NSA paper on computer security

Kragen posted to

“The Inevitability of Failure: The Flawed Assumption of Security
in Modern Computing Environments”, published by six NSA employees,
was published at the 21st National Information Systems Security
Conference in October, in Arlington, Virginia, USA. (See http://csrc.nist.gov/nissc/1998/
and http://csrc.nist.gov/nissc/1998/papers.html
for more on the conference.)

The paper is available in HTML at http://www.jya.com/paperF1.htm
and in PDF at http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf

It discusses, among other things:

  • why mandatory security mechanisms are useful outside the
    context of classification levels, even on single-user systems;
  • trusted-path mechanisms, like the PASSCRED stuff recently
    implemented in Linux and NT’s Ctrl-Alt-Del login feature.