SAFECOMP ’93 pp 313-325 | Cite as

How Far Can You Trust A Computer?

  • Carl E. Landwehr
Conference paper


The history of attempts to secure computer systems against threats to confidentiality, integrity, and availability of data is briefly surveyed, and the danger of repeating a portion of that history is noted. Areas needing research attention are highlighted, and a new approach to developing certified systems is described.


Security Policy Security Requirement Computer Security Naval Research Laboratory Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hodges A. Alan Turing: the enigma. Simon and Schuster, New York, 1983.zbMATHGoogle Scholar
  2. 2.
    Sandhu R. On four definitions of data integrity. In: Keefe, T (ed) Proc. IFIP WG11.3 seventh working conf. on database security, Sept., 1993 (to appear as Database Security VII: Status and Prospects, Elsevier, 1994).Google Scholar
  3. 3.
    Linde R. Operating system penetration. In: Proc. National Computer Conference, 1975. AFIPS Press, Montvale, N.J., 1975, pp 361–368.Google Scholar
  4. 4.
    Neumann P G. Computer security evaluation. In: Proc. National Computer Conference, 1978. AFIPS Press, Montvale, N.J., 1978, pp 1087–1095.Google Scholar
  5. 5.
    Bisbey R. Personal communication. 26 July 1990.Google Scholar
  6. 6.
    Landwehr C E, Bull A R, McDermott J P, Choi W S. A taxonomy of computer program security flaws with examples. NRL Report (forthcoming), Naval Research Laboratory, Washington DC, 1993.Google Scholar
  7. 7.
    Anderson J P. Computer security technology planning study (vols I and II). ESD-TR-73-51, Hanscom Field, Bedford MA; NTIS AD 758 206, 1972.CrossRefGoogle Scholar
  8. 8.
    Gasser M. Building a secure computer system. Van Nostrand Reinhold, New York, 1988.Google Scholar
  9. 9.
    Lipner S B. Criteria, evaluation, and the international environment: where have we been, where are we going? In: Lindsay and Price (ed), Proc. IFIP-SEC 91, Brighton, England. Elsevier — North Holland, 1991.Google Scholar
  10. 10.
    Craigen D, Gerhart S, Ralston T. An international survey of industrial applications of formal methods. NRL Report 9554, Naval Research Laboratory, Washington DC, 1993.Google Scholar
  11. 11.
    Gray J W. On introducing noise into the bus-contention channel. In: Proc. 1993 IEEE CS Symp. on Research in Security and Privacy. IEEE Computer Society Press, 1993, pp 90–99.Google Scholar
  12. 12.
    Millen J K. A resource allocation model for denial of service. In: Proc. 1992 IEEE CS Symp. on Research in Security and Privacy. IEEE Computer Society Press, 1992, pp 137–147.Google Scholar
  13. 13.
    Landwehr C E, Heitmeyer C L, McLean J. A security model for military message systems. ACM Trans. on Computer Systems 1984; 2(3):198–222.CrossRefGoogle Scholar
  14. 14.
    Froscher J N, Carroll J M. Security requirements of Navy embedded computers. NRL Memorandum Report 5425, Naval Research Laboratory, Washington DC, 1984.Google Scholar
  15. 15.
    Payne C N, Froscher J N, Landwehr C E. Toward a comprehensive INFOSEC certification methodology. In: Proc. 16th National Computer Security Conference. National Institutes of Standards and Technology / National Computer Security Center, Baltimore, MD, Sept. 1993.Google Scholar

Copyright information

© Springer-Verlag London Limited 1993

Authors and Affiliations

  • Carl E. Landwehr
    • 1
  1. 1.Center for High Assurance Computing SystemsNaval Research LaboratoryWashingtonUSA

Personalised recommendations