History of Computer Security Flashcards
what are the common themes of computer security?
- memory protection
- authentication and authorization
- threat detection and modelling
- countermeasures
- Linux commands
What was the main development in the 40s?
the first electronic computers, built from vacuum tubes or relays
what were the security issues of the 40s?
secrecy was paramount, there were a small group of trusted operators whose values aligned
What are the 3 biggest developments of the 50s?
- General purpose machines,
- Von Neumann machines,
- Commercial computing,
- IBM 700 series
- Batch processing,
- Early traces of OS
What changed about security with the introduction of Von Neumann machines?
Rogue programs can now overwrite data and code
What were 3 security issues that were relevant in the 50s?
- no user authentication
- operators had to be trusted
- diminished sense of secrecy and value alignment
What operating systems were released in the 60s?
Multics (designed with security in mind)
Unix (then: UNICS), a stripped down version of Multics
What 2 reports were published in the 60s?
The Ware Report and the Rand Report
What categories of threats did the Ware report identify?
- files
- enables by lack of or weak access control
- leading to subversion of the monitor
- unauthorized use
What is the Origin of Trusted Computing Base idea?
Critical security functions (in particular the software handling the “interrupts” that transfer control from user programs to the monitor) should be embedded
in relatively small amounts of code.
What did the ware report cause?
The start of the Rand report task force
What requirements did the Rand report identify?
Central processor must provide some or all of the following mechanisms:
- user/process/memory isolation
- supervisory software protection
- hardware controlled supervisor states
- assurance against unanticipated conditions
What was the 70s the age of?
The Mainframe
What happened in the 70s for security for military and classified applications?
- the Anderson report
- Multi-Level Security (MLS)
- Bell LaPadula model
What happened in the 70s for security for non-classified but sensitive applications?
- public research on cryptography
- privacy legislation
- statistical database security