论文信息 - Computer security: The long road ahead

Computer security: The long road ahead

When securing extant data-processing systems and networks, one is confronted with a serious conflict between theory and practice. While theory provides watertight strategies for securing data processing, defining proper naming conventions, using passwords responsibly, inspecting log-data sets effectively, and selecting only programs which are secure, practice shows many pitfalls. It is fact, that many well-intentioned security projects fail due to an unrealistic approach, lack of manpower and ill-assigned priorities. Equally, data can hardly be classified due to historical pollution and many users flout security rules, e.g. those concerning passwords. Moreover, weaknesses are introduced by lack of proper auditing tools, by micro-mainframe links, and by sloppiness of staff. This paper will critically review the gap between theory and practice, and will justify some bold statements by quoting examples from the author's practice.

[1] I. S. Herschberg,et al. The programmer's threat: Cases and causes , 1984, Comput. Secur..

[2] I. S. Herschberg,et al. How to control MVS user supervisor calls , 1986, Comput. Secur..

[3] Ronald Paans. A Close Look at MVS Systems: Mechanisms, Performance and Security , 1987, Int. CMG Conference.

[4] R L Brown,et al. Computer system access control using passwords , 1984 .

[5] I. S. Herschberg,et al. A topology for secure MVS systems , 1984, Comput. Secur..

[6] Ulrich Sieber. The international handbook on computer crime , 1986 .

[7] Jerome Lobel. The state-of-the-art in computer security , 1983, Comput. Secur..

[8] F. Buurmeijer. IBM's data security strategy: Some implementation aspects , 1984, Comput. Secur..

[9] CharlesCresson Wood,et al. Administrative controls for password-based computer access control systems , 1986 .

[10] I. S. Herschberg. The hackers' comfort , 1987, Comput. Secur..