ment a very difficult enterprise indeed.30 Research is needed for developing meaningful security metrics.

Intelligence Gathering. Given the rate at which information technology changes, it is likely that new types of attack will emerge rapidly. Because insight into the nature of possible attacks is likely to result in additional options for defense, it is highly desirable to keep abreast of new vulnerabilities and to understand the potential consequences if such vulnerabilities were to be exploited.

Field Studies of Security. Traditional criteria, as specified in the Orange Book,31 have not been successes. They do not capture current needs or models of computation.32 Worse yet, they have largely failed in the marketplace; very few customers actually bought Orange Book-rated systems, even when they were available. Understanding why previous attempts to build secure systems and networks have failed in the marketplace, or in defending against outside attack, would help to guide future research efforts. (Note that human and organizational factors are key elements of such analysis, as mentioned above.)

Recommendation 5.7: Crosscutting Issues in Information- and Network-Security Research

  • Develop tools that support security-oriented systems development.

  • Find new ways to test bug fixes reliably.

  • Develop better system-administration tools for specifying security policies and checking against prespecified system configurations.

  • Create new tools to detect added and unauthorized functionality.

  • Develop authentication mechanisms that provide greater security and are easier to use.

  • Create and employ metrics to determine the improvement to system security resulting from the installation of a security measure.

  • Monitor and track emerging types of attack and explore potential consequences of such attacks.

  • Understand why previous attempts to build secure systems have failed and recommend how new efforts should be structured to be more successful.


Information on the economic impact of computer security is given in “The Economic Impact of Role-Based Access Control,” National Institute of Standards and Technology, March 2002. Available online at <>.


The “Orange Book” is the nickname for the Trusted Computer System Evaluation Criteria, which were intended to guide commercial system production generally and thereby improve the security of systems in use. Its principal failing was the omission of networking concerns, which arose during the lengthy period between the time it was first drafted and its final approval.


CSTB (1999c), pp. 144-152, and CSTB (1990, 1999b).

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement