Linux Today: Linux News On Internet Time.

More on LinuxToday

NSA paper on computer security

Dec 14, 1998, 00:06 (1 Talkback[s])

Kragen posted to BUGTRAQ:

"The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments", published by six NSA employees, was published at the 21st National Information Systems Security Conference in October, in Arlington, Virginia, USA. (See and for more on the conference.)

The paper is available in HTML at and in PDF at

It discusses, among other things:

  • why mandatory security mechanisms are useful outside the context of classification levels, even on single-user systems;
  • trusted-path mechanisms, like the PASSCRED stuff recently implemented in Linux and NT's Ctrl-Alt-Del login feature.