The National Academies Press

Currently Skimming:

B Selected Topics in Computer Security Technology
Pages 246-275

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 246... ... ORANGE BOOK SECURITY A security policy is a set of rules by which people are given access to information and/or resources. Usually these rules are broadly stated, allowing them to be interpreted somewhat differently at various levels within an organization. Read the entire page →
From page 247... ... security concerns for protecting classified information from disclosure, especially in the face of Trojan horse attacks. Since it was under the auspices of DOD funding that the work in formal security policy models was carried out, it is not surprising that the emphasis was on models that reflected DOD requirements for confidentiality. Read the entire page →
From page 248... ... With the advent of trusted operating systems, these expensive computing resources could be shared among users who would develop and execute applications without requiring trust in each application to enforce the system security policy. This has become an accepted model for systems in which the primary security concern is disclosure of information and in which the information is labeled in a fashion that reflects its sensitivity. Read the entire page →
From page 249... ... While the Orange Book does not explicitly call out a set of integritybased access rules, it does require that B2-level: systems and those above execute out of a protected domain, that is, that the trusted computing base (TCB) itself be a protected subsystem. Read the entire page →
From page 250... ... The instruction set limits the amount of addressable memory to 1 megaword, with all access on word boundaries. There is no support for interrupts, stack processing, or micro-pipelining. Read the entire page →
From page 251... ... The security policy enforced by SIDEARM includes typeenforcement controls, providing configurable, mandatory integrity. That is, "types" can be assigned to data objects and used to restrict access to subjects that are performing functions appropriate to that type. Read the entire page →
From page 252... ... The LOCK architecture requires few but complex trusted software components, including a SIDEARM device driver and software that ensures that decisions made by the SIDEARM are enforced by existing host facilities such as a memory management unit. An important class of trusted software comprises "kernel extensions," security~ritical software that runs on the host to handle machine-dependent support, such as printer and terminal security labeling, and application-specific security policies, such as that required by a database management system. Read the entire page →
From page 253... ... Similarly, many encryption algorithms that appear to be very complicated are rendered ineffective by an improper choice of a key value. In a more practical sense, if the receiver forgets the key value or uses the wrong one, then the resulting message will probably be unintelligible, requiring additional effort to retransmit the message and/or the key. Read the entire page →
From page 254... ... An example of a symmetric, private-key crypto-system is the Data Encryption Standard (DES) (see below, "Data Encryption Standards. Read the entire page →
From page 255... ... Users are often intolerant of priorate encryption and decryption algorithms because they do not know how the algorithms work or if a "trapdoor" exists that would allow the algorithm designer to read the user's secret information. In an attempt to eliminate this lack of Bust, a number of crypto-systems have been developed around encryption and decryption algorithms based on fundamentally difficult problems, or one-way functions, that have been studied extensively by the research community. Read the entire page →
From page 256... ... Known methods for digital signatures are often based on computing a secure checksum (see below) of the input to be signed and then encrypting the checksum with the secret. Read the entire page →
From page 257... ... Public-Key Cryplo-systems and Digital Signatures Public-key crypto-systems offer a means of implementing digital signatures. In a public-key system the sender enciphers a message using the receiver's public key, creating ciphertextl. Read the entire page →
From page 258... ... The strength of one-time pad algorithms lies in the fact that separate random key values are used for each of the plaintext values being enciphered, and the stream of key values used for one message is never used for another, as the name implies. Assuming there is no relationship between the stream of key values used during the process, the cryptanalyst has to try every possible key value for every ciphertext value, a task that can be made very difficult simply by the use of different representations for the plaintext and key values. Read the entire page →
From page 259... ... ENCRYPTION: DECRYPTION: Plaintext 0101 0100 0100 0101 Key 0100 0001 0100 0001 Gphertext 0001 0101 0000 0100 Ciphertext 0001 0101 0000 0100 Key 0100 0001 0100 0001 Plaintext 0101 0100 0100 0101 FIGURE B.3 Encryption and decryption using the XOR function. Data Encryption Standard In 1972, the National Bureau of Standards (NBS; now the National Institute of Standards and Technology (NIST) Read the entire page →
From page 260... ... The Data Encryption Standard (DES) algorithm has four approved modes of operation: the electronic codebook, cipher block chaining, cipher feedback, and output feedback. Read the entire page →
From page 261... ... . RSA The RSA is a public key crypto-system, invented and patented by Ronald Rivest, Adi Shamir, and Leonard Adelman, that is based on large prime numbers (Rivest et al., 1978~. Read the entire page →
From page 262... ... Vendors supply programs for word processing, spreadsheets, game-playing programs, compilers, and so on, and these are systematically copied by pirate vendors and by private users. While large-scale pirate vendors may eventually be detected and stopped, there is no hope of preventing, through detection and legal action, the mass of individual users from copying from each other. Read the entire page →
From page 263... ... In the latter case the licensee organization may be held responsible, under certain circumstances, for not having properly guarded the proprietary rights of the vendor. Thus there is a security issue associated with the prevention of unauthorized use of proprietary software or databases legitimately installed in a computing system. Read the entire page →
From page 264... ... It may well be that in the future, when the sale of proprietary databases assumes economic significance, the possibility of abuse of proprietary rights by licensed organizations and authorized users will be an important issue. At that point an appropriate technology for resource control will be essential. Read the entire page →
From page 265... ... Some form of access control must be provided to prevent unauthorized persons from gaining access to a password list and reading or modifying the list. One way to protect passwords in internal storage is by a one-way hash. Read the entire page →
From page 266... ... If it passes electronic mail, then users can encode arbitrary programs or data in the mail and get them across the perimeter. But this is less likely to happen by mistake, and it is more difficult to do things inside the perimeter using only electronic mail than to do things using terminal connections or arbitrary network datagrams. Read the entire page →
From page 267... ... There are many places to hide a virus: the operating system, an executable program, a shell command file, or a macro in a spreadsheet or word processing program are only a few of the possibilities. In this respect a virus is just like a Trojan horse. Read the entire page →
From page 268... ... An important issue is distribution of the public key for verifying signatures (see "Digital Signatures," above) Read the entire page →
From page 269... ... They are ultimately out of date as soon as a new virus or a strain of a virus emerges. Application Gateways What a Gateway Is The term "gateway" has been used to describe a wide range of devices in the computer communication environment. Read the entire page →
From page 270... ... This access control facility can help mitigate Trojan horse concerns by constraining the telecommunication paths by which data can be transmitted outside an organization, as well as supporting concepts such as release authority, that is, a designated individual authorized to communicate on behalf of an organization in an official capacity. Both application gateways and routers can be used to enforce access control policies at network boundaries, but each has its own advantages and disadvantages, as described below. Read the entire page →
From page 271... ... This is because many such gateways require human intervention to select services in translating from one protocol suite to another, or because the application being supported intrinsically involves human intervention, for example, virtual terminal or interactive database query. In such circumstances it is straightforward for the gateway to enforce access control on an individual user basis as a byproduct of establishing a 'session" between the two protocol suites. Read the entire page →
From page 272... ... The secure messaging facilities defined in X.400 (CCI11, 1989a) allow for encrypted e-mail to transit MTAs without decryption, but only when the MTAs are operating as routers rather than as application gateways, for example, when they are not performing Content conversion" or similar invasive services. Read the entire page →
From page 273... ... If one "peeks" into layer-4 PCI, an eminently feasible violation of protocol layering for many layer-3 routers, one can effect somewhat finer-grained access control in some protocol suites. For example, in the TCP/IP suite one can distinguish among electronic mail, virtual terminal, and several other types of common applications through examination of certain fields in the TCP header. Read the entire page →
From page 274... ... Conclusions About Gateways Both application gateways and routers can be used to enforce access control at the interfaces between networks administered by different organizations. Application gateways, by their nature, tend to exhibit reduced performance and robustness, and are less transparent than routers, but they are essential in the heterogeneous protocol environments in which much of the world operates today. Read the entire page →
From page 275... ... For example, the string RDAQN QRHIH FECCA DRSWV KIKSS HSPAX CUBS conveys 34 characters of data to everyone who has "read" access to this transaction but conveys a significant amount of information only to those who know the richer context of cryptosystem and key. Readers are invited to determine the key from the substantial hint that the plaintext is THERE ARE MORE THINGS IN HEAVEN AND EARTH; solutions may be verified by transforming RCVQD ALCFV CLLLL DLSCK KRVKT BRVAO AVUA from data to information. Read the entire page →

From page 246...

... ORANGE BOOK SECURITY A security policy is a set of rules by which people are given access to information and/or resources. Usually these rules are broadly stated, allowing them to be interpreted somewhat differently at various levels within an organization.

B Selected Topics in Computer Security Technology Pages 246-275

B Selected Topics in Computer Security Technology
Pages 246-275