Design Principles for Security

Abstract : As a prelude to the clean-slate design for the SecureCore project, the fundamental security principles from more than four decades of research and development in information security technology were reviewed. As a result of advancing technology, some of the early "principles" required re-examination. For example, previous worked examples of combinations of hardware, and software may have encountered problems of performance and extensibility, which may no longer exist in today's environment. Moore's law in combination with other advances has yielded better performance processors, memory and context switching mechanisms. Secure systems design approaches to networking and communication are beginning to emerge and new technologies in hardware-assisted trusted platform development and processor virtualization open hither to previously unavailable possibilities. The results of this analysis have been distilled into a review of the principles that underlie the design and implementation of trustworthy systems.

[1]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[2]  C.E. Irvine,et al.  The Trusted Computing Exemplar project , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[3]  Edsger W. Dijkstra,et al.  The structure of the “THE”-multiprogramming system , 1968, CACM.

[4]  Dorothy E. Denning,et al.  Element-level classification with A1 assurance , 1988, Comput. Secur..

[5]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[6]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[7]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[8]  Jerome H. Saltzer,et al.  A hardware architecture for implementing protection rings , 1972, CACM.

[9]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[10]  G. K. Smelser The structure of the eye , 1961 .

[11]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  Jerome H. Saltzer,et al.  The Multics kernel design project , 1977, SOSP '77.

[13]  Philippe A. Janson Using type-extension to organize virtual-memory mechanisms , 1981, OPSR.

[14]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[15]  J. K. Millen,et al.  The cascading problem for interconnected networks , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[16]  Carleen Maitland,et al.  Trust in cyberspace , 2000 .

[17]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[18]  Cynthia E. Irvine,et al.  Preliminary Security Requirements for SecureCore Hardware , 2006 .

[19]  Peter G. Neumann,et al.  Principled assuredly trustworthy composable architectures , 2003 .

[20]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[21]  Mary Shaw,et al.  Global variable considered harmful , 1973, SIGP.

[22]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[23]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..