Information Protection SEI Curriculum Module SEI - CM - 5 - 1 . 2 ( Preliminary ) July 1987

This note explores the problem of confin-Hoffman82ing a program during its execution so that it cannotHoffman, L. Impacts of Information System Vul-transmit information to any other program exceptnerabilities on Society. National Computerits caller. A set of examples attempts to stake out theConference. AFIPS, 1982, 461-467.boundaries of the problem. Necessary conditions for a solution are stated and informally justified. Kam79This famous paper introduces the "confinementKam, J., and G. Davida. Structured Design ofproblem," which appears to be an unsolvableSubstitution-Permutation Encryption Networks.security problem involved in the use of a programIEEE Trans. Computers C-28, 10 (Oct. 1979).as a service. Many papers have cited this shortpaper, and its ramifications are widespread.This paper details the derivation of tables in theDES and is useful for understanding the nature ofLandwehr83the confusion and diffusion transforms as substitu-tion and permutation networks in the system, and Landwehr, C. The Best Available Technologies forreveals underlying design motivations.Computer Security. IEEE Computer 16, 7 (July1983).Kelly83Abstract: This concise overview of secure systemKelly, J. and A. Avizienis. A Specification Orienteddevelopments summarizes past and current projects,Multi-Version Software Experiment. Symposium ondeciphers computer security lingo, and offers ad-Fault Tolerant Computing. IEEE, 1983, 120-126.vice to prospective designers. Klein83Linde75Klein, M. Department of Defense Trusted Computer Linde, R. Operating System Penetration. NationalSystem Evaluation Criteria. Department of Defense, Computer Conference. AFIPS, 1975, 361-368.Fort Meade, Md. 20755, 1983.This paper introduces a wide variety of computerThis specification, commonly called the "Orangeprotection vulnerabilities that computer systemsBook" because of the color of the cover, specifieshave long been vulnerable to. Many of these attacksthe criterion by which the US military, and de facto,have been further clarified by theoretical models,the rest of the government and industry, evaluatebut the presentation makes it clear that ad hoc pro-operating system protection mechanisms. The docu-tection mechanisms will never suffice, and that ament was formed as the result of many years oftheoretically sound protection is required if we arework by a large group of internationally known ex-to trust a system.perts in the security fields, and comprises a con-solidation of the state of the art in understanding the Littlewood84criterion by which such systems should be evaluLittlewood, B., and P. Keiller. Adaptive Softwareated as of 1983. A number of classes of security areReliability Modelling. Symposium on Fault Toler-defined in terms of their ability to prevent attack,ant Computing. IEEE, 1984, 108-113.and the degree to which they can be demonstratedto do so. The concept of "multilevel" security isintroduced, and a number of good references areMcCauley79provided.McCauley, E. and P. Drongowski. KSOS The De-sign of a Secure Operating System. National Com-Knight78puter Conference. AFIPS, 1979, 345-353. Knight, H. Cryptanalyst’s Corner. Cryptologia 2, 1This paper describes the design of a secure operat-(Jan. 1978), 68-74.ing system. It gives details of the design and anal-ysis techniques as well as information on the struc-This paper details a classification scheme forture of the system and what was involved in testing,ciphers and cryptosystems, and details some of theimplementation, and operation. This is particularlystatistical techniques used in breaking thevaluable for those interested in the design of operat-"unknown" cipher. An entire series of articles fol-ing systems protection.low this one, and may be of interest for individualclasses or students. SEI-CM-5-1.2 (Preliminary)17 Information Protection 1975), 220-223.Merkle80 Merkle, R. Protocols for Public Key Systems.Abstract: This paper presents and discusses theSymposium on Security and Privacy. IEEE, 1980.rationale behind a method for structuring complex computing systems by the use of what we term "recovery blocks," "conversations," and "fault-Moore56tolerant interfaces." The aim is to facilitate the pro-Moore, E., and C. Shannon. Reliable Circuits Usingvision of dependable error detection and recoveryLess Reliable Relays. J. Franklin Inst. , 262 (Sept.facilities which can cope with errors caused by1956), 191-208.residual design inadequacies, particularly in the system software, rather than merely the occasionalNBS77malfunctioning of hardware components.National Bureau of Standards. Data EncryptionStandard. US Govt. Printing Office, 1977. FIPS Rivest78PUB 46.Rivest, R., A. Shamir, and L. Adleman. A Methodfor Obtaining Digital Signatures and Public KeyThis document is the standard released from the Na-Cryptosystems. Comm. ACM 21, 2 (Feb. 1978).tional Bureau of Standards (NBS) that formally de-fines the Data Encryption Standard (DES) cryp-Abstract: An encryption method is presented withtosystem, which is probably the most widely usedthe novel property that publicly revealing ancryptosystem in the world at present.encryption key does not thereby reveal the corresponding decryption key. This has two importantNeedham78consequences: (1) Couriers or other secure meansNeedham, R., and M. Schroeder. Using Encryptionare not needed to transmit keys, since a message can be enciphered using an encryption key publiclyfor Authentication in a Large Network of Com-revealed by the intended recipient. Only he canputers. Comm. ACM 21, 12 (Dec. 1978), 993-999.decipher the message, since only he knows the cor-Abstract: Use of encryption to achieve authen-responding decryption key. (2) A message can beticated communication in computer networks is dis-"signed" using a privately held decryption key.cussed. Example protocols are presented for the es-Anyone can verify this signature using the cor-tablishment of authenticated connections, for theresponding publicly revealed encryption key. Sig-management of authenticated mail, and for sig-natures cannot be forged, and a signer cannot laternature verification and document integritydeny the validity of his signature. This has obviousguarantee. Both conventional and public-keyapplications in "electronic mail" and "electronicencryption algorithms are considered as the basisfunds transfer" systems. A message is encrypted byfor protocols.representing it as a number M, raising M to a publicly specifiied power e, and then taking the remainder when the result is divided by the publiclyPopek75specified product, n, of two large secret prime num-Popek, G., and C. Kline. A Verifiable Protectionbers p and q. Decryption is similar; only a differ-System. Reliable Software Design. IEEE, 1975,ent, secret, power d is used, where e*d = 1 (mod294-304.(p-1)*(q-1)). The security of the system rests in part on the difficulty of factoring the published divisor,Popek79n.Popek, G., M. Kampe, C. Kline, A. Stoughton,This famous paper is the basis for every presentlyM. Urban, and E. Walton. UCLA Secure UNIX.unbroken public key cryptosystem. An encryptionNational Computer Conference. AFIPS, 1979,method is presented with the novel property that355-364.publicly revealing an encryption key does not thereby reveal the corresponding decryption key.This paper describes the design of a secure operat-This has two important consequences: (1) encryp-ing systems. It gives details of the design and anal-tion keys may be distributed in the clear and (2)ysis techniques as well as information on the struc-electronic signatures by the owner of the decryptionture of the system and what was involved in testing,key may be publicly verified, but not forged, andimplementation, and operation. This is particularlynot denied by the signer. The security of the systemvaluable for those interested in the design of operat-is based on the difficulty of factoring the product ofing systems protection.two large primes, a longstanding mathematical problem that appears to hold sufficient complexityRandell75as to allow breaking the system to be sufficientlyRandell, B. System Structure for Software Fault Tol-complex. A breakthrough in the generation of largeerance. IEEE Trans. Software Eng. SE-1, 2 (Juneprimes allows the complexity of generating these 18SEI-CM-5-1.2 (Preliminary) Information Protection primes to be made sufficiently fast as to be prac-control over the workstation, and because of thetical.manner in which it spread, rebooting the worksta-tion only reloaded the worm. Eventually most ofthe entire nationwide network had to be shut down,Scott84and a restart of the network from backups at a cen-Scott, R., J. Gault, D. McAllister, and J. Wiggs. Ex-tral cite had to be used.perimental Validation of Six Fault Tolerant SoftwareReliability Models. Symposium on Fault TolerantSiewiorek82Computing. IEEE, 1984, 102-107.Siewiorek, D., and R. Swarz. The Theory and Prac-tice of Reliable System Design. Digital Press, Bed-Shamir79ford, MA, 1982.Shamir, A. How to Share a Secret. Comm. ACM 22,11 (Nov. 1979), 612-613.Simmons81Abstract: In this paper we show how to divide data Simmons, G. Verification of the Nuclear Test BanD into n pieces in such a way that D is easily Treaty. Oakland Conference on Computer Security.reconstructable from any k pieces, but even comIEEE, Aug., 1981.plete knowledge of k-1 pieces reveals absolutely noinformation about D. This technique enables theThis paper describes the use of the RSA cryptosys-construction of robust key management schemes fortem in conjunction with cryptographic protocols tocryptographic systems that can function securelysolve the problem of verification of the nuclear testand reliably even when misfortunes destroy half theban treaty. Many interesting problems are presentedpieces and security breaches expose all but one ofand the solution actually used in this case isthe remaining pieces.presented for world wide inspection. Shannon48Suzuki75Shannon, C. A Mathematical Theory of CommuniSuzuki, N. Verifying Programs by Algebraic andcations. Bell Systems Tech. J. 27, 3 (July 1948).Logical Reduction. Conference on ReliableSoftware. IEEE, 1975, 473-481.Shannon49 Shannon, C. Communications Theory of Secrecy Thompson84Systems. Bell Systems Tech. J. 28 (1949), 656-715. Thompson, K. Reflections on Trusting Trust.Comm. ACM 27, 8 (Aug. 1984), 761-763.Shoch82Abstract: To what extent should one trust a state-Shoch, J., and J. Hupp. The ’Worm’ Programs -ment that a program is free of Trojan horses? Per-Early Experience with a Distributed Computation.haps it is more important to trust the people whoComm. ACM 25, 3 (March 1982), 172-180.wrote the software. Abstract: The "worm" programs were an exper-Tompkins84iment in the development of distributed computaThe "worm" programs were an exper-Tompkins84iment in the development of distributed computations: programs that span machine boundaries andTompkins, J. Report on Computer Crime. Americanalso replicate themselves in idle machines. A Bar Association, 1984."worm" is composed of multiple "segments," eachThis is a well known report on computer crime fromrunning on a different machine. The underlyingthe Criminal Justice Section of the American Barworm maintenance mechanisms are responsible forAssociation. It details a case study of computermaintaining the worm-finding free machines whencrime among many segments of the society, includ-needed and replicating the program for each addi-ing business, government, education, and the publictional segment. These techniques were successfullyat large. It is perhaps the most detailed and rigorousused to support several real applications, rangingstudy of its kind, and it presents conclusions that arefrom a simple multimachine test program to a moreeye-opening in terms of the scope and degree of thesophisticated real-time animation system harness-computer crime problem.ing multiple machines. This paper reports on the accidental securityVoelcker86ramifications of the Xerox worm program. This pro-Voelcker, J., and P. Wallich. How Disks aregram was designed to do multiprocessing on a net-’Padlocked’. IEEE Spectrum 23, 6 (June 1986),work of processors that could be taken over at any32-40.time for use as personal workstations. A bit erroraccidentally caused the program to refuse to give upThis paper provides broad coverage of legal aspects SEI-CM-5-1.2 (Preliminary)19 Information Protection involved with software licensing and protection offloppy disks. It is interesting reading, requires littletime and effort, and is suitable for increasing aware-ness.