Secure system development in industry: a perspective from Digital Equipment

Secure system development in industry: a perspective from Digital Equipment

Three types of threat to computer and network security, namely user irresponsibility, probing, and penetration, are examined and their implications for product development are assessed. These implications are compared to the US Trusted Computer System Evaluation Criteria, with the finding that syste...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gasser, M., Lipner, S.B.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer aided manufacturing
Computer networks
Computer security
Cryptography
Government
Intelligent networks
Local area networks
Manufacturing industries
National security
Product development
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Three types of threat to computer and network security, namely user irresponsibility, probing, and penetration, are examined and their implications for product development are assessed. These implications are compared to the US Trusted Computer System Evaluation Criteria, with the finding that systems of evaluation class C2 are required throughout the customer base of a large commercial manufacturer. Enhancement of the security of such systems to class B1 is found to be both practical and useful to customers in both the national security and commercial sectors. The longer-term prospects for systems at higher evaluation classes are also examined. In the area of network security, the requirements of local and long-haul networks are examined, and roles of link and end-to-end encryption products characterized. The prospects for general commercial network security products and their relationship to national security requirements are examined.< >
DOI:10.1109/ACSAC.1988.113428