Bibliography

Adams, E. 1984. ''Optimizing preventative service of software products," IBM Journal of R&D, Vol. 28, No. 1.

Adrion, W. R. 1989. Testing Techniques for Concurrent and Real-time Systems, University of Massachusetts, Amherst.

Agranoff, Michael H. 1989. "Curb on technology: Liability for failure to protect computerized data against unauthorized access," Computer and High Technology Law Journal, Vol. 5, pp. 265–320.

Akerlof, George A. 1970."The market for 'lemons': Quality uncertainty and the market mechanism," Quarterly Journal of Economics, 87, pp. 488–500.

Alexander, Michael. 1989a. "Computer crime fight stymied," Federal Computer Week, October 23, pp. 43–45.

Alexander, Michael. 1989b. "Business foots hackers' bill," Computerworld , December 11.

Alexander, Michael. 1989c. "Trojan horse sneaks in with AIDS program," Computerworld, December 18, p. 4.

Alexander, Michael. 1990a. "Biometric system use widening—security devices measure physical-based traits to restrict access to sensitive areas," Computerworld, January 8, p. 16.

Alexander, Michael. 1990b. "High-tech boom opens security gaps," Computerworld, April 2, pp. 1, 119.

Allen, Michael. 1990. "Identity crisis: To repair bad credit, advisers give clients someone else's data," Wall Street Journal, August 14, p. Al.

Allen-Tonar, Larry. 1989. "Networked computers attract security problems abuse," Networking Management, December, p. 48.

American Bar Association. 1984. Report on Computer Crime, Task Force on Computer Crime, Section on Criminal Justice, Chicago, Ill., June.

American Institute of Certified Public Accountants (AICPA). 1984. Report on the Study of EDP-Related Fraud in the Banking and Insurance Industries, EDP Fraud Review Task Force, AICPA, New York.

Anderson, J. P. 1972. Computer Security Technology Planning Study, ESD-TR-73-51, Vol. I, AD-758 206, ESD/AFSC, Hanscom AFB, Bedford, Mass., October.

Anderson, J. P. 1980. Computer Security Threat Monitoring and Surveillance , James P. Anderson Co., Fort Washington, Pa., April.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Bibliography Adams, E. 1984. ''Optimizing preventative service of software products," IBM Journal of R&D, Vol. 28, No. 1. Adrion, W. R. 1989. Testing Techniques for Concurrent and Real-time Systems, University of Massachusetts, Amherst. Agranoff, Michael H. 1989. "Curb on technology: Liability for failure to protect computerized data against unauthorized access," Computer and High Technology Law Journal, Vol. 5, pp. 265–320. Akerlof, George A. 1970."The market for 'lemons': Quality uncertainty and the market mechanism," Quarterly Journal of Economics, 87, pp. 488–500. Alexander, Michael. 1989a. "Computer crime fight stymied," Federal Computer Week, October 23, pp. 43–45. Alexander, Michael. 1989b. "Business foots hackers' bill," Computerworld , December 11. Alexander, Michael. 1989c. "Trojan horse sneaks in with AIDS program," Computerworld, December 18, p. 4. Alexander, Michael. 1990a. "Biometric system use widening—security devices measure physical-based traits to restrict access to sensitive areas," Computerworld, January 8, p. 16. Alexander, Michael. 1990b. "High-tech boom opens security gaps," Computerworld, April 2, pp. 1, 119. Allen, Michael. 1990. "Identity crisis: To repair bad credit, advisers give clients someone else's data," Wall Street Journal, August 14, p. Al. Allen-Tonar, Larry. 1989. "Networked computers attract security problems abuse," Networking Management, December, p. 48. American Bar Association. 1984. Report on Computer Crime, Task Force on Computer Crime, Section on Criminal Justice, Chicago, Ill., June. American Institute of Certified Public Accountants (AICPA). 1984. Report on the Study of EDP-Related Fraud in the Banking and Insurance Industries, EDP Fraud Review Task Force, AICPA, New York. Anderson, J. P. 1972. Computer Security Technology Planning Study, ESD-TR-73-51, Vol. I, AD-758 206, ESD/AFSC, Hanscom AFB, Bedford, Mass., October. Anderson, J. P. 1980. Computer Security Threat Monitoring and Surveillance , James P. Anderson Co., Fort Washington, Pa., April.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Anthes, Gary, H. 1989a. "ACC tunes in to illicit hacking activity—firm ferrets out threats," Federal Computer Week, September 18, pp. 1, 53. Anthes Gary, H. 1989b. "U.S. software experts track British standards," Federal Computer Week, September 18, pp. 3, 8. Anthes, Gary H. 1989c. "DARPA response team spawns private spinoffs," Federal Computer Week, December 11. Anthes, Gary H. 1989d. "Vendors skirt NCSC evaluations: Security system testing faulted for length and cost in process," Federal Computer Week, December 11, p. 4. Anthes, Gary H. 1990a. "NIST combats confusion on encryption standard," Federal Computer Week, January 29, p. 7. Anthes, Gary H. 1990b. "Oracle, AF to build secure data base system: Project will build operational relational DBMS to meet Al trust," Federal Computer Week, March 12. Armed Forces Communications and Electronics Association (AFCEA). 1989. Information Security Study, Fairfax, Va., April. Bailey, David. 1984. "Attacks on computers: Congressional hearings and pending legislation," Proceedings of the 1984 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 29–May 2, pp. 180–186. Baldwin, Robert W. 1988. Rule Based Analysis of Computer Security, Technical Report 401, Massachusetts Institute of Technology, Laboratory for Computer Science, Cambridge, Mass., March. Beatson, Jim. 1989. "Is America ready to 'fly by wire'?" Washington Post, April 2, p. C3. Becker, L. G. 1987. An Assessment of Resource Centers and Future Requirements for Information Security Technology, prepared for the National Security Agency, Fort Meade, Md., September. Bell, Elliott D. 1983. "Secure computer systems: A retrospective," Proceedings of the 1983 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 25–27, pp. 161–162. Bell, Elliot D. 1988. "Concerning modeling of computer security," Proceedings of the 1988 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 18–21, pp. 8–13. Bell, Elliott D. and L. J. La Padula. 1976. Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, MITRE Corp., Bedford, Mass., March. Beresford, Dennis R., et al. 1988. "What is the FASB's role, and how well is it performing?" Financial Executive, September/October, pp. 20–26. Berman, Jerry and Janlori Goldman. 1989. A Federal Right of Information Privacy: The Need for Reform, American Civil Liberties Union/Computer Professionals for Social Responsibility, Washington, D.C. Berton, Lee. 1989. "Audit firms are hit by more investor suits for not finding fraud," The Wall Street Journal, January 24, pp. A1, A12. Betts, Mitch. 1989. "Senate takes tentative look at virus legislation," Computerworld, May 22. Biba, K. J. 1975. Integrity Considerations for Secure Computer Systems , Report MTR 3153, MITRE Corp., Bedford, Mass., June. Birrell, Andrew D., B. W. Lampson, R. M. Needham, and M. D. Schroeder. 1986. "A global authentication service without global trust," Proceedings of the 1986 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 7–9, pp. 223–230. BloomBecker, Jay, Esq. (Ed). 1988. Introduction To Computer Crime, 2nd ed., National Center for Computer Crime Data, Los Angeles, Calif. Bloomfield, R. E. 1990. SafeIT: The Safety of Programmable Electronic Systems, a government consultation document on activities to promote the safety of computer controlled

OCR for page 216
Computers at Risk: Safe Computing in the Information Age systems, Volume 1: Overall Approach and Volume 2: A Framework for Safety Standards, ICSE Secretariat, Department of Trade and Industry, London, United Kingdom, June. Boebert, E. 1985. "A practical alternative to hierarchical integrity policies," Proceedings of the 8th National Computer Security Conference , September 30, NIST, Gaithersburg, Md. Boebert, W. E., R. Y. Kain, W. D. Young, and S. A. Hansohn. 1985. "Secure ADA target: Issues, system design, and verification," Proceedings of the 1985 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 22–24, pp. 176–183. Boss, A. H. and W. J. Woodward. 1988. "Scope of the uniform commercial code; survey of computer contracting cases," The Business Lawyer 43, August, pp. 1513–1554. Bozman, Jean S. 1989. "Runaway program gores sabre," Computerworld , May 22. Brand, Russell L. 1989. Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery, July. Available from the Defense Advanced Research Projects Agency, Arlington, Va., or at the following address: 1862 Euclid, Department 136, Berkeley, CA 94709. Branstad, D. 1973. "Security aspects of computer networks," Proceedings of the AIAA Computer Network Systems Conference, Paper 73–427, Huntsville, Ala., April, American Institute of Aeronautics and Astronautics (AIAA), Washington, D.C. Branstad, Dennis K. and Miles E. Smid. 1982. "Integrity and security standard based on cryptography," Computers & Security, Vol. 1, pp. 225–260. Brewer, D. F. C. 1985. Software Integrity: (Verification, Validation, and Certification), Admiral Computing Limited, Camberley, Surrey, England, January, pp. 111–124. Brown, Bob. 1989a. "Security risks boost encryption outlays," Network World, January 9, pp. 11–12. Brown, Bob. 1989b. "CO fire, virus attack raise awareness, not preparation," Network World, July 3, p. 1. Browne, Malcolm W. 1988. "Most ferocious math problem is tamed," New York Times, October 12, p. A1. Buckley, T. F. and J. W. Wise. 1989. "Tutorial: A guide to the VIPER microprocessor," Proceedings: COMPASS '89 (Computer Assurance), IEEE Computer Society, New York, June 23. Burgess, John. 1989. "Computer virus sparks a user scare," Washington Post, September 17, p. H3. Burgess, John. 1990. "Hacker's case may shape computer security law," Washington Post, January 9, p. A4. Burrows, M., M. Abadi, and R. Needham. 1989. A Logic of Authentication , Digital Systems Research Center, Palo Alto, Calif., February. Business Week. 1988. "Is your computer secure," (cover story), August 1, pp. 64–72. California, State of. 1985. Informational Hearing: Computers and Warranty Protection for Consumers, Sacramento, Calif., October. Canadian Government, System Security Centre, Communications Security Establishment. 1989. Canadian Trusted Computer Product Evaluation Criteria, Version 1.0, draft, Ottawa, Canada, May. Carnevale, Mary Lu and Julie Amparano Lopez. 1989. "Making a phone call might mean telling the world about you," Wall Street Journal, November 28, pp. A1, A8. Casatelli, Christine. 1989a. "Smart signatures at FED," Federal Computer Week, May 22. Casatelli, Christine. 1989b. "Disaster recovery," Federal Computer Week, December 11, pp. 28–29, 33. Casey, Peter. 1980. "Proposals to curb computer misuse," JFIT News , No. 8, November, p. 2.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Chalmers, Leslie S. 1986. "An analysis of the differences between the computer security practices in the military and private sectors," Proceedings of the 1986 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 7–9, pp. 71–74. Chandler, James P. 1977. "Computer transactions: Potential liability of computer users and vendors," Washington University Law Quarterly , Vol. 1977, No. 3, pp. 405–443. Chaum, David (Ed.). 1983. Advances in Cryptology: Proceedings of Crypto 83, Plenum, New York. Chor, Ben-Zion. 1986. Two Issues in Public-Key Cryptography: RSA Bit Security and a New Knapsack Type System, MIT Press, Cambridge, Mass. Christian Science Monitor. 1989. "Computer and spy: Worrisome mix," March 7, p. 4. Chronicle of Higher Education. 1988a. "Virus' destroys campus computer data," February 3. Chronicle of Higher Education. 1988b. "Worries over computer 'viruses' lead campuses to issue guidelines," March 2. Clark, D. D. and D. R. Wilson. 1987. "A comparison of commercial and military computer security policies," Proceedings of the 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 27–29, pp. 184–194. Cohen, Fred. 1984. "Computer viruses: Theory and experiments," Seventh DOD/NBS Conference on Computer Security, Gaithersburg, Md. Cole, Patrick and Johathan B. Levine. 1989. "Are ATMs easy targets for crooks?" Business Week, March 6, p. 30. Comer, Douglas. 1988. Internetworking with TCP/IP Principles, Protocols, and Architectures, Prentice-Hall, Englewood Cliffs, N.J. Communications Week. 1990a. "Hack it through packet," April 16, p. 10. Communications Week. 1990b. "What's in the mail?" editorial, July 16, p. 20. Computer and Business Equipment Manufacturers Association (CBEMA). 1989a. Statement to U.S. Congress (101st), Senate, Subcommittee on Technology and the Law, Hearing on Computer Viruses, May 19. Computer and Business Equipment Manufacturers Association (CBEMA). 1989b. Statement to U.S. Congress (101st), House of Representatives, Committee on the Judiciary, Subcommittee on Criminal Justice, Hearing on Computer Virus Legislation, November 8. Computer Crime Law Reporter. 1989. "Computer crime statutes at the state level," August 21 update based on the "State-Net" database and compiled and distributed by the National Center for Computer Crime Data, 2700 N. Cahuenga Blvd., Los Angeles, CA 90068. Computer Fraud & Security Bulletin. 1989–1990. Elsevier Science Publishing Co., Oxford, United Kingdom. Computer Law Associates Annual Meeting. 1978. Unpublished proceedings: Brooks, Daniel J., "Natures of liabilities of software program suppliers"; DeRensis, Paul R., "Impact of computer systems on the liabilities of various types of professionals"; Hutcheon, Peter D., "Computer system as means for avoidance of liability''; Jenkins, Martha M., "Effects of computer-system records on liabilities of suppliers, users, and others"; Freed, Roy N., "How to handle exposures to, and impacts of, liability arising from computer use." Washington, D.C., Computer Law Association, Fairfax, Va., March 6. Computer Security Journal. 1986–1988. Computer Security Institute, 500 Howard Street, San Francisco, CA 94105. Computers & Security. 1988. "Special supplement: Computer viruses," Vol. 7, No. 2, Elsevier Advanced Technology Publications, Oxford, United Kingdom, April. Computers & Security. 1988–1990. Elsevier Advanced Technology Publications, Oxford, United Kingdom. Computerworld. 1988a. "OSI security system revealed," October 5, pp. 53, 58.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Computerworld. 1988b. "Virus ravages thousands of systems," November 7, pp. 1, 157. Conly, Catherine H. 1989. Organizing for Computer Crime Investigation and Prosecution, U.S. Department of justice, National Institute of Justice, Washington, D.C., July. Consultative Committee on International Telephony and Telegraphy (CCITT). 1989a. Data Communication Networks Message Handling Systems , Vol. VIII, Fascicle VIII.7, Recommendations X.400-X.420, CCITT, Geneva, p. 272. Consultative Committee on International Telephony and Telegraphy (CCITT). 1989b. Data Communications Networks Directory, Vol. VIII, Fascicle VIII.8, Recommendations X.500-X.521, CCITT, Geneva. Cook, William J. 1989. "Access to the access codes '88–'89: A prosecutor's perspective," Proceedings of the 12th National Computer Security Conference , National Institute of Standards and Technology/National Computer Security Center, Baltimore, Md., October 10–13. Cooper, James Arlin. 1989. Computer & Communications Security-Strategies for the 1990s, McGraw-Hill Communications Series, McGraw-Hill, New York. Cornell University. 1989. The Computer Worm. A Report to the Provost from the Commission of Preliminary Enquiry, Ithaca, N.Y., February 6. Cowan, Alison Leigh. 1990. "The $290,000 job nobody wants," New York Times, October 11, D1, D9. Craigen, D. and K. Summerskill (Eds.). 1990. Formal Methods for Trustworthy Computer Systems (FM '89), a Workshop on the Assessment of Formal Methods for Trustworthy Computer Systems, Springer-Verlag, New York. Crawford, Diane. 1989. "Two bills equal forewarning," Communications of the ACM, Vol. 32, No. 7, July. Crenshaw, Albert B. 1990. "Senate panel approves liability bill," Washington Post, May 23. Cullyer, W. 1989. "Implementing high integrity systems: The Viper microprocessor," IEEE AES Magazine, May 13. Curry, David A. 1990. Improving the Security of Your UNIX System, ITSTD-721-FR-90-21, Information and Telecommunications Sciences and Technology Division, SRI International, Menlo Park, Calif., April. Cutler, Ken and Fred Jones. 1990. "Commercial international security requirements," unpublished draft paper, American Express Travel Related Services Company, Inc., Phoenix, Ariz., August 3. Danca, Richard A. 1989. "LAN group helps managers handle security risks," Federal Computer Week, July 10. Danca, Richard A. 1990a. "Sybase unveils multilevel secure DBMS," Network World, February 19, pp. 1, 37. Danca, Richard A. 1990b. "NCSC decimated, security role weakened," Federal Computer Week, July 16, pp. 1, 6. Danca, Richard A. 1990c. "Bush revises NSDD 145," Federal Computer Week, July 16, pp. 6, 41. Danca, Richard A. 1990d. "NCSC affirms shakeup in its structure," Federal Computer Week, August 27, pp. 1, 4. Danca, Richard A. 1990e. "NIST may issue civilian computer security guide: Proposed document could become federal information processing standard," Federal Computer Week, September 17, p. 60. Danca, Richard A. 1990f. "NIST, industry team up for anti-virus consortium," Federal Computer Week, October 8, p. 2. Danca, Richard A. 1990g. "Torricelli charges NIST with foot-dragging on security," Federal Computer Week, October 8, p. 9. Datamation. 1987. "Disaster recovery: Who's worried?" February 1, pp. 60–64.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Datapro Research. 1989a. "All about data encryption devices," Datapro Reports: Information Security, Report no. IS37-001, McGraw-Hill, Delran, N.j., pp. 101–109. Datapro Research. 1989b. "All about microcomputer encryption and access control," Datapro Reports: Information Security, Report no. IS31-001, McGraw-Hill, Delran, N.J., pp. 101–108. Datapro Research. 1989c. Security Issues of 1988: A Retrospective, McGraw-Hill, Delran, N.J., March. Datapro Research. 1990a. "Host access control software: Market overview," Datapro Reports: Information Security, Report no. IS52-001, McGraw-Hill, Delran, N.J., pp. 101–104. Datapro Research. 1990b. "Bull security capabilities of Multics," Datapro Reports: Information Security, Report no. IS56-115, McGraw-Hill, Delran, N.J., pp. 101–106. Daunt, Robert T. 1985. "Warranties and mass distributed software," Computers and High-Technology Law Journal, Vol. 1, pp. 255–307. Davies, D. and W. Price. 1984. Security for Computer Networks: An Introduction to Data Security in Teleprocessing and Electronic Funds Transfers, Wiley, New York. Davis, Bob. 1988. "A supersecret agency finds selling secrecy to others isn't easy," Wall Street Journal, March 28, p. A1. Davis, Bob. 1989. "NASA discloses computer virus infected network," Wall Street Journal, October 18, p. B4. Davis, G. Gervaise, III. 1985. Software Protection: Practical and Legal Steps to Protect and Market Computer Programs, Van Nostrand Reinhold, New York. Davis, Otto A. and Morton I. Kamien. 1969. "Externalities, information, and alternative collective action," The Analysis and Evaluation of Public Expenditures: The PPB System, compendium of papers submitted to the Subcommittee on Economy in Government of the Joint Economic Committee of the U.S. Congress, Washington, D.C., U.S. GPO, pp. 67–86. Davis, Ruth M. 1989. "CALS Data Protection—Computer-aided Acquisition and Logistic Support, Data Protection and Security Policy Statement," The Pymatuning Group, Arlington, Va., January. Defense Communications Agency (DCA). 1989. "DDN Security Coordination Center operational," Defense Data Network Security Bulletin, DDN Security Coordination Center, DCA DDN Defense Communications System, September 22. Denning, D. E. 1987. "An intrusion-detection model," Proceedings of the 1986 Symposium on Security and Privacy, National Bureau of Standards, Gaithersburg, Md., September. Denning, D. E., T. F. Lunt, R. R. Schell, W. R. Shockley, and M. Heckman. 1988. "The SeaView security model," Proceedings of the 1988 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 18–21, pp. 218–233. Denning, Dorothy. 1976. "A lattice model of secure information flow," Communications of the ACM, Vol. 19. Denning, Dorothy E., Peter G. Neumann, and Donn B. Parker. 1987. "Social aspects of computer security," Proceedings of the 10th National Computer Security Conference, National Bureau of Standards/National Computer Security Center, Baltimore, Md., September 21–24, pp. 320–325. Dewdney, A. K. 1989. "Of worms, viruses, and core war," Scientific American, March, pp. 110–113. Dickman, Steven. 1989. "Hackers revealed as spies," Nature, March 9, p. 108. DiDio, Laura. 1989. "Rash of viruses puts spotlight on security," Network World, October 30, p. 19. DiDio, Laura. 1990. "Virus threat obscured by slow growth in early stages," Network World, April 23, p. 23. Diffie, W. and M. Hellman. 1976. "New directions in cryptography," IEEE Transactions on Information Theory, IT-22, November 16, pp. 644–654.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Dillon, Laura K. 1989. Research on Validation of Concurrent and Real-time Software Systems", University of California, Santa Barbara. Dobson, J. E. and B. Randell. 1986. "Building reliable secure computing systems out of unreliable insecure components," Proceedings of the 1986 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 7–9, pp. 187–193. Early, Peter. 1988. Family of Spies: Inside the John Walker Spy Ring , Bantam Books, New York. Eason, Tom S., Susan Higley Russell, and Brian Ruder. 1977. Systems Auditability and Control Study: Data Processing Control Practices Report, Vol. 1 of 3 volumes, Institute of Internal Auditors, Altamonte Springs, Fla. Economist. 1988. "Keeping out the Kaos Club," Science and Technology Section, July 9, pp. 77–78. Electronic Industries Association (EIA). 1987. Proceedings: Communications & Computer Security (COMSEC & COMPUSEC): Requirements, Opportunities and Issues, EIA, Washington, D.C., January 14. Emergency Care Research Institute (ECRI). 1985. "Unauthorized use of computers: An often-neglected security problem," Issues in Health Care Technology, ECRI, Plymouth Meeting, Pa., July, pp. 1–6. Emergency Care Research Institute (ECRI). 1988a. "Legal implications of computerized patient care," Health Technology, Vol. 2, No. 3, May/June, pp. 86–95, ECRI, Plymouth Meeting, Pa. Emergency Care Research Institute (ECRI). 1988b. An Election Administrator's Guide to Computerized Voting Systems, Vol. 1 and 2, ECRI, Plymouth Meeting, Pa. Ernst & Young. 1989. Computer Security Survey: A Report, Cleveland, Ohio. Estrin, D. and G. Tsudik. 1987. "VISA scheme for inter-organization network security," Proceedings of the 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 27–29, pp. 174–183. European Commission. 1989a. Basis for a Portable Common Tool Environment (PCTE), Esprit Project Number 32, Esprit, The Project Synopses, Information Processing Systems, Vol. 3 of a series of 8, September. European Commission. 1989b. Basis for a Portable Common Tool Environment (PCTE), Esprit Project Number 32, Basic Research Actions and Working Groups, Vol. 8 of a series of 8, September. European Computer Manufacturers Association (ECMA). 1989. Standard ECMA-XXX Security in Open Systems: Data Elements and Service Definitions , ECMA, Geneva. Falk, David. 1975. "Building codes in a nutshell," Real Estate Review , Vol. 5, No. 3, Fall, pp. 82–91. Federal Computer Week. 1988. "Analysis, task forces work to keep Internet safe," November 14, pp. 1, 49. Federal Computer Week. 1989. "Selling viruses," November 27, p. 25. Federal Republic of Germany, Ministry of Interior. 1990. Information Technology Security Evaluation Criteria (ITSEC), the harmonized criteria of France, Germany, the Netherlands, and the United Kingdom, draft version 1, May 2, Bonn, Federal Republic of Germany. Federal Trade Commission (FTC). 1983. Standards and Certification, final staff report, Bureau of Consumer Protection, Washington, D.C., April. Fetzer, James H. 1988. "Program verification: The very idea," Communications of the ACM, Vol. 31, No. 9, September, pp. 1048–1063. Financial Accounting Foundation (FAF) (n.d.). "Establishing standards for financial reporting," FASB, Norwalk, Conn. [undated pamphlet] Financial Accounting Foundation (FAF). 1990. Financial Accounting Foundation Annual Report 1989, FAF, Norwalk, Conn.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Financial Accounting Standards Board (FASB). 1990. "Facts about FASB," FASB, Norwalk, Conn. Fitzgerald, Karen. 1989. "The quest for intruder-proof computer systems," IEEE Spectrum, August, pp. 22–26. Flaherty, David. 1990. Protecting Privacy in Surveillance Societies , The University of North Carolina Press, Chapel Hill. Florida State Legislature. 1984. Overview of Computer Security, a report of the joint Committee on Information Technology Resources, Jacksonville, Fla., January. Forcht, Karen A. 1985. "Computer security: The growing need for concern," The Journal of Computer Information Systems, Fall. Francett, Barbara. 1989. "Can you loosen the bolts without disarming the locks?" (Executive Report: Security in Open Times), ComputerWorld , October 23. Frenkel, Karen A. 1990. "The politics of standards and the EC," Communications of the ACM, Vol. 33, No. 7, pp. 41–51. Galen, Michele and Jeffrey Rothfeder. 1989. "Is nothing private?" Business Week, September 4, pp. 74–77, 80–82. Gasser, Morrie. 1988. Building a Secure Computer System, Van Nostrand Reinhold, New York. Gasser, Morrie, A. Goldstein, C. Kaufman, and B. Lampson. 1989. "The Digital distributed system security architecture," Proceedings of the 12th National Computer Security Conference, National Institute of Standards and Technology /National Computer Security Center, Baltimore, Md., October 10–13, pp. 305–319. Gemignani, Michael C. 1982. "Product liability and software," Rutgers Journal of Computers, Technology and Law, Vol. 8, p. 173. General Accounting Office. 1980. Increasing Use of Data Telecommunications Calls for Stronger Protection and Improved Economies, Washington, D.C. General Accounting Office (GAO). 1987. Space Operations: NASA's Use of Information Technology, GAO/IMTEC-87-20, Washington, D.C., April. General Accounting Office (GAO). 1988a. Information Systems: Agencies Overlook Security Controls During Development, GAO/IMTEC-88-11, Washington, D.C., May. General Accounting Office (GAO). 1988b. Information Systems: Agencies Overlook Security Controls During Development, GAO/IMTEC-88-11S, Washington, D.C., May. General Accounting Office (GAO). 1988c. Satellite Data Archiving: U.S. and Foreign Activities and Plans for Environmental Information , GAO/RCED-88-201, Washington, D.C., September. General Accounting Office (GAO). 1989a. Federal ADP Personnel: Recruitment and Retention, GAO/IMTEC-89-12BR, Washington, D.C., February. General Accounting Office (GAO). 1989b. Electronic Funds: Information on Three Critical Banking Systems, Washington, D.C., February. General Accounting Office (GAO). 1989c. Computer Security: Compliance With Training Requirements of the Computer Security Act of 1987, GAO/IMTEC-89-16BR, Washington, D.C., February. General Accounting Office (GAO). 1989d. Computer Security: Virus Highlights Need for Improved Internet Management, GAO/IMTEC-89-57, Washington, D.C., June. General Accounting Office (GAO). 1989e. Computer Security: Unauthorized Access to a NASA Scientific Network, GAO/IMTEC-90-2, Washington, D.C., November. General Accounting Office (GAO). 1990a. Electronic Funds Transfer: Oversight of Critical Banking Systems Should Be Strengthened, Washington, D.C., January. General Accounting Office (GAO). 1990b. Financial Markets: Tighter Computer Security Needed, GAO/IMTEC-90-15, Washington, D.C., January. General Accounting Office (GAO). 1990c. Computer Security: Government Planning Process Had Limited Impact, GAO/IMTEC-90-48, Washington, D.C., May.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age General Accounting Office (GAO). 1990d. Justice Automation: Tighter Computer Security Needed, GAO/IMTEC-90-69, Washington, D.C., July. General Accounting Office (GAO). 1990e. Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data , GAO/IMTEC-90-70BR, Washington, D.C., August. General Services Administration (GSA). 1988. Information Technology Installation Security, Office of Technical Assistance, Federal Systems Integration and Management Center, Falls Church, Va., December. German Information Security Agency (GISA). 1989. IT Security Criteria: Criteria for the Evaluation of Trustworthiness of Information Technology (IT) Systems, 1st version, Koln, Federal Republic of Germany. Gilbert, Dennis M. and Bruce K. Rosen. 1989. Computer Security Issues in the Application of New and Emerging Information Technologies, a white paper, National Institute of Standards and Technology, Gaithersburg, Md., March. Godes, James N. 1987. "Developing a new set of liability rules for a new generation of technology: Assessing liability for computer-related injuries in the health care field," Computer Law Journal, Vol. VII, pp. 517–534. Government Computer News. 1986. "DP courses don't include ethics study," July 4. Government Computer News. 1988. "GCN spotlight: Security," April 29, pp. 35–54. Gray, J. 1987. "Why do computers stop and what can we do about it?" 6th International Conference on Reliability and Distributed Databases , IEEE Computer Society, Engineering Societies Library, New York. Green, Virginia D. 1989a. "Overview of federal statutes pertaining to computer-related crime," (memorandum), Reed, Smith, Shaw, and McClay, Washington, D.C., July 7. Green, Virginia D. 1989b. "State computer crime statutes and the use of traditional doctrines to prosecute the computer criminal," (memorandum), Reed, Smith, Shaw, and McClay, Washington, D.C., July 7. Greenberg, Ross M. 1988. "A form of protection for you and your computer," 2600 Magazine, Summer. Greenhouse, Steven. 1990. "India crash revives French dispute over safety of Airbus jet," New York Times, February 24. Gregg, Robert E. and Thomas R. Folk. 1986. "Liability for substantive errors in computer software," Computer Law Reporter (Washington D.C.), Vol. 5, No. 1, July, pp. 18–26. Grimm, Vanessa Jo. 1989. "Hill halves NIST budget for security," Government Computer News, Vol. 8, No. 22, October 30. Gruman, Galen. 1989a. "Software safety focus of new British standard," IEEE Software, May. Gruman, Galen. 1989b. "Major changes in federal software policy urged," IEEE Software, November, pp. 78–80. Haigh, J., R. A. Kemmerer, J. McHugh, and B. Young. 1987. "An experience using two covert channel analysis techniques on a real system design," IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, February. Hamlet, Richard. 1988. "Special section on software testing," Communications of the ACM, Vol. 31, No. 6, June. Hanna, Keith, Neil Daeche, and Mark Longley. 1989. VERITAS+: A Specification Language Based on Type Theory, Technical Report, Faculty of Information Technology, University of Kent, Canterbury, United Kingdom, May. Harrison, Warren. 1988. "Using software metrics to allocate testing resources," Journal of Management Systems, Vol. 4, Spring. Helfant, Robert and Glenn J. McLoughlin. 1988. Computer Viruses: Technical Overview and Policy Considerations, Science Policy Research Division, Congressional Research Service, Washington, D.C., August 15.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Hellman, M. 1979. "The mathematics of public-key cryptography," Scientific American, 241(2):146–157. Henderson, Nell. 1989. "Programming flaw, keyboard cited in airline delays twice in 2 weeks," Washington Post, November 18, p. B4. Higgins, John C. 1989. "Information security as a topic in undergraduate education of computer scientists," Proceedings of the 12th National Computer Security Conference, National Institute of Standards and Technology/National Computer Security Center, Baltimore, Md., October 10–13. Hilts, Philip J. 1988. "Computers face epidemic of 'information diseases,'" Washington Post, May 8, p. A3. Hoffman, Lance J. 1988. Making Every Vote Count: Security and Reliability of Computerized Vote-counting Systems, George Washington University, School of Engineering and Applied Science, Department of Electrical Engineering and Computer Science, Washington D.C., March. Hollinger, Richard C. and Lonn Lanza-Kaduce. 1988. "The process of criminalization: The case of computer crime laws," Criminology, Vol. 26, No. 1. Holmes, James P., R. L. Maxwell, and L. J. Wright. 1990. A Performance Evaluation of Biometric Identification Devices, Sandia National Laboratories, Albuquerque, N. Mex., July. Honeywell, Secure Computing Technology Center. 1985–1988. LOCK: Selected Papers, Honeywell, St. Anthony, Minn. Horning, James J., P. G. Neumann, D. D. Redell, J. Goldman, and D. R. Gordon. 1989. A Review of NCIC 2000: The Proposed Design for the National Crime Information Center, American Civil Liberties Union, Project on Privacy and Technology, Washington, D.C., February. Horovitz, Bonna Lynn. 1985. "Computer software as a good under the uniform commercial code: Taking a byte out of the intangibility myth," Boston University Law Review, Vol. 65, pp. 129–164. Houston, M. Frank. 1987. "What do the simple folks do? Software safety in the cottage industry," Food and Drug Administration, Center for Devices and Radiological Health, Rockville, Md., pp. S/20-S/24. Houston, M. Frank. 1989. Designing Safer, More Reliable Software Systems, Food and Drug Administration, Center for Devices and Radiological Health, Rockville, Md. Howden, William E. 1987. Functional Program Testing and Analysis, McGraw Hill, New York. Independent European Programme Group (IEPG), Technical Area 13 (TA-13). 1989. "Introducing PCTE+," (April); and "Rationale for the changes between the PCTE+ specifications issue 3 dated 28 October 1988 and the PCTE specifications version 1.5 dated 15 November 1988," (January 6), IEPG, Eurogroup of NATO, Brussels. Information Systems Security Association. 1988–1990. ISSA Access, Newport Beach, Calif. Info World. 1988. "What were simple viruses may fast become a plague," Tech Talk, May 2. Institute for Defense Analyses (IDA). 1987. IDA memorandum reports: Introduction to Information Protection (M-379), Operating Systems Security (M-380), Network Security (M-381), Database System Security (M-382), Formal Specification and Verification (M-383), and Risk Analysis (M-384), IDA, Alexandria, Va., October. Institute of Electrical and Electronics Engineers (IEEE). 1984. IEEE Guide to Software Requirements Specifications, ANSI/IEEE Std. 830-1984, IEEE, New York. Institute of Electrical and Electronics Engineers (IEEE). 1988. Proceedings: COMPASS '88 (Computer Assurance), June 27-July 1, IEEE, New York. Institute of Electrical and Electronics Engineers (IEEE). 1988–1990. Proceedings of the Computer Security Foundations Workshop, Franconia, N.H., IEEE, New York.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Institute of Electrical and Electronics Engineers (IEEE). 1989a. Proceedings: COMPASS '89 (Computer Assurance), June, IEEE, New York. Institute of Electrical and Electronics Engineers (IEEE). 1989b. Cipher, Newsletter of the Technical Committee on Security & Privacy, IEEE Computer Society, Washington, D.C. Institute of Electrical and Electronics Engineers (IEEE). 1990a. Cipher, Newsletter of the Technical Committee on Security & Privacy, Special Issue, "Minutes of the First Workshop on Covert Channels Analysis," IEEE Computer Society, Washington, D.C. Institute of Electrical and Electronics Engineers (IEEE). 1990b. IEEE Software (issue on formal methods in software engineering), September. Institute of Electrical and Electronics Engineers (IEEE). 1990c. IEEE Transactions on Software Engineering (issue on formal methods in software engineering), September. International Standards Organization (ISO). 1989. "Security Architecture," Part 2 of 4, Information Processing Systems Open System Interconnection Basic Reference Model, ISO-7498-2, available from the American National Standards Institute, New York. Jackson, Kelly. 1989a. "Plans grounded by FAA computer glitches," Federal Computer Week, November 20, p. 20. Jackson, Kelly. 1989b. "Congress pushes computer crime law," Federal Computer Week, November 20, p. 23. Jacobs, Jane. 1972. The Death and Life of Great American Cities, Penguin, Harmondsworth, United Kingdom. Jaffe, Matthew S. and Nancy G. Leveson. 1989. Completeness, Robustness, and Safety in Real-Time Software Requirements Specification, Technical Report 89-01, Information and Computer Science, University of California, Irvine, February. Japanese Ministry of International Trade and Industry (MITI). 1989. The Present State and Problems of Computer Virus, Agency of Industrial Science and Technology, Information-Technology Promotion Agency , Tokyo. Johnson, David R. and David Post. 1989. Computer Viruses, a white paper on the legal and policy issues facing colleges and universities, American Council on Education and Wilmer, Cutler & Pickering, Washington, D.C. Johnson, William. 1989. "Information espionage: An old problem with a new face," (Executive Report: Security in Open Times), Computerworld , October 23. Joseph, Mark K. and Algirdas Avizienis. 1988. "A fault tolerance approach to computer viruses," Computer, IEEE, May. Juitt, David. 1989. "Security assurance through system management," Proceedings of the 12th National Computer Security Conference, National Institute of Standards and Technology/National Computer Security Center, Baltimore, Md., October 10–13. Kahn, David. 1967. The Codebreakers: The Story of Secret Writing, Macmillan, New York. Karger, P. 1988. "Implementing commercial data integrity with secure capabilities," Proceedings of the 1988 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 18–21, pp. 130–139. Karon, Paul. 1988. "The hype behind computer viruses: Their bark may be worse than their 'byte,'" PC Week, May 31, p. 49. Kass, Elliot M. 1990. "Data insecurity," Information Week, March 19, p. 22. Keller, John J. 1990. "Software glitch at AT&T cuts off phone service for millions," Wall Street Journal, January 16, p. B1. Kemmerer, R. A. 1985. "Testing formal specifications to detect design errors," IEEE Transactions on Software Engineering, SE-11(1), pp. 32–43. Kemmerer, R. A. 1986. Verification Assessment Study Final Report, Volume I, Overview, Conclusions, and Future Directions, Library No. S-228,204, National Computer Security Center, Fort Meade, Md., March 27.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Publication 83, National Technical Information Service, Springfield, Va., September 29. National Bureau of Standards (NBS). 1980b. DES Modes of Operation, Federal Information Processing Standards Publication 81, National Technical Information Service, Springfield, Va., December. National Bureau of Standards (NBS). 1981a. Guidelines for ADP Contingency Planning, Federal Information Processing Standards Publication 87, National Technical Information Service, Springfield, Va., March 27. National Bureau of Standards (NBS). 1981b. Guideline on Integrity Assurance and Control in Database Administration, Federal Information Processing Standards Publication 88, National Technical Information Service, Springfield, Va., August 14. National Bureau of Standards (NBS). 1982. Executive Guide to ADP Contingency Planning, Stuart W. Katzke and James W. Shaw, NBS Special Publication 500-85, NBS, Washington, D.C., January. National Bureau of Standards (NBS). 1983. Guideline for Computer Security and Certification and Accreditation, Federal Information Processing Standards Publication 102, National Technical Information Service, Springfield, Va., September 27. National Bureau of Standards (NBS). 1984. Security of Personal Computer Systems: A Growing Concern, NBS, Gaithersburg, Md., April. National Bureau of Standards (NBS). 1985a. Security of Personal Computer Systems: A Management Guide, NBS Special Publication 500-120, NBS, Gaithersburg, Md., January. National Bureau of Standards (NBS). 1985b. Security for Dial-Up Lines , NBS Special Publication 500-137, NBS, Gaithersburg, Md., May. National Bureau of Standards (NBS). 1986. Work Priority Scheme for EDP Audit and Computer Security Review, NBS, Gaithersburg, Md., March. National Bureau of Standards (NBS). 1988. Guide to Auditing for Controls and Security: A System Development Life Cycle Approach, NBS Special Publication 500-153, NBS, Gaithersburg, Md., April. National Bureau of Standards/National Computer Security Center (NBS/NCSC). 1987. Proceedings of the 10th National Computer Security Conference , NBS/NCSC, Baltimore, Md., September. National Bureau of Standards/National Computer Security Center (NBS/NCSC). 1988. Proceedings of the 11th National Computer Security Conference , NBS/NCSC, Baltimore, Md., October. National Center for Computer Crime Data (NCCCD) and RGC Associates. 1989. Commitment to Security, NCCCD, Los Angeles, Calif. National Institute of Standards and Technology (NIST). 1988. Smart Card Technology: New Methods for Computer Access Control, NIST Special Publication 500-157, NIST, Gaithersburg, Md. National Institute of Standards and Technology (NIST). 1989a. Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS), NIST Special Publication 500-160, NIST, Gaithersburg, Md., January. National Institute of Standards and Technology (NIST). 1989b. Computer Viruses and Related Threats: A Management Guide, NIST Special Publication 500-166, NIST, Gaithersburg, Md., August. National Institute of Standards and Technology (NIST). 1989c. Report of the Invitational Workshop on Data Integrity, NIST Special Publication 500-168, NIST, Gaithersburg, Md., September. National Institute of Standards and Technology (NIST). 1990a. Secure Data Network Systems (SDNS) Network, Transport, and Message Security Protocols (NISTIR 90-4250), Secure Data Network Systems (SDNS) Access Control Documents (NISTIR 90-4259), Se-

OCR for page 216
Computers at Risk: Safe Computing in the Information Age cure Data Network Systems (SDNS) Key Management Documents (NISTIR 90-4262), NIST, Gaithersburg, Md. National Institute of Standards and Technology (NIST). 1990b. "Data Encryption Standard Fact Sheet," NIST, Gaithersburg, Md., January. National Institute of Standards and Technology (NIST). 1990c. Computer Security Publications, NIST Publication List 91, NIST, Gaithersburg, Md., March. National Institute of Standards and Technology (NIST). 1990d. Security Requirements for Cryptographic Modules, draft, Federal Information Processing Standards Publication 140-1, National Technical Information Service, Springfield, Va., July 13. National Institute of Standards and Technology (NIST). 1990e. Guidelines and Recommendations on Integrity, draft, NIST, Gaithersburg, Md., July 23. National Institute of Standards and Technology/National Computer Security Center (NIST/NCSC). 1989. Proceedings of the 12th National Computer Security Conference, NIST/NCSC, Baltimore, Md., October. National Institute of Standards and Technology/National Computer Security Center (NIST/NCSC). 1990. Analysis and Comments on the Draft Information Technology Security Evaluation Criteria (ITSEC), NIST, Gaithersburg, Md., August 2. National Institute of Standards and Technology/National Security Agency (NIST/NSA). 1989. Memorandum of Understanding Between Directors Concerning the Implementation of Public Law 100-235, Washington, D.C., March 24. National Research Council (NRC). 1983. Multilevel Data Management Security, Air Force Studies Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1984. Methods for Improving Software Quality and Life Cycle Cost, Air Force Studies Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1988a. Global Trends in Computer Technology and Their Impact on Export Control, Computer Science and Technology Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1988b. Toward a National Research Network, Computer Science and Technology Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1988c. Selected Issues in Space Science Data Management and Computation, Space Sciences Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1989a. Scaling Up: A Research Agenda for Software Engineering, Computer Science and Technology Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1989b. Growing Vulnerability of the Public Switched Networks: Implications for National Security Emergency Preparedness, Board on Telecommunications and Computer Applications, National Academy Press, Washington, D.C. National Research Council (NRC). 1989c. NASA Space Communications R&D: Issues, Derived Benefits, and Future Directions, Space Applications Board, National Academy Press, Washington, D.C., February. National Research Council (NRC). 1989d. Use of Building Codes in Federal Agency Construction, Building Research Board, National Academy Press, Washington, D.C. National Research Council (NRC). 1990. Keeping the U.S. Computer Industry Competitive: Defining the Agenda, Computer Science and Technology Board, National Academy Press , Washington, D.C. National Security Agency (NSA). 1985. Personal Computer Security Considerations, NCSC-WA-002—85, National Computer Security Center, Fort Meade, Md., December. National Security Agency (NSA). 1990a. "Press Statement: NCSC's Restructuring," NSA, Fort Meade, Md., August. National Security Agency (NSA). 1990b. "Evaluated products list for trusted computer

OCR for page 216
Computers at Risk: Safe Computing in the Information Age systems," Information Security Products and Services Catalogue, National Computer Security Center, Fort Meade, Md. National Security Agency/Central Security Service (NSA/CSS). 1986. Software Acquisition Manual, NSAM 81-2, Fort Meade, Md., May 15. National Security Agency/Central Security Service (NSA/CSS). 1987. Software Product Standards Manual, NSAM 81-3/DOD-STD-1703(NS), Fort Meade, Md., April 15. National Technical Information Service (NTIS). January 1988/October 1989. U.S. Department of Commerce, Published Search. Citations from the Computer Database: Computer Viruses and Computer Software Vaccines for Software Protection, NTIS, Washington, D.C. Needham, R. and M. Schroeder. 1978. "Using encryption for authentication in large networks of computers," Communications of the ACM, Vol. 21, No. 12, December , pp. 993–998. Network World. 1990. "Network security still slack," (art captioned "Computer Intelligence"), February 5, p. 33. Neumann, Peter G. 1986. "On hierarchical design of computer systems for critical applications," IEEE Transactions on Software Engineering , Vol. 12, No. 9, September, pp. 905–920. Neumann, Peter G. 1988. "A glitch in our computer thinking: We create powerful systems with pervasive vulnerabilities," Los Angeles Times , August 2, p. 7. Neumann, Peter G. 1989. "RISKS: Cumulative index of software engineering notes—Illustrative risks to the public in the use of computer systems and related technology," ACM Software Engineering Notes, Vol. 14, No. 1, January, pp. 22–26. (An updated index is to be published in the January 1991 issue, Vol. 16, No. 1.) Neumann, Peter G. 1990a. "Rainbows and arrows: How the security criteria address computer misuse," Proceedings of the 13th National Computer Security Conference, National Institute of Standards and Technology/National Computer Security Center, Washington, D.C., October. Neumann, Peter G. 1990b. "A perspective from the RISKS forum," Computers Under Attack: Intruders, Worms, and Viruses, Peter J. Denning (Ed.), ACM Press, New York. Neumann, Peter G. and D. B. Parker. 1989. "A summary of computer misuse techniques," Proceedings of the 12th National Computer Security Conference, National Institute of Standards and Technology/National Computer Security Center, Baltimore, Md., October 10–13, pp. 396–407. New York State, Committee on Investigations, Taxation, and Government Operations. 1989. Beware Computer 'Virus Attack', a staff report on the lack of security in state owned and operated computers, Albany, N.Y., July 28. New York Times. 1987. "German computer hobbyists rifle NASA's files," September 16. New York Times. 1988. "Computer systems under siege, here and abroad," January 31. New York Times. 1988. "Top secret, and vulnerable," April 15. New York Times. 1988. "Computer users fall victim to a new breed of vandals," May 19. New York Times. 1988. "Newspaper computer infected with a 'virus,'" May 25. New York Times. 1988. "Sabotage aimed at computer company destroys government computer data," July 4. New York Times. 1988. "Programmer convicted after planting a 'virus,'" September 21, p. D15. New York Times. 1988. "Car computer inquiry begun," November 17. New York Times. 1988. "Cyberpunks seek thrills in computerized mischief," November 26. New York Times. 1989. "2 accused of computer crimes in TV rivalry," May 11, p. A21. New York Times. 1990. "G.A.O. study of computers," February 21, p. D4. Newsweek. 1988. "Is your computer infected?" February 1.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Nordwall, Bruce D. 1989. "ITT avionics emphasizes development of software, improves electronic systems," Aviation Week & Space Technology , July 17, pp. 83, 85. Norman, Adrian R. D. 1983. Computer Insecurity, Chapman and Hall, New York. Nycum, Susan H. 1989. "Legal Exposures of the Victim of Computer Abuse under U.S. Law," International Bar Association (IBA) SBL Conference, Strasbourg, October 2–6, IBA, London, England. Nycum, Susan Hubbell. 1976. "The criminal law aspects of computer abuse, Part 1: State penal laws," Journals of Computers and Law, Vol. 5, pp. 271–295. Office of Management and Budget (OMB). 1988. Guidance for Preparation of Security Plans for Federal Computer Systems Containing Sensitive Information, OMB Bulletin No. 88-16, Washington, D.C., July. Office of Management and Budget (OMB). 1990. Guidance for Preparation of Security Plans for Federal Computer Systems that Contain Sensitive Information, OMB Bulletin No. 90-08, Washington, D.C., July. Office of Science and Technology Policy (OSTP). 1989. The Federal High-Performance Computing Program, Washington, D.C., September 8. Office of Technology Assessment (OTA). 1985. Federal Government Information Technology: Electronic Surveillance and Civil Liberties, OTA-CIT-293, October, U.S. GPO, Washington, D.C. Office of Technology Assessment (OTA). 1986a. Federal Government Information Technology: Management, Security, and Congressional Oversight , OTA-CIT-297, February, U.S. GPO, Washington, D.C. Office of Technology Assessment (OTA). 1986b. Federal Government Information Technology: Electronic Record Systems and Individual Privacy, OTA-CIT-296, June, U.S. GPO, Washington, D.C. Office of Technology Assessment (OTA). 1987a. The Electronic Supervisor: New Technology, New Tensions, OTA-CIT-333, September, U.S. GPO, Washington, D.C. Office of Technology Assessment (OTA). 1987b. Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information , OTA-CIT-310, October, U.S. GPO, Washington, D.C. Office of Technology Assessment (OTA). 1990. Critical Connections: Communications for the Future, OTA-CIT-407, January, U.S. GPO, Washington, D.C. Office of the Federal Register, National Archives and Records Administration. 1990. Code of Federal Regulations, Foreign Relations, Title 22, Parts 1 to 299, Subchapter M—International Traffic in Arms Regulations, revised April 1, pp. 333–390. Parker, Donn B. 1976. Crime by Computer, Charles Scribner's Sons, New York. Parker, Donn B. 1983. Fighting Computer Crime, Charles Scribner's Sons, New York. Parnas, David L., A. J. van Schouwen, and S. P. Kwan. 1990. "Evaluation of safety critical software," Communications of the ACM, Vol. 33, No. 6, June, pp. 636–648. Paul, Bill. 1989. "Electronic theft is routine and costs firms billions, security experts say," Wall Street Journal, October 20, p. 1. Paul, Bill. 1990. "Blackouts on East Coast are called unavoidable," Wall Street Journal, February 28, p. B4. Paul, James. 1989. Bugs in the Program—Problems in Federal Government Computer Software Development and Regulation, Subcommittee on Investigations and Oversight, U.S. House of Representatives, September. Paulk, Mark C. 1989. "Review of the computer virus crisis," IEEE Computer, July, p. 122. PC Magazine. 1988a. "Virus wars: A serious warning," February 29. PC Magazine. 1988b. "Why it's time to talk about viruses," June 28, pp. 33–36. Pearson, Dorothy. 1988. "MIS mangers launch counterattack to stem rising virus epidemic," PC Week, August 29, pp. 23–24.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Pellerin, Cheryl. 1990. "Lights-out computing: Agencies are discovering the benefits of unattended computer centers," Federal Computer Week , March 19. Peterson, Ivars. 1988. "A digital matter of life and death," Science News, March 12, pp. 170–171. Pittelli, Frank M. and Hector Garcia-Molina. 1989. "Reliable scheduling in a TMR database system," ACM Transactions on Computer Systems, Vol. 7, No. 1, February. Podell, Harold J. and Marshall D. Abrams. 1989. "A computer security glossary for the advanced practitioner," Computer Security Journal , Vol. IV, No. 1, pp. 69–88. Pollack, Andrew. 1990. "Revlon sues supplier over software disabling," New York Times, October 25, pp. D1, D4. Ponting, Bob. 1988. "Some common sense about network viruses, and what to do about them," (Newsfront section), Data Communications, April, p. 60. Poore, Jesse H. and Harlan D. Mills. 1989. An Overview of the Cleanroom Software Development Process, unpublished paper presented at the Formal Methods Workshop, Halifax, Nova Scotia, July. Available from the Department of Computer Science, University of Tennessee, Knoxville. Poos, Bob. 1990. "AF amends RFP to clarify security needs," Federal Computer Week, February 19, p. 4. Potts, Mark. 1989. "When computers go down, so can firms' bottom lines," Washington Post, November 2. Prefontaine, Daniel C., Canadian Department of justice. 1990. "Future trends," presented at the Forum on the International Legal Vulnerability of Financial Information, Royal Bank of Canada, Toronto, February 26–28. President's Council on Integrity and Efficiency. 1988. Review of General Controls in Federal Computer Systems, U.S. GPO, Washington, D.C., October. President's Council on Management Improvement & President's Council on Integrity and Efficiency. 1988. Model Framework for Management Control Over Automated Information Systems, U.S. GPO, Washington, D.C., January. Privacy Times (Evan Hendricks, Ed.). 1989. Vol. 9, No. 16, September 19, Washington, D.C. Rabin, Michael O. and J. D. Tygar. 1987. An Integrated Toolkit for Operating System Security, Harvard University, Cambridge, Mass., May. Reuter. 1990. "Man faces charges of computer fraud," Washington Post , February 4, p. A18. Richards, Evelyn. 1989. "Study: Software bugs costing U.S. billions," Washington Post, October 17, pp. D1, D5. Richardson, Jennifer. 1990a. "Federal reserve defends Fedwire security," Federal Computer Week, February 26, p. 4. Richardson, Jennifer. 1990b. "Federal reserve adds security to Fedwire," Federal Computer Week, April 9. Rinkerman, Gary. 1983. "Potential liabilities of independent software testing and certification organizations," Computer Law Reporter, Vol. 1, No. 5, March, pp. 725–727. Rivest, R., A. Shamir, and L. Adelman. 1978. "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, Vol. 21, No. 2, February, pp. 120–126. Rochlis, Jon A. and Mark W. Eichin. 1989. "With microscope and tweezers: The worm from MIT's perspective," Communications of the ACM, Vol. 32, No. 6, June, pp. 689–698. Rothfeder, Jeffrey, et al. 1990. "Is your boss spying on you?" Business Week, January 15, p. 74. Rumbelow, Clive. 1981. "Liability for programming errors," International Business Lawyer, Vol. 9, (vii/viii), United Kingdom.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Rutz, Frank. 1988. "DOD fights off computer virus," Government Computer News, Vol. 7, No. 3, February 5, p. 1. Safire, William. 1990. "Spies of the future," New York Times, March 16, p. A35. Salpukas, Agis. 1989. "Computer chaos for air travelers," New York Times, May 13, p. A1. Saltman, Roy. 1988. "Accuracy, integrity and security in computerized vote-tallying," Communications of the ACM, Vol. 31, No. 10, October, pp. 1184–1191. Saltzer, J. and M. Schroeder. 1975. "The protection of information in computer systems," Proceedings: IEEE, Vol. 63, No. 9, September, pp. 1278–1308. Savage, J. A. 1990. "Apollo blasted by users over system security glitches," Computerworld, October 8, p. 49. Saydjari, O. Sami, Joseph M. Beckman, and Jeffrey R. Leaman. 1987. "Locking computers securely," Proceedings of the 10th National Computer Security Conference, National Bureau of Standards/National Computer Security Center, Baltimore, Md., September 21–24, pp. 129–141. Saydjari, O. Sami, J. M. Beckman, and J. R. Leaman. 1989. "LOCK trek: Navigating uncharted space," Proceedings of the 1989 IEEE Computer Society Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., May, pp. 167–175. Scherlis, William L., Stephen L. Squires, and Richard D. Pethia. 1990. "Computer Emergency Response," Computers Under Attack: Intruders, Worms, and Viruses, Peter Denning (Ed.), ACM Press, New York. Schlichting, R. and R. Schneider. 1983. "Fail-stop processors: An approach to designing fault-tolerant computing systems," ACM Transactions on Computer Systems, Vol. 1, No. 3, August, pp. 222–238. Schmitt, Warren. 1990. Information Classification and Control, Sears Technology Services, Schaumburg Ill., January. Schultz, Eugene. 1990. "Forming and managing CIAC: Lessons learned," unpublished presentation at CERT Workshop, June 20, Pleasanton, Calif., Lawrence Livermore National Laboratory, Livermore, Calif. Schuman, Evan. 1989. "Never mind OSF/1, here's OSF/2," UNIX Today, November 27, pp. 1, 26. Selby, R. W., V. R. Basili, and F. T. Baker. 1987. "Cleanroom software development: An empirical evaluation," IEEE Transactions on Software Engineering, Vol. SE-13, No. 9. Selz, Michael. 1989. "Computer vaccines or snake oil?" Wall Street Journal, October 13, p. B6. Sennett, C. T. 1989. Formal Methods in the Production of Secure Software , Royal Signals and Radar Establishment, Malvern, United Kingdom, pp. 1–2. Seymour, Jim, and Jonathan Matzkin. 1988. "Confronting the growing threat of computer software viruses," PC Magazine, June 28, pp. 33–36. Shatz, Willie. 1990. "The terminal men: Crackdown on the 'Legion of Doom' ends an era for computer hackers," Washington Post, June 24, pp. H1, H6. Shoch, John F. and Jon A. Hupp. 1982. "The 'worm' programs—Early experience with a distributed computation," Computing Practices, March, pp. 172–180. Shore, John. 1988. "Why I never met a programmer I could trust," Communications of the ACM, Vol. 31, No. 4, April, p. 372. Simitis, S. (Ed.). 1987. The Hessian Data Protection Act, Editor: the Hessian Data Protection Commissioner, Uhlandstrasse 4, 6200 Wiesbaden, Federal Republic of Germany. Publisher: Wiesbadener Graphische Betriebe GmbH, Wiesbaden. Simmons, G. 1988. "A survey of information authentication," Proceedings: IEEE, Vol. 76, No. 5, May, pp. 603–620. Simpson, Glenn. 1989. "Can you count on the vote count?" Insight, January 9, p. 23. Sims, Calvin. 1989. "Not everyone applauds new phone services," New York Times, December 13, p. 6.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Sims, Calvin. 1990. "Computer failure disrupts AT&T long distance," New York Times, January 16, pp. A1, A24. Sloan, Irving J. 1984. Computers and the Law, Oceana Publications, New York. Smith, Kerry M. L. 1988. "Suing the provider of computer software: How courts are applying U.C.C. Article Two, strict tort liability, and professional malpractice," Willamette Law Review, Vol. 24, No. 3, Summer, pp. 743–766. Smith, Tom. 1989. "IBM's new release of RACF, other security tools bow," Network World, October 30, pp. 4, 60. Snyders, Jan. 1983. "Security software doubles your protection," Computer Decisions, Vol. 15, No. 9, September, pp. 46, 50–56. Solomon, J. 1982. "Specification-to-code correlation," Proceedings of the 1982 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April. Soma, John T. 1983. Computer Technology and the Law, Shepard's/McGraw-Hill, Colorado Springs, Colo. Soper, Keith. 1989. "Integrity vs. security: Avoiding the trade-off," Computerworld, June 12, pp. 79–83. Spafford, Eugene H. 1989a. The Internet Worm Program: An Analysis, Purdue Technical Report CSD-TR-823, Department of Computer Science, Purdue University, West Lafayette, Ind. Spafford, Eugene H. 1989b. "Crisis and aftermath," Communications of the ACM, Vol. 32, No. 6, June, pp. 678–687. Specter, Michael. 1990. "Revenge on the nerds," Washington Post, February 11, p. C5. Sprouse, Robert T. 1987. "Commentary: On the SEC-FASB partnership," Accounting Horizons, December, pp. 92–95. SRI International. 1989. International Information Integrity Institute (I-4) Annual Report 1989, Menlo Park, Calif. Steiner, Jennifer, C. Neuman, and J. I. Schiller. 1988. "Kerberos: An authentication service for open network systems," USENIX Dallas Winter 1988 Conference Proceedings, USENIX Association, Berkeley, Calif., pp. 191–202. Stipp, David. 1990. "Virus verdict likely to have limited impact," Wall Street Journal, January 24, pp. B1, B7. Stoll, Clifford. 1988. "Stalking the Wily Hacker," Communications of the ACM, Vol. 31, No. 5, May, pp. 484–497. Stoll, Clifford. 1989. The Cuckoos's Egg, Doubleday, New York. Strauss, Paul R. 1989. "Lesson of the lurking software glitch," Data Communications, June 21, p. 9. Streitfeld, David. 1989. "Personal data, on the record," Washington Post, September 26, p. D5. Sweet, Walter. 1990. "Global nets elevate security concerns," Network World, July 30, pp. 23–24. Tanebaum, A. 1981. Computer Networks, Prentice-Hall, Englewood Cliffs, N.J. Thackeray, Gail. 1985. "Computer-related crimes: An outline," Jurimetrics Journal, Spring, pp. 300–318. Thompson, K. 1984. "Reflections on trusting trust," (1983 Turing Award Lecture), Communications of the ACM, Vol. 27, No. 8, August, pp. 761–763. Time. 1988. "Computer viruses," (cover story), September 26. Toigo, Jon William. 1990. "SECURITY: Biometrics creep into business," Computerworld, June 11, pp. 75–78. Tompkins, F. G. 1984. NASA Guidelines for Assuring the Adequacy and Appropriateness of Security Safeguards in Sensitive Applications, MTR-84W179, The MITRE Corp., Metrek Division, McLean, Va., September. Turn, Rein. 1980. "An overview of transborder data flow issues," Proceedings of the 1980

OCR for page 216
Computers at Risk: Safe Computing in the Information Age IEEE Computer Society Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 14–16, pp. 3–8. Turn, Rein. 1990. "Information privacy issues for the 1990s," Proceedings of the 1990 IEEE Computer Society Symposium on Security and Privacy , IEEE Computer Society, Oakland, Calif., May 7–8. Turner, Judith Axler. 1988. "Security officials ask researchers not to make 'virus' copies available," The Chronicle of Higher Education , No. 13, November 23, pp. 1, A12. Tzu, Sun. 1988. The Art of War, (translated by Thomas Cleary), Shambhala, Boston. U.K. Communications-Electronics Security Group/Department of Trade and Industry (CESG/DTI). 1990. UKIT Security Evaluation and Certification Scheme, Publication No. 1: Description of the Scheme, Final Draft Version 2.3, UKSP 01, Cheltenham, England, July 13. U.K. Department of Trade and Industry (DTI). 1989. Overview Manual (V01), Glossary (V02), Index (V03), Users' Code of Practice (V11), Security Functionality Manual (V21), Evaluation Levels Manual (V22), Evaluation and Certification Manual (V23), Vendors' Code of Practice (V31), Version 3.0, Commercial Computer Security Centre, London, England, February. U.K. Ministry of Defence. 1989a. Requirements for the Procurement of Safety Critical Software in Defense Equipment, Interim Defense Standard 00-55, Glasgow, United Kingdom, May. U.K. Ministry of Defence. 1989b. Requirements for the Analysis of Safety Critical Hazards, Interim Defense Standard 00–56, Glasgow, United Kingdom, May. Ulbrich, B. and J. Collins. 1990. "Announcing Sun Microsystem's Customer Warning System for security incident handling," X-Sun-Spots-Digest , Vol. 9, No. 308, message 13. Underwriters Laboratories, Inc. 1989. Underwriters Laboratories, Inc. 1988 Annual Report, Underwriters Laboratories, Inc., Northbrook, Ill. Underwriters Laboratories, Inc. 1990a. The Proposed First Edition of the Standards for Safety-related Software , UL-1998, Underwriters Laboratories, Inc., Northbrook, Ill., August 17. Underwriters Laboratories, Inc. 1990b. UL Yesterday today tomorrow , Underwriters Laboratories, Inc., Northbrook, Ill. University of California, Los Angeles (UCLA). 1989. Sixth Annual UCLA Survey of Business School Computer Usage, John E. Anderson Graduate School of Management, UCLA, Los Angeles, Calif., September. U.S. Bureau of Alcohol, Tobacco and Firearms. 1988. "Explosive Incidents Report 1987," Washington, D.C. U.S. Congress, House, Committee on the Judiciary, Subcommittee on Crime. 1983. Counterfeit Access Device and Computer Crime: Hearings on H.R. 3181, H.R. 3570, and H.R. 5112, 98th Cong., 1st and 2nd sess., September 29 and November 10, 1983, and March 28,1984, U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on the Judiciary, Subcommittee on Crime. 1985. Computer Crime and Computer Security: Hearing on H.R. 1001 and H.R. 930, 99th Cong., 1st sess., May 25, U.S. GPO, Washington, D.C. U.S. Congress, House. 1986. Computer Fraud and Abuse Act of 1986, Public Law 99–474, H.R. 4718, October 16, H. Rept. 100–153(I), U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on the Judiciary. 1986. Computer Fraud and Abuse Act of 1986: Report to Accompany H.R. 4712, 99th Cong., 2nd sess. , U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on the Judiciary. 1986. Computer Fraud and Abuse Act of 1986: Report to Accompany H.R. 5616, 99th Cong., 2nd sess., U.S. GPO, Washington, D.C.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age U.S. Congress, House, Committee on Government Operations, Legislation and National Security Subcommittee. 1987. Computer Security Act of 1987: Hearings on H.R. 145 Before a Subcommittee of the Committee on Government Operations, 100th Cong., 1st sess., February 25 and 26 and March 17, U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on Science, Space, and Technology. 1987. Computer Security Act of 1987: Report to Accompany H.R. 145, 100th Cong., 1st sess., U.S. GPO, Washington, D.C. U.S. Congress, House, Technology Policy Task Force of the Committee on Science, Space, and Technology. 1987. Communications and Computers in the 21st Century: Hearing, 100th Cong., 1st sess., June 25, U.S. GPO, Washington, D.C. U.S. Congress, House. 1989. Computer Protection Act of 1989, H.R. 287, 101st Cong., 1st sess., January 3, U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on Energy and Commerce, Subcommittee on Telecommunications and Finance. 1989. Hearing to Examine the Vulnerability of National Telecommunications Networks to Computer Viruses, 101st Cong., 1st sess., July 20, U.S. GPO, Washington, D.C. U.S. Congress, House. 1989. Computer Network Protection Act of 1989 , H.R. 3524, 101st Cong., 1st sess., October 25, U.S. GPO, Washington, D.C. U.S. Congress, House. 1989. Data Protection Act of 1989, H.R. 3669, 101st Cong., 1st sess., November 15, U.S. GPO, Washington, D.C. U.S. Congress, House. 1989. Computer Virus Eradication Act of 1989 , H.R. 55, 101st Cong., 1st sess., U.S. GPO, Washington, D.C. U.S. Congress, House, Committee on Energy and Commerce, Subcommittee on Telecommunications and Finance. 1990. Oversight Hearing to Receive the Findings of the U.S. General Accounting Office on the Vulnerability of United States Securities Trading, Electronic Funds Transfer, and Financial Message Systems to Computer Viruses, 101st Cong., 2nd sess., February 21, U.S. GPO, Washington, D.C. U.S. Congress, Senate, Committee on the Judiciary. 1986. Electronic Communications Privacy Act of 1986: Report to Accompany S. 2575, 99th Cong., 2nd sess., U.S. GPO, Washington, D.C. U.S. Congress, Senate, Judiciary Subcommittee on Patents, Copyrights, and Trademarks. 1989. Computer Software Rental Amendments Act (S. 198): Hearings, 101st Cong., 1st sess., April 19, U.S. GPO, Washington, D.C. U.S. Congress, Senate, Judiciary Subcommittee on Technology and the Law. 1989. Hearing on Computer Viruses, 101st Cong., 1st sess., May 15, U.S. GPO, Washington, D.C. U.S. Congress, Senate. 1990. Computer Abuse Amendment Act of 1990, S. 2476, 101st Cong., 2nd sess., April 19, U.S. GPO, Washington, D.C. U.S. Department of Defense (DOD). 1985a. Password Management Guideline , CSC-STD-002-85, also known as the Green Book, National Computer Security Center, Fort Meade, Md., April 12. U.S. Department of Defense (DOD). 1985b. Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements, Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments, also known as the Yellow Book, National Computer Security Center, Fort Meade, Md., June 25. U.S. Department of Defense (DOD). 1985c. Keeping the Nation's Secrets , Commission to Review DOD Security Policies and Practices, Washington, D.C., November. U.S. Department of Defense (DOD). 1985d. Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, also known as the Orange Book, National Computer Security Center, Fort Meade, Md., December (superseded CSC-STD-001-83 dated August 15, 1983). U.S. Department of Defense (DOD). 1987. Trusted Network Interpretation of the Trusted

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Computer System Evaluation Criteria, NCSC-TG-005, Version 1, also known as the Red Book, or TNI, National Computer Security Center, Fort Meade, Md., July 31. U.S. Department of Defense (DOD). 1988a. ''Improvements in computer security procedures," Office of Assistant Secretary of Defense, Public Affairs, Washington, D.C., January 6. U.S. Department of Defense (DOD). 1988b. Glossary of Computer Security Terms, NCSC-TG-004, Version 1, National Computer Security Center, Fort Meade, Md., October 21. U.S. Department of Defense (DOD). 1988c. "DARPA establishes computer emergency response team," Office of Assistant Secretary of Defense, Public Affairs, Washington, D.C., December 6. U.S. Department of Defense (DOD), Defense Acquisition Board. 1990. Department of Defense Software Master Plan, draft, February 9. U.S. Department of Energy. 1985. Sensitive Unclassified Computer Security Program Compliance Review Guidelines, DOE/MA-0188/1, Assistant Secretary, Management and Administration, Directorate of Administration, Office of ADP Management, Washington, D.C., June (revised September 1985). U.S. Department of Energy, Energy Information Administration. 1986. Sensitive Computer Applications Certification/Recertification Policy and Procedures, EI 5633.1, initiated by ADP Services Staff, Washington, D.C., October. U.S. Department of Energy. 1988. Unclassified Computer Security Program , DOE 1360.2A, initiated by Office of ADP Management, Washington, D.C., May. U.S. Department of Justice (DOJ), National Institute of Justice. 1989. Computer Crime: Criminal Justice Resource Manual, Washington, D.C., August. U.S. Department of the Treasury. 1989. "Reports of crimes and suspected crimes," Federal Register, Vol. 54, No. 117, June 20. U.S. Food and Drug Administration (FDA). 1987. Policy for the Regulation of Computer Products, draft, FDA, Rockville, Md., September 9. U.S. Food and Drug Administration (FDA). 1988. Reviewer Guidance for Computer-Controlled Medical Devices, draft, FDA, Rockville, Md., July 25. Veterans Administration, Office of Information, Systems, and Telecommunications. 1987. Computer Security: A Handbook for VA Managers and End-Users, July. Available from U.S. Department of Veterans Affairs, Washington, D.C. Voelcker, John. 1988. "Spread of computer viruses worries users," The Institute (a publication of the Institute of Electrical and Electronics Engineers), Vol. 12, No. 6, June, p. 1. Wald, Matthew L. 1990. "Experts diagnose telephone 'crash'," New York Times, January 16, p. A25. Waldrop, Mitchell M. 1989. "Flying the electric skies," Science, Vol. 244, pp. 1532–1534. Walker, B. J., R. A. Kemmerer, and G. J. Popek. 1980. "Specification and verification of the UCLA Unix security kernel," Communications of the ACM, Vol. 23, No. 2, 1980, pp. 118–131. Walker, Stephen T. 1985. "Network security overview," Proceedings of the 1985 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 22–24, pp. 62–76. Wall Street Journal. 1988. "First computer message on stopping virus took 48 hours to reach target," November 8, p. B5. Wall, Wendy L. 1989. "Few firms plan well for mishaps that disable computer facilities," Wall Street Journal, May 31. Washington Post. 1988. "Searching for a better computer shield," November 13, pp. H1, H6.

OCR for page 216
Computers at Risk: Safe Computing in the Information Age Washington Post. 1989. "Computer virus strikes Michigan hospital," March 23. Washington Post. 1990. "Man faces charges of computer fraud," February 4, p. A18. Washington University Law Quarterly. 1977. "Potential liability: Conclusion," Vol. 405, No. 3, p. 433. Webb, Ben. 1989. "Plan to outlaw hacking," Nature, Vol. 341, October 19, p. 559. Weil, Martin. 1989. "Double malfunction grounds thousands," Washington Post, November 4, pp. B1, B4. Williams, Gurney III. 1988. "UL: What's behind the label," Home Mechanix , pp. 78–80, 87–88. Winans, Christopher. 1990. "Personal data travels, too, through agencies," Wall Street Journal, March 27, p. B1. Wines, Michael. 1990. "Security agency debates new role: Economic spying," New York Times, June 18, p. A1. Wing Jeannette. 1990. "A specifier's introduction to formal methods," IEEE Computer, September. Wright, Karen. 1990. "The road to the global village," Scientific American, March, pp. 83–94. Young Catherine L. 1987. "Taxonomy of computer virus defense mechanisms," Proceedings of the 10th National Computer Security Conference, National Bureau of Standards/National Computer Security Center, Baltimore, Md., September 21–24, pp. 220–225. Young W. D. and J. McHugh. 1987. "Coding for a believable specification to implementation mapping," Proceedings of the 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society, Oakland, Calif., April 27–29, pp. 140–148. Youngblut, Christine, et al. 1989. "SDS Software Testing and Evaluation," IDA Paper P-2132, Institute for Defense Analyses, Alexandria, Va., February. Zachary, G. Pascal. 1990. "U.S. agency stands in way of computer-security tool," Wall Street Journal, July 9, pp. B1, B3. Zeil, Steven J. 1989. Constraint Satisfaction and Test Data Generation," Old Dominion University, Norfolk, Va.