A survey of security issues in office computation and the application of secure computing models to office systems

With the proliferation of office information systems (OIS) into almost every area of industry and government, it is important to design systems that offer a guarantee of privacy and security to their users. The same solutions and research pertaining to traditional data-processing environments cannot, in most cases, be applied directly to the OIS envitonment. Many OIS do not provide the hardware/software controls necessary to protect information from anyone who gains physical access to the system. Furthermore, users of an OIS cannot be expected to possess a clear understanding of the system, its operating characteristics, or even the implication of interconnecting component devices. This paper examines the typical OIS environment with a view toward the provision of a secure operating architecture. Important security problems faced by OIS are enumerated and explained. We argue that the OIS environment presents a different problem to solve in a security sense from when working with a traditional nondistributed system. Existing solutions found in large scale operating systems and networks cannot simply be scaled down and moved to an OIS, if for no other reason than the architecture's inability to support locks and multiple system states. An architecture of both software and hardware controls must be built for this new environment using concepts from large scale operating systems but recognizing the limitations and constraints of OIS. While we emphasize the security issues, we look at alternative technologies that can be combined to provide a solution.

[1]  Peter J. Denning,et al.  Computers under attack: intruders, worms, and viruses , 1991 .

[2]  Hossein Saiedian,et al.  An Object-Based Approach to the Specification of Office Entities , 1989, Great Lakes Computer Science Conference.

[3]  Jr. Rayford B. Vaughn A security architecture for office automation systems , 1988 .

[4]  Theodore A. Linden,et al.  Authentication in office system internetworks , 1983, TOIS.

[5]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[6]  Lance J. Hoffman,et al.  A survey of issues in computer network security , 1986, Comput. Secur..

[7]  Morrie Gasser,et al.  Security Kernel Design and Implementation: An Introduction , 1983, Computer.

[8]  Stephen T. Walker Network Security Overview , 1985, 1985 IEEE Symposium on Security and Privacy.

[9]  Joyce K. Reynolds,et al.  The Helminthiasis of the Internet , 1989, Comput. Networks ISDN Syst..

[10]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[11]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[12]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[13]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[14]  D. Elliott Bell Secure Computer Systems: A Refinement of the Mathematical Model , 1974 .

[15]  Selim G. Aki Digital signatures: A tutorial survey , 1983, Computer.

[16]  F. H. Lochovsky,et al.  User Interface Design , 1985 .

[17]  Dr. Clarence A. Ellis,et al.  Design of Office Information Systems , 1987, Surveys in Computer Science.

[18]  Andrew S. Tanenbaum,et al.  Computer Networks , 1981 .

[19]  Deborah Estrin Controls for Interorganization Networks , 1987, IEEE Transactions on Software Engineering.

[20]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[21]  David Alan Hanson,et al.  Data security , 1979, ACM-SE 17.

[22]  Deborah Estrin Non-Discretionary Controls for Inter-Organization Networks , 1985, 1985 IEEE Symposium on Security and Privacy.

[23]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[24]  Clarence A. Ellis,et al.  Office Information Systems and Computer Science , 1980, CSUR.

[25]  Niv Ahituv,et al.  Approaches to handling "Trojan Horse" threats , 1986, Comput. Secur..

[26]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[27]  Andrew Doswell,et al.  Office Automation , 1983 .