator (Dec 10)
- Linux 2.0.36: The stuff that was 'fixed quietly' [Summary] Alan Cox (Dec 10)
- Microsoft Security Bulletin (MS98-018) Aleph One (Dec 10)