adapting products that had had fewer security features and less assurance.

According to vendors, consumers most frequently demand security in connection with networked systems, which serve multiple users. One market research firm (International Resource Development) has estimated that the market for local area network (LAN) security devices may grow up to sixfold by the mid-1990s; it also foresees significant growth in data and voice encryption devices, in part because their costs are declining (Brown, 1989a). Other factors cited for growth in the encryption market are requirements for control of fraud in financial services and elsewhere (Datapro Research, 1989a).

Prominent in the market has been host access control software for IBM mainframes, especially IBM's RACF and Computer Associates' ACF2 and Top Secret. This type of add-on software provides (but does not enforce) services, such as user identification, authentication, authorization, and audit trails, that the underlying operating systems lack. It was originally developed in the 1970s and early 1980s, driven by the spread of multiaccess applications (mainframe-based systems were not originally developed with security as a significant consideration). Both IBM and Computer Associates plan to make these products conform to Orange Book B1 criteria. Although IBM intends now to bring its major operating systems up to the B1 level, it is reluctant to undertake development to achieve higher levels of assurance (committee briefing by IBM). Moreover, the market for host access control systems is growing slowly because those who need them generally have them already.1 One market analyst, Datapro, notes that sales come mostly from organizations required by federal or state regulations to implement security controls (Datapro Research, 1990a).

The most powerful alternatives to add-on software, of course, are systems with security and trust built in. In contrast to the mainframe environment, some vendors have been building more security features directly into midrange and open systems, possibly benefiting from the more rapid growth of this part of the market. Even in the personal computer market, newer operating systems (e.g., OS/2) offer more security than older ones (e.g., MS/DOS).

Multics, the first commercial operating system that was developed (by the Massachusetts Institute of Technology, General Electric, and AT&T Bell Laboratories) with security as a design goal, achieved a B2 rating in 1985. While Multics has a loyal following and is frequently cited as a prime exemplar of system security, its commercial history has not been encouraging. Its pending discontinuation by its vendor (now Bull, previously Honeywell, originally General Electric) apparently reflects a strategic commitment to other operating systems (Datapro Research, 1990b).



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement