skip to main content
10.1145/1500774.1500831acmotherconferencesArticle/Chapter ViewAbstractPublication PagesafipsConference Proceedingsconference-collections
research-article
Free access

Private sector needs for trusted/secure computer systems

Published: 07 June 1982 Publication History

Abstract

Computer systems that have been subjected to formal verification of correctness of their access control mechanisms and that can provide multilevel security are called trusted systems. Their prototypes are now being developed under government programs and, to a much lesser scale, as a part of vendors' in-house research and development. While the need for trusted systems in national defense applications is well known, the need for trusted systems in private sector's business and industrial applications has been largely unexplored. This paper identifies several generic types of needs and incentives for the use of trusted systems, such as maintaining management control, complying with regulatory requirements, protecting computer representations of assets and resources, assuring safety and integrity, realizing certain operational economies, and enhancing marketing advantage or public image. It then examines the private sector's aspects of these generic needs, as well as disincentives that may surface. The paper concludes with an assessment of the prospects for commercial availability of trusted systems and the vendors' incentives for developing and marketing these systems.

References

[1]
Walker, S. T. DoD Computer Security Initiative: A Status Report and R&D Plan, Information Systems Directorate, Assistant Secretary of Defense, Communications, Command, Control, and Intelligence, Department of the Defense, Washington, D.C., March 1981.
[2]
Walker, S. T. "The Advent of Trusted Operating Systems." AFIPS, Proceedings of the National Computer Conference (Vol. 49), 1980, pp. 655--665.
[3]
Proceedings of the Seminar on the DoD Computer Security Initiative Program, National Bureau of Standards, Gaithersburg, Md., July 17--18, 1979.
[4]
Proceedings of the Second Seminar on the DoD Computer Security Initiative Program, National Bureau of Standards, Gaithersburg, Md., January 15--17, 1980.
[5]
Turn, R. Trusted Computer Systems: Needs and Incentives for Use in the Government and the Private Sector. R-2811-DR&E, The Rand Corporation, Santa Monica, California, June 1981.
[6]
Nibaldi, G. M. Proposed Technical Evaluation Criteria for Trusted Computer Systems. M79-225, The MITRE Corporation, Bedford, Massachusetts, October 25, 1979.
[7]
Schell, R. R. "Security Kernel Design Methodology." Proceedings of the Seminar on the DoD Initiative Program. National Bureau of Standards, Gaithersburg, Md., July 17--19, 1979, pp. E-1-E-21.
[8]
Anderson, J. P. Computer Security Technology Planning Study. ESD-TR-73-51 USAF Electronics System Division, Hanscom AFB, Massachusetts, October 1972.
[9]
Ware, W. H. (ed.) Security Controls for Computer Systems. R-609, The Rand Corporation, Santa Monica, California, February 1970.
[10]
Trotter, E. T., and P. S. Tasker. Industry Trusted Computer System Evaluation Process. MTR-3931, The MITRE Corporation, Bedford, Massachusetts, May 1, 1980.
[11]
Jacks, E. L. "Computer Security Interest in the Private Sector." Proceedings of the Second Seminar on the DoD Computer Security Initiative Program. National Bureau of Standards, Gaithersburg, Md., January 15--17, 1980, pp. E-1-E-10.
[12]
Parker, D. B. Crime by Computer. New York: Scribner, 1976.
[13]
Taber, J. K. On Computer Crime (Senate Bill S.240), Computer/Law Journal, 1 (1979), pp. 517--543.
[14]
Personal Privacy in an Information Society. Report of the Privacy Protection Study Commission, Washington, DC, July 1977.
[15]
Russell, S. H., T. S. Eason, and J. M. Fitzgerald. System Auditability and Control Study: Data Processing Control Practices Report. SRI International for the Institute of Internal Auditors, Altamonte Springs, Florida, 1977.
[16]
Ruder, B., T. S. Eason, M. E. See, and S. H. Russell. Systems Auditability and Control Study: Data Processing Audit Practices Report. SRI International for the Institute of Internal Auditors, Altamonte Springs, Florida, 1977.
[17]
Statement of Management on Internal Accounting Controls. Securities and Exchange Commission, Federal Register, 45, (1980), p. 40134ff.
[18]
Turn, R. (ed.) Transborder Data Hows: Concerns in Privacy Protection and Free Flow of Information. Arlington, Virginia: AFIPS Press, 1979.
[19]
Convention on Protection of Individuals with Regard to Automatic Processing of Personal Data. Council of Europe, Strassbourg, France, January 28, 1981.
[20]
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris: OECD, 1980.
[21]
The Dimensions of Privacy. Sentry Insurance Company, Stevens Point, Wisconsin, 1978.
[22]
Nibaldi, G. H. Specification of A Trusted Computer Base (TCB). M79-28, The MITRE Corporation, Bedford, Massachusetts, November 30, 1979.

Cited By

View all
  • (1983)Resiliency of the computerized societyProceedings of the May 16-19, 1983, national computer conference10.1145/1500676.1500718(341-349)Online publication date: 16-May-1983
  1. Private sector needs for trusted/secure computer systems

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      AFIPS '82: Proceedings of the June 7-10, 1982, national computer conference
      June 1982
      857 pages
      ISBN:088283035X
      DOI:10.1145/1500774
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      • AFIPS: American Federation of Information Processing Societies

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 June 1982

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Research-article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)57
      • Downloads (Last 6 weeks)12
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (1983)Resiliency of the computerized societyProceedings of the May 16-19, 1983, national computer conference10.1145/1500676.1500718(341-349)Online publication date: 16-May-1983

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media