National Academies Press: OpenBook

Trust in Cyberspace (1999)

Chapter: Front Matter

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Trust in Cyberspace

Fred B. Schneider, Editor

Committee on Information Systems Trustworthiness

Computer Science and Telecommunications Board
Commission on Physical Sciences, Mathematics, and Applications
National Research Council

National Academy Press
Washington, D.C. 1998

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page ii

NOTICE: The project that is the subject of this report was approved by the Governing Board of the NationalResearch Council, whose members are drawn from the councils of the National Academy of Sciences, the NationalAcademy of Engineering, and the Institute of Medicine. The members of the committee responsible for the reportwere chosen for their special competences and with regard for appropriate balance.
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguishedscholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology andto their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, theAcademy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr.Bruce Alberts is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academyof Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in theselection of its members, sharing with the National Academy of Sciences the responsibility for advising the federalgovernment. The National Academy of Engineering also sponsors engineering programs aimed at meeting nationalneeds, encourages education and research, and recognizes the superior achievements of engineers. Dr. William A.Wulf is president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure theservices of eminent members of appropriate professions in the examination of policy matters pertaining to the healthof the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues ofmedical care, research, and education. Dr. Kenneth I. Shine is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associatethe broad community of science and technology with the Academy's purposes of furthering knowledge and advisingthe federal government. Functioning in accordance with general policies determined by the Academy, the Councilhas become the principal operating agency of both the National Academy of Sciences and the National Academy ofEngineering in providing services to the government, the public, and the scientific and engineering communities.The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce Alberts and Dr.William A. Wulf are chairman and vice chairman, respectively, of the National Research Council.
Support for this project was provided by the Defense Advanced Research Projects Agency and the NationalSecurity Agency. Any opinions, findings, conclusions, or recommendations expressed in this material are those ofthe authors and do not necessarily reflect the views of the sponsors.

Library of Congress Catalog Card Number 98-xxx
International Standard Book Number xxx

Additional copies of this report are available from:
National Academy Press
2101 Constitution Avenue, N.W.
Box 285
Washington, DC 20055
800/624-6242
202/334-3313 (in the Washington Metropolitan Area)

Copyright 1998 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page iii

COMMITTEE ON INFORMATION SYSTEMS TRUSTWORTHINESS

FRED B. SCHNEIDER, Cornell University, Chair

STEVEN M. BELLOVIN, AT&T Labs Research

MARTHA BRANSTAD, Trusted Information Systems Inc.

J. RANDALL CATOE, MCI Telecommunications Inc.

STEPHEN D. CROCKER, CyberCash Inc.

CHARLIE KAUFMAN, Iris Associates Inc.

STEPHEN T. KENT, BBN Corporation

JOHN C. KNIGHT, University of Virginia

STEVEN McGEADY, Intel Corporation

RUTH R. NELSON, Information System Security

ALLAN M. SCHIFFMAN, SPYRUS

GEORGE A. SPIX, Microsoft Corporation

DOUG TYGAR, University of California, Berkeley

Special Advisor

W. EARL BOEBERT, Sandia National Laboratories

Staff

MARJORY S. BLUMENTHAL, Director

JANE BORTNICK GRIFFITH, Interim Director (1998)

HERBERT S. LIN, Senior Scientist

ALAN S. INOUYE, Program Officer

MARK BALKOVICH, Research Associate (until July 1998)

LISA L. SHUM, Project Assistant (until August 1998)

RITA A. GASKINS, Project Assistant

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page iv

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

DAVID D. CLARK, Massachusetts Institute of Technology, Chair

FRANCES E. ALLEN, IBM T.J. Watson Research Center

JAMES CHIDDIX, Time Warner Cable

JOHN M. CIOFFI, Stanford University

W. BRUCE CROFT, University of Massachusetts, Amherst

A.G. FRASER, AT&T Corporation

SUSAN L. GRAHAM, University of California at Berkeley

JAMES GRAY, Microsoft Corporation

PATRICK M. HANRAHAN, Stanford University

JUDITH HEMPEL, University of California at San Francisco

BUTLER W. LAMPSON, Microsoft Corporation

EDWARD D. LAZOWSKA, University of Washington

DAVID LIDDLE, Interval Research

JOHN MAJOR, QUALCOMM Inc.

TOM M. MITCHELL, Carnegie Mellon University

DONALD NORMAN, Hewlett-Packard Company

RAYMOND OZZIE, Groove Networks

DAVID A. PATTERSON, University of California at Berkeley

DONALD SIMBORG, KnowMed Systems

LEE SPROULL, Boston University

LESLIE L. VADASZ, Intel Corporation

MARJORY S. BLUMENTHAL, Director

JANE BORTNICK GRIFITH, Interim Director (1998)

HERBERT S. LIN, Senior Staff Officer

JERRY R. SHEEHAN, Program Officer

ALAN S. INOUYE, Program Officer

JON EISENBERG, Program Officer

JANET BRISCOE, Administrative Associate

NICCI DOWD, Project Assistant

RITA GASKINS, Project Assistant

DAVID PADGHAM, Project Assistant

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page v

COMMISSION ON PHYSICAL SCIENCES, MATHEMATICS, AND APPLICATIONS

ROBERT J. HERMANN, United Technologies Corporation, Co-chair

W. CARL LINEBERGER, University of Colorado, Co-chair

PETER M. BANKS, Environmental Research Institute of Michigan

WILLIAM BROWDER, Princeton University

LAWRENCE D. BROWN, University of Pennsylvania

RONALD G. DOUGLAS, Texas A&M University

JOHN E. ESTES, University of California at Santa Barbara

MARTHA P. HAYNES, Cornell University

L. LOUIS HEGEDUS, Elf Atochem North America Inc.

JOHN E. HOPCROFT, Cornell University

CAROL M. JANTZEN, Westinghouse Savannah River Company

PAUL G. KAMINSKI, Technovation, Inc.

KENNETH H. KELLER, University of Minnesota

KENNETH I. KELLERMANN, National Radio Astronomy Observatory

MARGARET G. KIVELSON, University of California at Los Angeles

DANIEL KLEPPNER, Massachusetts Institute of Technology

JOHN KREICK, Sanders, a Lockheed Martin Company

MARSHA I. LESTER, University of Pennsylvania

NICHOLAS P. SAMIOS, Brookhaven National Laboratory

CHANG-LIN TIEN, University of California at Berkeley

NORMAN METZGER, Executive Director

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

There was a problem loading page R6.

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page vii

Preface

Experts have known for some time that networked information systems are not trustworthy and that the technology needed to make them trustworthy was, by and large, not at hand. Our nation is nevertheless becoming dependent on such systems for operating its critical infrastructures (e.g., transportation, communication, finance, and energy distribution). Over the past 2 years, the implications of this dependence—vulnerability to attack and susceptibility to disaster—have become a part of the national agenda. Concerns first voiced from within the defense establishment (under the rubric of "information warfare") led the executive branch to create the President's Commission on Critical Infrastructure Protection and, later, the Critical Infrastructure Assurance Office. The popular press embraced the issues, carrying them to a public already sensitized by direct and collateral experience with the failings of computing systems and networks. So a subject once discussed only in the technical literature is now regularly appearing on the front pages of newspapers and being debated in the Congress. And the present study, initiated at the request of the Defense Advanced Research Projects Agency (DARPA) and the National Security Agency (NSA) some 2 years ago, today informs a discussion of national significance. In particular, this study moves the focus of the discussion forward from matters of policy and procedure and from vulnerabilities and their consequences toward questions about the richer set of options that only new science and technology can provide.

The study committee was convened by the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) to assess the nature of information systems trustworthiness and the prospects for technology that increase it. The committee was asked to examine, discuss, and report on interrelated issues associated with the research, development, and commercialization of technologies for trustworthy systems and to use its assessment to develop recommendations for research to enhance information systems trustworthiness (see Box P.1). This volume contains the results of that study: a detailed research agenda that examines the many dimensions of trustworthiness (e.g., correctness, security, reliability, safety, survivability), the state of the practice, and the available technology and science base. Since the economic and political context is critical to the successful deployment of new technologies, that too is discussed.

The alert reader will have noted that the volume's title Trust in Cyberspace admits two interpretations. This ambiguity was intentional. Parse "trust" as a noun (as in "confidence" or "reliance") and the title succinctly describes the contents of the volume—technologies that help make networked information systems more trustworthy. Parse "trust'' as a verb (as in "to believe") and the title is an invitation to contemplate a future where networked information systems have become a safe place for conducting parts of our daily lives.1 Whether "trust" is being parsed as a noun or the verb, more research is key for trust in cyberspace.

1 One reviewer, contemplating the present, suggested that a question mark be placed at the end of the title to raise questions about the trustworthiness of cyberspace today. And this is a question that the report does raise.

Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page viii

Committee Composition And Process

The study committee included experts on computing and communications systems from industry and academia whose expertise spanned computer and communications security, software engineering, fault-tolerance, systems design and implementation, and networking (see Appendix A). The committee did its work through its own expert deliberations and by soliciting input and discussion from key officials in its sponsoring agencies, other government officials, academic experts, and representatives of a wide range of developers and users of information systems in industry (see Appendix B). The committee did not make use of classified information, believing that detailed knowledge of threats was not important to the task at hand.

The committee first met in June 1996 and eight times subsequently. Three workshops were held to obtain input from a broad range of experts in systems security, software, and networking drawn primarily from industry (see Appendixes C and D). Since information about the NSA R2 research program is less-widely available than for relevant programs at DARPA and other federal agencies, the entire committee visited NSA for a more in-depth examination of R2's research program; subsequent meetings involving NSA R2 personnel and a subset of the committee provided still further input to the study. Staff tracked the progress of relevant activities in the legislative and executive branches in government, including the President's Commission on Critical Infrastructure Protection, Critical Information Assurance Office, and congressional hearings. Staff also sought input from other governmental and quasi-governmental organizations with relevant emphases. Additional inputs included perspectives from professional conferences, technical literature, and government reports gleaned by committee members and staff.

In April 1997, the committee released an interim report that outlined key concepts and known technologies. That report, subject to the NRC review process, generated a number of follow-up comments that helped to guide the committee in its later work.

Acknowledgments

The committee is grateful to the many thoughtful reviewers of its interim and final reports, and it appreciates the efforts of the review coordinator. The committee would like to acknowledge Thomas A. Berson (Anagram Laboratories), Dan Boneh (Stanford University), Eric A. Brewer (University of California, Berkeley), Dorothy Denning (Georgetown University), Bruce Fette (Motorola), John D. Gannon (University of Maryland), Li Gong (JavaSoft Inc., Sun Microsystems Inc.), Russ Housley (Spyrus Inc.), John C. Klensin (MCI Communications Corporation), Jimmy Kuo (McAfee Associates Inc.), Steven B. Lipner (Mitretek Systems), Keith Marzullo (University of California at San Diego), Alan J. McLaughlin (Massachusetts Institute of Technology), Robert Morris, Sr. (National Security Agency (retired)), Peter G. Neumann (SRI International), Jimmy Omura (Cylink Corporation), Stewart Personick (Drexel University), Roy Radner (New York University), Morteza Rahimi (Northwestern University), Jeffrey I. Schiller (Massachusetts Institute of Technology), Michael St. Johns (@Home Network), Joseph Sventek (Hewlett-Packard Laboratories), J. Marty Tenenbaum (CNgroup, Inc.), Abel Weinrib (Intel Corporation), Jeannette M. Wing (Carnegie Mellon University), and Mary Ellen Zurko (The Open Group Research Institute).

The committee appreciates the support of its sponsoring agencies, and especially the numerous inputs and responses to requests for information provided by Howard Frank and Teresa Lunt at DARPA, Robert Meushaw at NSA, and John Davis at NSA and the Critical Infrastructure Assurance Office. The support of K. David Nokes at Sandia National Laboratories was extremely helpful in facilitating this study and the preparation of this report.

In addition, the committee would like to thank Jeffrey Schiller for his valuable perspective on Internet standards-setting. The committee would also like to thank individuals who contributed their expertise to the committee's deliberations: Robert H. Anderson (RAND Corp.), Ken Birman (Cornell University), Chip Boylan (Hilb, Rogal, and Hamilton Co.), Robert L. Constable (Cornell University), Dale

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page ix

Drew (MCI Security Services), Bill Flanagan (Perot Systems Corporation), Fred Howard (Bell Atlantic Voice Operations), Keith Marzullo (University of California at San Diego), J.S. Moore (University of Texas at Austin), Peter G. Neumann (SRI International), John Pescatore (Trusted Information Systems), John Rushby (SRI International), Sami Saydjari (Defense Advanced Research Projects Agency), Dan Shoemaker (Bell Atlantic Data Operations), Steve Sigmond (Wessels Arnold Investment Banking), Gadi Singer (Intel), Steve Smaha (Haystack, Inc.), Kevin Sullivan (University of Virginia), L. Nick Trefethen (Oxford University), and Werner Vogels (Cornell University).

Several members of the Computer Science and Telecommunications Board provided valuable guidance to the committee and were instrumental in the response to review process. For these contributions, the committee would like to thank David D. Clark, Jim Gray and Butler Lampson. The committee also acknowledges the helpful feedback from Board members Donald Norman and Ed Lazowska.

Special thanks are owed Steve Crocker for his seminal role in launching this study and in helping to shape the committee. The committee—and the chairman especially—benefited from Steve's involvement.

Finally, the committee would like to acknowledge all the hard work by the staff of the National Research Council. Marjory Blumenthal's role in the content and conduct of this study was pivotal. Not only was Marjory instrumental in moving the committee from its initial discussions through the production of an Interim Report and then to a first draft of this report, but her insights into the nontechnical dimensions of trustworthiness were critical in developing Chapter 6. This committee was truly fortunate to have the benefit of Marjory's insights concerning content and process; and this chairman was thankful to have such a master in the business as a teacher and advisor. Alan Inouye joined the project mid-stream. To him fell the enormous task of assembling this final report. Alan did a remarkable job, remaining unfailingly up-beat despite the long hours required and the frustrations that accompanied working to a deadline. First Leslie Wade and later Lisa Shum supported the logistics for the committee's meetings, drafts, and reviews in a careful yet cheery fashion. As a research associate, Mark Balkovich enthusiastically embraced a variety of research and fact-finding assignments. Thanks to Jane Bortnick Griffith for her support as the Interim Director of CSTB who inherited this challenging project mid-stream and did the right thing. Herb Lin was available when we needed him despite his numerous other commitments. The contributions of Laura Ost (editor-consultant) are gratefully acknowledged. Rita Gaskins, David Padgham, and Cris Banks also assisted in completing the report.

Fred B. Schneider, Chair
Committee on Information Systems
Trustworthiness

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page x

BOX P-1: Synopsis of Task Statement

Propose a research agenda that identifies ideas for relevant long-term research and the promotion of fundamental or revolutionary (as opposed to incremental) advances to foster increased trustworthiness of networked information systems. Perspectives on where and what kinds of research are needed should be sought from across the relevant technical and business communities.

Assess, in part by undertaking dialogue within relevant segments of the technical and business communities, and make recommendations on how to further the development and deployment of trustworthy networked information systems, subsystems, and components.

Assess and make recommendations concerning the effectiveness and directions of the existing research programs in ARPA and NSA R2 as they affect the development of trustworthy networked information systems.

Examine the state of the market for security products and capabilities and the extent and emphases of private sector research activities with an eye toward illuminating where federal R&D efforts can best be targeted.

Assess and develop recommendations for technology policy options to improve the commercial security product base (availability, quality, and affordability), expand awareness in industry of the security problem and of available technology and tools for enhancing protections, and foster technology transfer.

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xi

Contents

EXECUTIVE SUMMARY

ES-1

1

INTRODUCTION

1-1

 

Trustworthy Networked Information Systems

 
 

What Erodes Trust

 
 

This Study in Context

 
 

Scope of This Study

 
 

References

 

2

PUBLIC TELEPHONE NETWORK AND INTERNET TRUSTWORTHINESS

2-1

 

Network Design

 
 

The Public Telephone Network

 
 

Network Services and Design

 
 

Authentication

 
 

Progress of a Typical Call

 
 

The Internet

 
 

Network Services and Design

 
 

Authetication (and other Security Protocols)

 
 

Progress of a Typical Connection

 
 

Findings

 
 

Network Failures and Fixes

 
 

Environmental Disruption

 
 

Link Failures

 
 

Congestion

 
 

Findings

 
 

Operational Errors

 
 

Findings

 
 

Software and Hardware Failures

 
 

Finding

 
 

Malicious Attacks

 
 

Attacks on the Telephone System

 
 

Routing Attacks

 
 

Database Attacks

 
 

Facilities

 
 

Findings

 
 

Attacks on the Internet

 
 

Name Server Attacks

 
 

Routing System Attacks

 
 

Protocol Design and Implementation Flaws

 
 

Findings

 
 

Emerging Issues

 
 

Internet Telephony

 
 

Finding

 
 

Is the Internet Ready for "Prime Time"?

 
 

Findings

 
 

References

 
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xii

3

SOFTWARE FOR NETWORKED INFORMATION SYSTEMS

3-1

 

Introduction

 
 

Background

 
 

The Role of Software

 
 

Development of an NIS

 
 

System Planning, Requirements, and Top-Level Design

 
 

Planning and Program Management

 
 

Requirements at the System Level

 
 

Background

 
 

The System Requirements Document

 
 

Notation and Style

 
 

Where to Focus Effort in Requirements Analysis and Documentation

 
 

Top-Level Design

 
 

Critical Components

 
 

The Integration Plan

 
 

Project Structure, Standards, and Process

 
 

Barriers to Acceptance of New Software Technologies

 
 

Findings

 
 

Building and Acquiring Components

 
 

Component-Level Requirements

 
 

Component Design and Implementation

 
 

Programming Languages

 
 

Systematic Reuse

 
 

COTS Software

 
 

The Changing Role of COTS Software

 
 

General Problems with COTS Components

 
 

Interfacing Legacy Software

 
 

Findings

 
 

System Integration

 
 

System Assurance

 
 

Review and Inspection

 
 

Formal Methods

 
 

Testing

 
 

System Evolution

 
 

Findings

 
 

References

 

4

REINVENTING SECURITY

4-1

 

Introduction

 
 

Evolution of Security Needs and Mechanisms

 
 

Access Control Policies

 
 

Shortcomings of Formal Policy Models

 
 

A New Approach

 
 

Findings

 
 

Identification and Authentication Mechanisms

 
 

Network-Based Authentication

 
 

Cryptographic Authentication

 
 

Token-Based Mechanisms

 
 

Biometric Techniques

 
 

Findings

 
 

Cryptography and Public-Key Infrastructure

 
Page xiii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xiii

 

Findings

 
 

The Key-Management Problem

 
 

Key-Distribution Centers

 
 

Certification Authorities

 
 

Actual Large-Scale KDC and CA Deployments

 
 

Public-Key Infrastructure

 
 

Findings

 
 

Network Access Control Mechanisms

 
 

Closed User Groups

 
 

Virtual Private Networks

 
 

Firewalls

 
 

Limitations of Firewalls

 
 

Guards

 
 

Findings

 
 

Foreign Code and Application-Level Security

 
 

The ActiveX Approach

 
 

The Java Approach

 
 

Findings

 
 

Fine-Grained Access Control and Application Security Findings

 
 

Language-Based Security: Software Fault Isolation and Proof Carrying Code Findings

 
 

Denial of Service

 
 

Findings

 
 

References

 

5

TRUSTWORTHY SYSTEMS FROM UNTRUSTWORTHY COMPONENTS

5-1

 

Introduction

 
 

Replication and Diversity

 
 

Amplifying Reliability

 
 

Amplifying Security

 
 

Findings

 
 

Monitor, Detect, Respond

 
 

Limitations in Detection

 
 

Response and Reconfiguration

 
 

Perfection and Pragmatism

 
 

Findings

 
 

Placement of Trustworthiness Functionality

 
 

Public Telephone Network

 
 

Internet

 
 

Minimum Essential Information Infrastructure

 
 

Findings

 
 

Nontraditional Paradigms

 
 

Finding

 
 

References

 

6

THE ECONOMIC AND PUBLIC POLICY CONTEXT

6-1

 

Risk Management

 
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xiv

 

Risk Assessment

 
 

Nature of Consequences

 
 

Risk Management Strategies

 
 

Selecting a Strategy

 
 

Findings

 
 

Consumers and Trustworthiness

 
 

Consumer Costs

 
 

Direct Costs

 
 

Indirect Costs

 
 

Failure Costs

 
 

Imperfect Information

 
 

Issues Affecting Risk Management

 
 

Some Market Observations

 
 

Findings

 
 

Producers and Trustworthiness

 
 

The Larger Marketplace and the Trend Toward Homogeneity

 
 

Risks of Homogeneity

 
 

Producers and Their Costs

 
 

Costs of Integration and Testing

 
 

Identifying the Specific Costs Associated with Trustworthiness

 
 

Time to Market

 
 

Other Issues

 
 

The Market for Trustworthiness

 
 

Supply and Demand Considerations

 
 

Findings

 
 

Standards and Criteria

 
 

The Character and Context of Standards

 
 

Standards and Trustworthiness

 
 

Security-Based Criteria and Evaluation

 
 

Findings

 
 

Cryptography and Trustworthiness

 
 

Export Controls

 
 

Key Recovery

 
 

Factors Inhibiting Widespread Cryptography Deployment

 
 

Cryptography and Confidentiality

 
 

Findings

 
 

Federal Government Interests in NIS Trustworthiness

 
 

Public-Private Partnerships

 
 

The Changing Market-Government Relationship

 
 

Findings

 
 

The Roles of the NSA, DARPA, and other Federal Agencies in NIS Trustworthiness Research and Development

 
 

National Security Agency

 
 

Partnerships with Industry

 
 

R2 Program

 
 

Issues for the Future

 
 

Findings

 
 

Defense Advanced Research Projects Agency

 
 

Issues for the Future

 
 

Findings

 

References

 

Notes

 
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xv

7

CONCLUSIONS AND RESEARCH RECOMMENDATIONS

7-1

 

Protecting the Evolving Public Telephone Network

 
 

Meeting the Urgent Need for Software that Improves Trustworthiness

 
 

Reinventing Security for Computers and Communications

 
 

Building Trustworthiness form Untrustworthy Components

 
 

Social and Economic Factors that Inhibit the Deployment of Trustworthy Technology

 
 

Implementing Trustworthiness Research and Development, the Public Policy Role

 

APPENDIXES

 

A

Study Committee Biographies

A-1

B

Briefers to the Committee

B-1

C

Workshop Participants and Agenda

C-1

D

List of Position Papers Prepared for the Workshop

D-1

E

Trends in Software

E-1

F

Some Related Trustworthiness Studies

F-1

G

Some Operating System Security Examples

G-1

H

Types of Firewalls

H-1

I

Secrecy of Design

I-1

J

Research in Information System Security and Survivability Funded by the NSA and DARPA

J-1

K

Glossary

K-1

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

Page xvi

This is the tale of the infosys folk:
Multics to UNIX to DOS.
We once had protection that wasn't a joke
Multics to UNIX to DOS.
Now hackers and crackers and similar nerds
Pass viruses, horses, and horrible words
Through access controls that are for the birds.
Multics to UNIX to DOS.

With apologies to Franklin P. Adams

Page xvii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

There was a problem loading page R17.

Page xviii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

There was a problem loading page R18.

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

There was a problem loading page R19.

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×

There was a problem loading page R20.

Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R1
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R2
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R3
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R4
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R5
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R6
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R8
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R9
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R10
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R11
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R12
Page xiii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R13
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R14
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R15
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R16
Page xvii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R17
Page xviii Cite
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R18
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R19
Suggested Citation:"Front Matter." National Research Council. 1999. Trust in Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/6161.
×
Page R20
Next: Executive Summary »
Trust in Cyberspace Get This Book
×
Buy Paperback | $90.00 Buy Ebook | $69.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Whether or not you use a computer, you probably use a telephone, electric power, and a bank. Although you may not be aware of their presence, networked computer systems are increasingly becoming an integral part of your daily life. Yet, if such systems perform poorly or don't work at all, then they can put life, liberty, and property at tremendous risk. Is the trust that we--as individuals and as a society--are placing in networked computer systems justified? And if it isn't, what can we do to make such systems more trustworthy?

This book provides an assessment of the current state of the art procedures for building trustworthy networked information systems. It proposes directions for research in computer and network security, software technology, and system architecture. In addition, the book assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help. Trust in Cyberspace offers insights into:

--The strengths and vulnerabilities of the telephone network and Internet, the two likely building blocks of any networked information system.

--The interplay between various dimensions of trustworthiness: environmental disruption, operator error, "buggy" software, and hostile attack.

--The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code.

--The shifts in security technology and research resulting from replacing centralized mainframes with networks of computers.

--The heightened concern for integrity and availability where once only secrecy mattered.

--The way in which federal research funding levels and practices have affected the evolution and current state of the science and technology base in this area.

You will want to read this book if your life is touched in any way by computers or telecommunications. But then, whose life isn't?

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!