EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
829 Aug 2015 - 17:36ThomasMisa(minor)  
712 Nov 2014 - 09:41ThomasMisa 
612 Nov 2014 - 09:32ThomasMisa 
512 Nov 2014 - 09:28ThomasMisa 
403 Oct 2013 - 15:23norqu036? 
311 Jun 2013 - 12:36ThomasMisa 
225 Feb 2013 - 10:04NicLewis 
120 Feb 2013 - 09:13NicLewisAttached file tcsecorangebook.pdf 

Render style:     Context:

 History: r8 | r4 < r3 < r2 < r1
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Publications>ClassicPapersMattBishop (revision 2)

Matt Bishop Seminal Papers



lock Login Required to View Attachment

James. P. Anderson:

Computer Security Technology Planning Study (1972 | Volumes I lock PDF and II lock PDF): Seminal paper on computer security mechanisms.

Computer Security Threat Monitoring and Surveillance (1980 | lock PDF): Seminal paper on the use of auditing and logging for security.

David E. Bell and Leonard LaPadula:

Secure Computer System: Unified Exposition and Multics Interpretation (1975 | lock PDF): This was the final in a series of four papers in which David Bell and Leonard La Padula of the not-for-profit MITRE Corporation outlined a mathematical model for creating secure computing systems. The first two papers, both from 1973, produced a mathematical framework and model, while the third, from 1974, developed refinements and extensions to the model. This fourth paper was created in 1975, and published by the MITRE Corporation in 1976, to synthesize the foundations created in the preceding papers, and to provide a practical example of the security model using the then contemporaneous MULTICS operating system.

K. Biba:

Integrity Considerations for Secure Computer Systems (1975 | lock PDF): Seminal paper on integrity.

R. Bisbey II and D. Hollingworth:

Protection Analysis: Final Report (1978 | lock PDF): One of two seminal studies of computer system vulnerabilities.

Committee on Multilevel Data Management Security:

Multilevel Data Management Security (1983), Air Force Studies Board, Commission on Engineering and Technical Systems, National Research Council, National Academy Press: Popularly known as the "Woods Hole Report," this was a major, influential study of database security.

Department of Defense Computer Security Evaluation Center:

Trusted Computer System Evaluation Criteria (1982): First version of the TCSEC made available to the public. It is also called the Powder Blue TCSEC.

Trusted Computer System Evaluation Criteria (Orange Book) (1983, 1985 | PDF): Full version of the TCSEC that influenced study and development of systems.

B. DeWolf and P. Szulewski:

Final Report of the 1979 Summer Study on Air Force Computer Security (1979): Also called the Draper Report, this describes the state of the art at that time.

Ford Aerospace:

Secure Minicomputer Operating System (KSOS) (1978 | lock PDF): Describes an implementation of a provably secure operating system compatible with the UNIX operating system.

T. H. Hinke and Marvin Schaefer:

Secure Data Management System (Nov 1975), RADC-TR-75-266, Rome Air Dev. Center, AFSC, Griffiss AFB NY [NTIS AD A019201].

G. Jelen:

Information Security: An Elusive Goal (1985): Study arguing that no strategies for making secure products are promising.

Paul Karger and Roger Schell:

Multics Security Evaluation: Vulnerability Analysis (1974 | lock PDF): Described a number of attacks, including the trap-door compiler that Ken Thompson used so effectively in his Turing Award lecture.

T. Lee:

Processors, Operating Systems and Nearby Peripherals: A Consensus Report (Miami Report) (1980): First description of evaluation process and criteria.

T. Linden:

Operating System Structures to Support Security and Reliable Software (1976 | lock PDF): Described capability-based architectures.

P. Myers:

Subversion: The Neglected Aspect of Computer Security (1980 | lock PDF): Demonstrated how a Trojan horse could spread to secure system without the attacker having direct access to that system.

P. Neumann, et al:

A Provably Secure Operating System (1976 | Part 1 lock PDF | Part 2 lock PDF | Part 3 lock PDF): First formal design of a system, emphasizing proofs of design before implementation.

G. Nibaldi:

Proposed Technical Evaluation Criteria for Trusted Computer Systems (1979 | lock PDF): First evaluation criteria with levels (5 of them).

S. Padilla and T. Benzel:

Final Evaluation Report of SCOMP (Secure Communications Processor) (1985), Department of Defense Computer Security Center: First A1-rated system.

No Author:

Proceedings of the DoD Computer Security Center Invitational Workshop on Network Security (1985): Also called the New Orleans Workshop Report, this extensively discussed network security problem.

J. M. Schacht:

Jobstream Separator System Design (1975 | lock PDF).

Roger Schell, P. J. Downey, and G. J. Popek:

Preliminary Notes on the Design of Secure Military Computer Systems, (1973 | lock PDF).

W. L. Schiller:

The Design and Specification of a Security Kernel for the PDP-11/45 (1975 | lock PDF): First formal specification of a kernel satisfying the Bell-LaPadula model

K. G. Walter, W. F. Ogden, J. M. Gilligan, D. D. Schaeffer, S. L. Schaen, and D. G. Shumway:

Initial Structured Specifications for an Uncompromisable Computer Security System (July 1975), ESD-TR-75-82, ESD/AFSC, Hanscom AFB, Bedford, MA.

Willis Ware:

Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security (1970 | lock PDF): The paper that started it all, first raising computer security as a problem.

Carl Weissman:

System Security Analysis/Certification (1973): Introduced flaw hypothesis methodology.

J. Whitmore, A. Bensoussan, P. Green, D. Hunt, A. Robziar, and J. Stern:

Design for Multics Security Enhancements (1974 | lock PDF).

-- Main.lewi0740 - 19 Sep 2012

Topic attachments
I Attachment ActionSorted ascending Size Date Who Comment
pdfpdf tcsecorangebook.pdf manage 368.6 K 20 Feb 2013 - 09:04 NicLewis TCSEC (Orange Book)
Edit | WYSIWYG | Attach |  PDF |  History: r8 | r4 < r3 < r2 < r1 |  Backlinks |  Raw View | More topic actions...
Topic revision: r2 - 25 Feb 2013 - 10:04:09 - NicLewis
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback