Archived NIST Technical Series Publication

The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below).

Archived Publication

Series/Number: NIST Special Publication 800-1 Title: Bibliography of Selected Publications, January 1980 - October 1989 Publication Date(s): December 1990 Withdrawal Date: July 9, 2018 Withdrawal Note: SP 800-1 is a bibliography of old, non-NIST-series publications. It is being withdrawn but remains available for historical reference.

Superseding Publication(s) The attached publication has been superseded by the following publication(s):

Series/Number: Title:

Author(s):

Publication Date(s): URL/DOI:

Additional Information (if applicable)

Contact: Computer Security Division (Information Technology Laboratory) Latest revision of the attached publication: Related information: https://csrc.nist.gov/publications

Withdrawal announcement (link): N/A

Date updated: :ƵůLJϵ͕ϮϬϭϴ NIST Special Publication 800-1 Bibliography of

U.S. DEPARTMENT OF Selected Computer COMMERCE National Institute of Standards Security Publications and Technology January 1980- NAT L INST OF STAND 4 October 1989 l^l^j""' l l

A111D3 MbEl^lb Rein Turn

Lawrence E. Bassham III

NIST PUBLICATIONS

COMPUTER SECURITY

100 .U57 800-1 _ 1990 C.2

NIST Special Publication 800-1 Bibliography of Selected Computer Security Publications January 1980- October 1989

Rein TUm, Compiler Rein Tlim Associates Pacific Palisades, CA 90727

Lawrence E. Bassham III, Editor

COMPUTER SECURITY

National Computer Systems Laboratory

National Institute of Standards and Technology Gaithersburg, MD 20899

December 1990

U.S. DEPARTMENT OF COMMERCE Robert A. Mosbacher, Secretary

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY John W. Lyons, Director Reports on Computer Systems Technology

The National Institute of Standards and Technology (NIST) has a unique responsibility for computer systems technology within the Federal Government. NIST's National Computer Systems Laboratory (NCSL) develops standards and guidelines, provides technical assistance, and conducts research for comput- ers and related telecommunications systems to achieve more effective utilization of Federal information technology resources. NCSL's responsibilities include development of technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive unclassified information processed in Federal computers. NCSL assists agencies in developing security plans and in improving computer security awareness training. This Special Publication 800 series reports NCSL research and guidelines to Federal agencies as well as to organizations in industry, government, and academia.

National Institute of Standards and Technology Special Publication 800-1 Natl. Inst. Stand. Technol. Spec. Publ. 800-1, 200 pages (Dec. 1990) CODEN: NSPUE2

U.S. GOVERNMENT PRINTING OFFICE WASHINGTON: 1990

For sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402 ABSTRACT

This bibliography cites selected books and articles on computer security published from January 1980 through October 1989. To have been selected, an article had to be substantial in content and have been published in professional or technical journals, magazines, or conference proceedings. Only very substantial articles from the popular or trade press were included. English language articles from foreign journals were included as available. The citations are listed under nine categories. A tenth category of pre- 1980 publications is also provided, as well as an appendix containing addresses of all journals and magazines referenced in the bibliography.

Key Words: access controls; auditing; communications security; computer crime; computer security; confidentiality; cryptography; disaster recovery; integrity; privacy; risk management; trusted computing base.

iii

Contents

Introduction 1

1. General 1-1

2. Management 2-1

3. Foundations 3-1

4. 4-1

5. Trusted Systems 5-1

6. Database Security 6-1

7. Communication and 7-1

8. Cryptography 8-1

9. Privacy 9-1

10. Pre- 1980 Publications 10-1

A. Security Environment 10-1

B. Security Models and Database Security 10-3

C. Communications Security 10-10

D. Privacy 10-13

Appendix A: Periodicals A-1

Appendix B: List of Key Words B-1

V

INTRODUCTION

In recognition of the critical need for better dissemination of computer security information throughout government and industry, the National Institute of Standards and Technology (NIST) has produced this selected bibliography of key computer security literature published from January 1980 through October 1989. This bibHography was compiled by Rein Turn of Rein Turn Associates under contract to NIST.

The bibliography is organized into the following 10 sections and 2 appendices:

1. General 2. Management 3. Foundations 4. Access Control 5. Trusted Systems 6. Database Security 7. Communication and Network Security 8. Cryptography 9. Privacy 10. Pre- 1980 Publications Appendix A: Periodicals Appendix B: List of Key Words

Citations in sections 1 through 9 are organized by subject matter; section 10 is a listing of pre- 1980 publications. To have been selected, an article had to be substantial in content and have been published in professional or technical journals, magazines, or conference proceedings. Only very substantial articles from the popular or trade press were included. EngHsh language articles from foreign journals were included as available.

The individual citations have the following structure (an example is shown at the right):

Identifier AAL-83 Author Aalders, J.C.H. Title "Towards Standards in Computer Security," Proc. '83 Journal title (or publishing house) inP/Sec. . Stockholm, 1983, (2: FAK-83), Date and page (or location and year) pp. 5-13. Key words (two or three) Key Words: guidelines, policy.

Each citation is uniquely identified by the first letters of the principal author's last name (or the publishing organization's acronym, if no author is identified or listing by organization is more meaningful) and the last two digits of the year of publication. A lowercase letter following the year serves to distinguish otherwise identical citation identifiers.

1 Section numbers are used to distinguish identical citations identifiers from different sections

and multiple citations from the same publication [e.g. (2: NBS-81) and (7: NBS-81)],

Appendix A contains a list of the periodicals from which citations in this bibliography have been taken. The list contains publisher and editor information where appropriate in order to assist the user of this bibliography to obtain more information about documents cited.

Appendix B contains a list of all the key words used in each of the 10 sections. This list will assist the reader who would like information on a topic that spans more than one section. As an example, information on viruses can been found in each of the first three sections (General, Management, and Foundations).

2 1. General

This section cites general, mostly nontechnical publications on computer threats and vulnerabilities (including the hacker and computer viruses), the need for computer security, and other aspects of computer security.

AAL-83 ALA-86 ASS-81 Aalders, J.C.H. Alagar, V.S. "An Atlas of Terrorism,"

'Towards Standards in "A Human Approach to the Assets Protection , March/April Computer Security," Proc. Technological Challenges in 1981, pp. 26-36. '83 IFIP/Sec. . Stockholm, Data Security," Computers &

1983. (2: FAK-83), pp. 5-13. Security . December 1986. pp. Key Words: crime, hackers. 328-335. Key Words: guidelines, ATK-85 policy. Key Words: awareness, Atkins, W. policy. "Jesse James at the Terminal,"

AAL-85 Harvard Business Review , Aalders, J.C.H., ALL-85 July/August 1985 I.S. Herschberg, and Allen, R.J. A. Van Zanten "Data Security: Problems and Key Words: crime, hackers.

Handbook for Information Remedies," Today's Office ,

Security , North- April 1985, pp. 26-27. BAC-83 Holland/Elsevier Science Backwith, N. Publishing Co., New York, Key Words: crime, threats, "Unique Approach to Security 1985. general, techniques. Evaluation," Computers &

Security , January 1982, pp. 35- Key Words: book, general, APR-81 40.

policy, guidelines, techniques. Crime Investigation Manual . Assets Protection Publishing, Key Words: guidelines, policy. ABA-84 Madison, WI, 1981 Report on Crime, American BAI-84 Bar Association. Section on Key Words: book, crime. Bailey. D. Criminal Justice, Washington, "Attacks on Computers: DC, 1984. ARD-85 Congressional Hearings and Ardis, P.M., and Pending Legislation," Proc. Key Words: book, crime, R.M. Johnson 1984 IEEE Symp. on Sec. & laws, policy. "Electronic and Crime Privacy (5: IEE-84). pp. 180- Insurance in the US and UK," 187. AGR-83 & Security 1- Agranoff, M.H. Bulletin , August 1985. pp. Key Words: crime, hackers, "Achieving Security 6. legislation. Awareness: Tips and Techniques." Computer Key Words: crime, policy, BAI-87

Security Journal , Spring international. Baird, B.J., L.L. Baird, and 1983. pp. 7-17. R.P. Ranauro, ARN-83 'The Moral Cracker?,"

Key Words: awareness, Amell, A. Computers & Security , guidelines. "On-Site Hazards, Off-Site December 1987, pp. 471-478. Safety," Computerworld, December 12, 1983, pp. Key Words: crime, hackers. ID/13-24.

Key Words: threats, physical.

1-1 BAI-89 BEA-84 BEE-84 Bainbridge, D.I. Beane. W.F., E.R. Hilton, and Beebe, C.A. "Hacking - The B. Goldstein "Plarming for Access Control," Unauthorized Access of "Computer Security: Who Is Security Management, January 77-1-. Computer Systems: The in Charge?" Security World , 1984, pp. Legal Implications," Modem October 1984, pp. 42-46.

Law Review . March 1989, Key Words: guidelines, policy. pp. 236-245. Key Words: general, policy. BEL-87 Key Words: crime, hackers, BEC-80 Belford, P.. and J. Quann legislation. Becker, J. 'The Hack Attack Increasing "Rifkin - A Documentary Computer System Awareness BAK-85 History," Computer/Laws of Vulnerability Threats,"

Baker, R.H. Journal . Summer 1980, pp. AL\A 87-3093, Proc. 3d The Computer Security 472-720. Aerosp. Comp. Sec. Conf. (5:

Handbook , TAB Books, Inc., IEE-87b), 1987, pp. 155-157. Blue Ridge Summit, PA, Key Words: crime. 1985 Key Words: awareness, BEC-83 hackers, threats, vulnerabilities. Key Words: book, general, Becker, L.G. policy, guidelines, techniques. Computer Security: An BEQ-83 Overview of National Bequai, A.

BAL-82 Concerns and Challenges , How to Prevent Crime , J. Ball. L.D. Report No. 83-135 SPR, Wiley & Sons. New York, "Crime," Technology Review, Congressional Research 1983. April 1982, pp. 21-30. Service, U.S. Library of Congress, Washington, DC, Key Words: book, crime, Key Words: crime, pohcy, February 3, 1983. guidelines, techniques. legislation. Key Words: crime, policy, BEQ-83a BAL-88 legislation. Bequai, A. Ball. M. "What Can Be Done to Stem 'To Catch a Thief," Security BEC-83a The Rising Electronic Crime?,"

Management. March 1988. Becker, H.B. The Office , November 1983,

pp. 72-78. Information Integrity , pp. 47-49. McGraw-Hill, New York, Key Words: crime, hackers, 1983. Key Words: crime, policy, guidelines. guidelines. Key Words: book, guidelines, BAS-88 policy, techniques. BEQ-84 Baskerville, R. Bequai. A. Designing Information BEC-85 "Lack of Ethics as a Cause of

Systems Security , Wiley & Becker, L.G. Crime." Computers and People , Sons, Somerset, NJ, 1988 Computer Abuse and Misuse: May-June 1984, pp. 7-14. An Assessment of State and

Key Words: book, guidelines, Federal Legislative Incentives , Key Words: crime, ethics. policy, techniques, general. Institute for Defense Analysis, Princeton, NJ, 1985. BER-82 BAU-84 Bemhard, R. Bauder, D. Key Words: crime, policy, "Breaching System Security,"

"Electronic Fimds Transfer legislation. IEEE Spectrum , June 1982, Security," Proc. 7th Seminar, pp. 24-31. DoD Comp. Sec. Progr. (5: BEC-85a DOD-84), 1984, pp. 188-194. Becker, L.G. Key Words: threats, crime. "Computer and Network Key Words: vulnerabilities, Security Policy: A Challenge threats, pwlicy. guidelines. to Organizations," Proc. '85 MP/Sec. . Dublin. 1985. (2: GRI-85), pp. 241-250.

Key Words: policy, guidelines.

1-2 BIG-81 BLO-85 Bigelow, R.P. (Ed.) BLO-82 Bloombecker, J.

Computers & the Laws . BloomBecker. J. "Computer Security for the Commerce Clearing House, "International Crime: Where People," Transnational Data Chicago. 1981. Terrorism and Transborder Report, Oct./Nov. 1985, pp. Data Flow Meet." Computers 367-370.

Key Words: book, crime, & Security . January 1982, pp. guidelines, laws. 41-53. Key Words: awareness, ethics.

BIG-81a Key Words: crime, hackers, BLO-85a Bigelow, R.P. international. Bloombecker, J. "The Queen vs. McLaughlin, Computer-Crime Laws

or Why the Criminal BLO-83 Reporter , National Center for Sometimes Goes Free," Blom. R.. and J.-O. Bruer Computer-Crime Data, Computer Security Journal, "Office Information Systems CaUfomia State University, Winter 1982, pp. 131-136. and Security," Proc. IFIP/Sec. Los Angeles, CA. 1985. 'J3, Stockholm, 1983, (2: Key Words: crime, laws. FAK-83), pp. 107-110. Key Words: book, crime, laws.

BIG-81b Key Words: guidelines, BLO-85b Bigelow, R.P. policy. Bloombecker. J.J.

"The Security Officer's Role Introduction to Crime . National in Legal Protection of BLO-83a Center for Crime Data, Los Software," Computer Security Bloom, R. Angeles, CA, September 1985.

Journal . Winter 1982, pp. 99- "Computers Don't Commit 107. Crime, People Do," Data Key Words: book, crime, laws.

Management, July 1983, p. Key Words: guidelines, 14. BLO-86 policy. Bloombecker, J.J.

Key Words: crime. Crime, Computer Security ,

BLA-84 Computer Ethics , National Blakney. S. BLO-83b Center for Crime Data, Los "Crime," Computerworld. BloomBecker, J. Angeles, CA, February 1986. December 26, 1983, p. 57-I-. "Crime - Corporate Coimcel's

View," Crime Digest, March Key Words: book, crime, Key Words: crime, threats. 1983, pp. 7-10. ethivcs, policy.

BLA-88 Key Words: crime, laws. BLO-86a Blatchford, C. Bloombecker, J.J. "A Manufacturer's Approach BLO-83C "New Federal Laws Bolsters to the Security of Computer BloomBecker. J. Computer Security Efforts," Systems," Proc. IFIP/Sec. "International Crime: A Computerworld, October 27, '88 . AustraUa, 1989. (2: Growing Threat," 1986, p. 53-66. CAE-89). pp. 187-195. Transnational Data Report, June 1983. pp. 219-230. Key Words: crime, laws. Key Words: awareness, guidelines, policy, techniques. Key Words: crime, threats, BLO-86b international. Bloombecker, J.J. BLO-80 "Lobbying for Protection," Bloom, R. BLO-84 Computerworld, August 4, "Catching the Computer Bloombecker, J. 1986, pp. 55-62.

Crook," Infosystems . July "Introduction to Crime," Proc. '84 1980. pp. 30-35. IFIP/Sec. . Toronto, 1984, Key Words: crime, awareness. (2: FIN-85), pp. 423-430. Key Words: crime, BLO-86C guidelines. Key Words: crime, general. Bloombecker, J.J. "Defense of Crime Cases,"

American Jurisprudence Trials , Vol. 33. 1986. pp. 1-197.

Key Words: crime, laws.

1-3 BLO-88 BOL-86 BRO-83 Bloombecker, J.J. Bologna, J. Brown, R.A. "Captain Midnight and the "Computer Related Crime: "Crime and Computers," Space Hackers," Security The Who, What, Where, Criminal Laws Journal . Apml July Management. 1988, pp. When, Why and How, I," 1983, pp. 68-89. 76-82. Data ProcessinE &

Communications Security . Key Words: crime, laws. Key Words: crime, hackers. Winter 1986. pp. 19-23. BRO-83a BLO-89 Key Words: crime, general. Browne. M.W. Bloombecker, J.J. "Locking Out The Hackers." 'Trends in Computer BOL-86a Discover. Novonber 1983. pp. Abuse/Misuse," Proc. 12th Bologna, J. 30-40. Natl. Comp. Sec. Conf. (5: "Computer Related Crime: NCS-89), 1989, pp. 611-614. The Who, What, Where, Key Words: awareness. When. Why and How, U," hackCTs. crime. Key Words: crime, threats, Data Processing &

laws, guidelines. Communications Security . BUI-84 Spring 1986. pp. 25-30. Buikema, C. et al. BLO-89a "Security Regulation: A State- Bloombecker, J.J. (Ed.) Key Words: crime, general. by-State Update." Security

Commitment to Security , Management, January 1984. National Center for Computer BOR-85 pp. 39-48. Crime Data, Santa Cruz, CA, Borking, J.J. 1989. Third Party Protection of Key Words: crime, laws. Software and Firmware, Key Words: book, crime, North-Holland PubUshing Co. BUM-84 policy, general. Amsterdam, 1985. Bump, M. Jr. "A Primer on Software Piracy BOL-81 Key Words: book, software Cases in the Courts,"

Bologna, J. privacy. Computers & Security , May "The 8 -Factor Theory of 1984, pp. 123-134. White-Collar Crime BOS-82 Causation," Proc. Comp. Sec. Bosworth, B., Key Words: awareness, laws,

& Priv. Symp. , 1981 (1: Codes, Ciphers and software piracy. HON-81), pp. 57-67. Computers: An Introduction to

Information Security , Hayden BUR-88 Key Words: crime, threats, Book Co., Rochelle Park, NJ, Burger, R. guidelines. 1982. Computer Viruses: A High-

Tech Disease . Abacus. Grand BOL-81 a Key Words: book, awareness, Rapids. MI. 1988. Bologna, J. general.

Crime: Wave of the Future , Key Words: computer viruses, Assets Protection Publishing, BOT-86 threats, general. Madison, WI, 1981. Bottom, N.R., Jr., et al. "About the Security Degree: BUS-81 Key Words: book, crime. Are We Losing It (A "Computer-Crime - The Discussion)," Journal of Spreading Danga to Business,"

B0L-81b Security Administration, June Business Week, April 20, Bologna, J. 1986, pp. 7-20. 1981, pp. 86-91. "MOMM's: A Taxonomy of Computer-Related Employee Key Words: general, policy. Key Words: crime, threats,

Theft," Assets Protection, guidelines. May/June 1981, pp. 33-36. BRE-86 Breton, T., and D. Beneich Key Words: crime, threats. Softwars, Holt, Rinehart, Winston, New York, 1986.

Key Words: book, awareness.

1-4 BUS-84 CAM-88 CHO-84 Buss, M.DJ., and Campbell, D. Choney, L.B. L^. Salemo "Computer Sites: Targets for "Software Escrow and the "Common Sense and Destruction," Security Security Practioner," Computer

Computer Security," Harvard Management. July 1988, pp. Security Journal , Summer

Business Review , March- 56-60. 1984, pp. 65-74. April 1984, pp. 112-121. Key Words: threats, physical. Key Words: policy, guidelines. Key Words: awareness, guidelines, policy, general. CAN-86 CJJ-88 Canning, R. "Crime Statutes: Are They BUS-88 " and Bridging the Gap Between

"Is Your Computer Secure?," Privacy," EDP Analyzer , Laws and Technology?,"

Business Week, August 1, February 1986, pp. 1-16. Criminal Justice Journal , 1988, pp. 64-70. Fall/Winter 1988, pp. 203-233. Key Words: awareness, Key Words: awareness, general. Key Words: crime, laws. computer crime, policy. CAR-80 CU-80 BYN-85 Carroll, JJ^. "Crime, Part 1,"

Bynum, T.W. (Ed.) "Ethics for the Computer Computer/Laws Journal , Spring "Computers & Ethics," Age," Proc. Comp. Sec. & 1980.

Metaphilosophy , October Priv. Symp. , 1980 (1: HON- 1985. 80), pp. 17-25. Key Words: crime, laws.

Key Words: book, ethics. Key Words: crime, ethics. CU-80a "Crime, Part 2,"

CAE-89 CAR-81 Computer/Laws Journal , Caelli, W.J. (Ed.) Carroll, JM. Summer 1980. Computer Security in the "Decriminalization of Age of Information, Computer Crime," Proc. Key Words: crime, laws. '88 Proceedings. IFIP/Sec . Comp. Sec. & Priv. Symp. Gold Coast, Queensland, 1981 (1: HON-81), pp. 61-68. CU-83 Australia, May 1988, North- "Misappropriation of Computer HoUand/Elsevier, Key Words: Crime, policy. Services: The Need to Enforce Amsterdam/New York, 1989. Civil LiabiUty,"

CAT-86 Computer/Laws Journal , Fall Key Words: proceedings, Gates. H.W. 1983, pp. 401-420. general. "Crime Laws: A Review of State Statutes," Data Key Words: crime, laws. CAL-83 Processing & Communications 19- Calhoun, G. Security , Spring 1986, pp. CLY-89 "Deterring Crimes," 21. Clyde, R.

Telephony , April 4, 1983, pp. "Crime Investigation 45+. Key Words: crime, laws. Techniques," COM-SAC: Computer Security, Auditing

Key Words: crime, laws, CHA-85 and Control , No. 1, 1989, pp. techniques. Chamoux, J. P. 1-7. "Data Security and CAM-87Campbell, M. Confidentiality in Europe, Key Words: crime, techniques.

"Security and Privacy: Issues Computers & Security , of Professional Ethics," Proc. September 1985. pp. 207-210. COA-83 10th Nad. Comp. Sec. Conf. Coates, J.F. (5: NCS-87a), 1987, pp. 326- Key Words: crime, threats, "The Future of Data Security: 333. laws, international. Thoughts and Proposals,"

Computer Security Journal , Key Words: awareness, Spring 1983, pp. 77-84 ethics. Key Words: awareness, policy, general.

1-5 COL-82 CON-84a CON-86a Colvin. B.D. S. 1920. Small Business Computer Fraud and Abuse

'Training Crime Computer Crime Act, Act of 1986 . Public Laws 99-

Investigators," EDPACS , Hearings before the Senate 474, U.S. Congress, March 1982, pp. 6-11. Committee on Small Business, Washington, DC, October 16, March 7. 1984, U.S. 1986. Key Words: crime, policy, Congress. Govenunent guidelines. Printing Office. Washington. Key Words: Congress, DC. 1984. legislation. COM-83 Crime Needs International Key Words: Congress, CON-87 Countermeasures: Proceedings legislation. Computer Secigity Act of

of London Conference , June 1987 , Hearings Before 1983, Elsevier International CON-84b Subcommittee on Bulletins, Oxford, England, The Counterfeit Access Transportation, Aviation and 1983. Device and Computer Security Materials of the Committee on

Act of 1984 . P.L. 98-473). Science and Technology, Key Words: proceedings, U.S. Congress. 1984. House of Representatives, U.S. techniques, international, Congresss, Government policy. Key Words: Congress, Printing Office, Washington, legislation. DC, 1987. CON-80 The Government CON-85 Key Words: Congress, Classification of Private Federal Government Computer legislation.

Ideas , House Report No. 96- Security , Hearings before 1540. U.S. Congress, Subcommittee on CON-87a Washington, DC, December Transportation, Aviation and Computer Security Act of

22, 1980. Materials of the Committee 1987 , Hearings before on Science and Technology, Subcommittee on Legislation Key Words: Congress, policy, House of Representatives, and National Security of the government. May 1985, U.S. Congresss, Committee on Govenunent Government Printing Office, Operations, House of CON-83 Washington, DC, 1985. Representatives, U.S. Computer Security in the Congresss, Government Federal Government and the Key Words: Congress, Printing Office, Washington,

Private Sector , Hearings government, policy, threats. DC, 1987. before Subcommittee on Oversight of Government CON-85a Key Words: Congress, Management, Senate Computer Security Research legislation.

Committe on Government and Training Act of 1985 , Operations, U.S. Congesss, Hearings before Subcommittee CON-87b Government Printing Office, on Legislation and National Computer Security Act of

Washington, DC, 1983. Security of the Committee on 1987 , Report No. 100-153, Government Operations, Part 1, of the Committee on Key Words: Congress, House of Representatives, Science, Space and threats, laws, government. U.S. Congress, Govenmient Technology, House of Printing Office, Washington, Representatives, U.S. CON-84 DC, 1985. Congresss, Government Computer and Printing Office, Washington, Communications Security and Key Words: Congress, poUcy. DC, June 11, 1987.

Privacy , Hearings, Subcommittee on CON-86 Key Words: Congress, Transportation, Aviation and Computer Fraud and Abuse legislation. Materials, Committee on Act of 1986: Report on

Science and Technology, S.2201 , Senate Committee on House of Representatives, the Judiciary, U.S. Congress, Government Printing Office, Gocemment Printing Office, Washington, DC, 1984. Washington, DC, September 3, 1986. Key Words: Congress, legislation. Key Words: Congress, legislation.

1-6 CON-87C COT-84 CSC-88 Computer Security Act of Cottrell, P., and B.D. Weiss Glossary of Computer Security

1987 . Report No. 100-153, 'Third-Party Liability Terms . NCSC-TG-004. Part 2, of the Committee on Insurance: Protection in Case National Computer Security Govemmait Operations, of Computer Error," Center. Ft. Meade, MD, 21 House of Representatives, Computerworld, April 2, October 1988. U.S. Congresss, Government 1984, pp. ID1-ID7. Printing Office, Washington, Key Words: guidelines, DC, June 11, 1987. Key Words: policy, laws. government.

Key Words: Congress, COU-81 CSI-83 legislatioiL Courtney, R.H., Jr. "Making the Case for 'The Democratization of Computer Security." Special CON-89 White Collar Crime," Section by Computer Security

Implementation of the Computer Security Journal , Institute, Datamation. Computer Security Act, Spring 1981, pp. 39-44. September 1983. Hearings before Subcommittee on Key Words: crime, laws, Key Words: awareness, Transportation, Aviation and awareness. general, poHcy, guidelines. Materials of the Committee on Science and Technology, COU-84 CSI-84 House of Representatives on Courmey, R.H., Jr. "Computer Security: Issues and September 22, 1988, U.S. "Computer Security Goals of Answers," Special Section by Congresss, Government the DoD-Another Opinion," Computer Security Institute.

Printing Office, Washington, Computer Security Journal, Datamation . September 1, DC, 1989. Summer 1984, pp. 60-62. 1984.

Key Words: Congress, policy, Key Words: policy, Key Words: awareness, laws. government general, poUcy, guidelines.

COO-84 COU-84a CSI-85 Cooper, C. Courtney, R.J., Jr. "Computer Security: Issues and "The Real Cost of Software "Computer Security: The Answers," Special Section by Piracy," Information Age Menace is Human Error," The Computer Security Institute.

(UK), April 1984, pp. 98- Office . March 1984, pp. 119. Datamation . September 15, 102. 1985. Key Words: threats, policy. Key Words: software piracy. Key Words: awareness, COU-87 general, policy, guidelines. COO-89 Courmey, R.H., Jr. Cook, WJ. "Computer Data Security: A CSI-86 "Access to the Access Codes Leadership Vacuum," "Computer Security: Issues and '88-'89: A Prosecutor's Computer Security Journal , Responsibilities." Special Prospective," Proc. 12th Vol. IV, No. 2, 1987, pp. 7- Section by Computer Security

National Comp. Sec.Conf. (5: 16. Institute, Datamation . October NCS-89), 1989, pp. 619-623. 1. 1986. Key Words: awareness, Key Words: hacking, policy, policy. Key Words: awareness, laws. general, policy, guidelines. COU-89a COR-87 Courtney, R.H. Jr. CSI-89 Cornwall, H. "Proper Assignment of "Computer Security: Issues and Computer Fraud, Industrial ResponsibiUty for Data Trends." Special Section by Espionage, & Information Security," Security Computer Security Institute.

Crime , Heinemann Management , March 1989, pp. Datamation. September 15, Professional Publishing, 83-86. 1989. London, 1987. Key Words: policy, Key Words: awareness, Key Words: book, crime. guidelines. general, poHcy, guidelines.

1-7 CWO-83 DEM-83 DEN-89 "Crime in Japan," DeMaio. H.B. Denning, PJ. Computerworld, November 7, "Computer Security and the "The Internet Worm," 1983, pp. ID/7-20. End User," Proc. IFEP/Sec. American Scientist. J3, Stockholm, 1983, (2: March/April 1989, pp. 126- Key Words: crime, FAK-83), pp. 1-4. 128. international. Key Words: awareness, Key Words: threats, hackers, CWO-84 policy. computer viruses. "Protecting the Corporate Information Resource: Special DEM-88 DER-88

Report," Computerworld, DeMaio, H.B. Derosier, J. October 29, 1984, pp. SR/1- "Iriformation Ethics ~ It "Computer Security at Digital," '88 32. Doesn't Come Naturally," Proc. MP/Sec. . Australia. Computer Security Journal. 1989. (2: CAE-89). pp. 163- Key Words: policy, Vol. V, No. 1, 1988. pp. 7- 165. guidelines. 19. Key Words: awareness, CWO-85 Key Words: awareness, ethics. general. "System Security: Protecting Corporate Information DEM-89 DEW-84

Assets," Computerworld , DeMaio, H.B. Dewdney. A.K. November 25, 1985, p. 55ff. "Viruses - A Management "A Core War Bestiary of Issue," Computers & Security. Viruses, Worms, and Other Key Words: policy, August 1989. pp. 381-388. Threats to Computer guidelines. Memories," Scientific

Key Words: computer viruses, American . June 1984, pp. 14- DAV-85 policy. 23. Davis, G.F.G. ffl Software Protection: Practical DEM-89a Key Words: computer viruses, and Legal Steps to Protect DeMaio, HJ8. general. and Market Computer "Information Ethics, A

Programs , Van Nostrand Practical Approach," Proc. DEW-89 Reinhold, New York, 1985. 12th Natl. Comp. Sec. Conf. Dewdriey. A.K. (5: NCS-89), 1989, pp. 630- "Of Worms, Viruses and Core Key Words: book, software 633. Wars," Scientific American. piracy, general, laws. March 1989, pp. 110-113. Key Words: awareness, ethics, DEA-83 policy. Key Words: computer viruses. DeAnnuntis, G. A Bibliography of Computer DEN-87 DMA-83

Security Bibliographies , GPD Denning, D.E., "Data Security, Special Issue," Press, Wheaton, MD, P.G. Neumann, and Data Management, July 1983. February 1983. D.B. Parker "Social Aspects of Computer Key Words: general, Key Words: awareness, Security," Proc. 10th Natl. guidelines, techniques. general. Comp. Sec. Conf. (5: NCS- 87a), 1987, pp. 320-325. DOJ-80 DEL-88 Crime: Legislative Resource

Computer Viruses , Deloitte, Key Words: awareness, Manual , Bureau of Justice Haskins & Sells, New York, general. Statistics, U.S. Department of October 1988. Justice, Washington, DC, 1980. DEN-88 Key Words: book, computer Denning, P.J. Key Words: crime, viruses, guidelines, "Computer Viruses," American government, guidelines, laws. techniques. Scientist, May/June 1988, pp. 236-238.

Key Words: computer viruses, guidelines.

1-8 DOJ-80a ELM-88 ERM-89 Crime: Expert Witness Ebner-DeWitt, P. Erman, M.D., M.B. Williams,

Manual , Bureau of Justice "Invasion of the Data and C. Gutierrez

Statistics, U.S. Department of Snatchers," Time , September Computer Ethics and Society , Justice, Washington, DC, 28, 1988, pp. 62-67. Oxford University Press, New 1980. York, 1989. Key Words: hackers, threats. Key Words: crime, Key Words: ethics, policy. guidelines, government, laws. ELO-88 Eloff, J.H.P. EWI-88 DOJ-82 "Computer Security Policy: Ewing, D. Crime: Electronic Funds Important Issues," Computers "Meeting Data Security '88 Transfer Systems and Crime , & Security , December 1988, Needs," Proc. IFIP/Sec. , U.S. Department of Justice, pp. 559-562. AustraUa, 1989, (2: CAE-89), Bureau of Justice Statistics, pp. 291-302. Washington, DC, 1982. Key Words: awareness, policy. Key Words: awareness, f)olicy. Key Words: crime, government, laws, guidelines. EMM-84 FAK-88 Emmet, A. Fak, V. DOJ-82a 'Thwarting the Data Thief," "Are We Vulnerable to Virus

Crime: Computer Security Personal Computing , January Attack," Computers &

Techniques , U.S. Department 1984, pp. 98-105. Security, April 1988, pp. 151- of Justice, Bureau of Justice 155. Statistics, Washington, DC, Key Words: hackers, threats. 1982. Key Words: computer viruses, EPN-85 threats. Key Words: crime, laws, Epner, S.A. techniques. "Computer Security: Plenty of FAU-81 Questions But No Easy Faurer, L.D.

EIS-89 Answers," The Office , March "Keeping the Secrets Secret,"

Eisenberg, T., et al. 1985, pp. 74-76. Govenunent Data Systems , "The Cornell Commission: Nov./Dec. 1981. pp. 14-17. On Morris and the Worm," Key Words: awareness, Communications of the policy. Key Words: awareness, policy,

ACM . June 1989, pp. 706- government, guidelines. 709. EPP-80 Epperly, E.V. FAU-83 Key Words: hackers, laws, "Trends in DoD Directives: Faurer, L.D. computer viruses. Survey of Federal Computer "Information Protection in Security Policies," Federal and Private Sectors,"

EKE-85 Proceedings, U.S. Army 3d Computer Security Journal , Ekebrink, I. Automation Security Fall/Winter 1983, pp. 89-95.

"Security of Electronic Conference , Williamsburg, Transactions," Proc. IFIP/Sec. VA, December 1980, Key Words: policy, J5, Dublin, 1985, (2: GRI- International Business government. 85). pp. 233-239. Services, Inc., pp. 31-44. FAU-84 Key Words: general, threats, Key Words: policy, Faurer, L.D. guidelines. government. "Computer Security Goals of the Department of Defense,"

ELB-89 ERI-83 Computer Security Journal , El-Haghdadi, M., and Eriksson, A. Summer 1984, pp. 54-59. M.P. Singh "Vulnerability in a "The Pivotal Role of Computerized Society," Proc. Key Words: policy, '83 Computer Security," Security IFIP/Sec. , Stockhohn, government. Management, July 1989, pp. 1983, (2: FAK-83), pp. 27-30. 63. Key Words: awareness, Key Words: awareness, threats. general.

1-9 FEN-88 FOR-89 GEM-80 Fennelly, L.J. Forcht, K.A. Gemigniani, M. Handbook of Loss Prevention "Ethical Use of Computers," "Crime: Laws in the '80," and Crime Prevention Proc. 12th Natl. Comp. Sec. Indiana Laws Review. April Butterworlh Publishers, Conf. (5: NCS-89), 1989, pp. 1980, pp. 681-723. Stoneham, MA, 1988. 624-626. Key Words: crime, laws. Key Words: general, Key Words: awareness, ethics. guidelines, techniques. GEM-81 FRE-84 Gemignani, M.C.

FIF-89 Freed, R.N. Laws and the Computer , CBI Fifield, K.J. "Security Interests in the Publishing, Boston, 1981. "Smartcards Outsmart Computer Age: Practical Computer Crime," Computers Advice to the Secured Key Words: crime, laws.

& Security , May 1989, pp. Lender," Banking Laws

247-255. Journal , July/Aug. 1984, pp. GEM-89 404-429. Gemignani, M. Key Words: crime, "Viruses and Criminal Laws," techniques. Key Words: awareness, Communications of the ACM, guidelines. June 1988, pp. 669-671. Fn'-84 Fitzgerald, K.J. FRE-84a Key Words: computer viruses, "Crime in Australia," Freese, J. threats, laws.

EDPACS , August 1984, pp. "What About Your Legal 1-7. Parachute When Your Data GLR-83 Security Crashes?," Proc. "Larceny Enters the Electronic '84 Key Words: crime, general, inP/Sec. , Toronto, 1984, Age: The Problem of international. (2: FIN-85), pp. 23-28. Detecting and Preventing Crimes," Gonzaga Laws

Frr-86 Key Words: awareness, laws. Review , 1982/83, pp. 517-538. Fitzgerald, K.J. "Security in the Automated FUL-84 Key Words: crime, laws. Office," Computer Control "Computer Abuse: The

Quarterly , Summer 1986, pp. Emerging Crime and Need for GOL-81 Goldstein, B. 21-24. Legislation," Fordham Urban A Pocket Guide to Computer

Laws Journal , 1983/84, pp. Crime Investigation , Assets Key Words: policy, 73-101. Protection Publishing, Madison, guidelines. WI, 1981. Key Words: crime, laws. FIT-89 Key Words: crime, laws. Fites, P., P. Johnson and GAO-82 M. Kratz Federal Information Systems GOL-83

The Crisis , Remain Highly Vulnerable to Goldstein, B. Van Nostrand Reinhold Co., Fraudulent, Wasteful, Abusive "Crime and Its Prevention,"

New York, 1989 and Illegal Practices , MSAD- Computers & Security , January 82-50, U.S. General - 1983, pp. 63-66. Key Words: book, threats, Accounting Office, computer viruses. Washington, DC, 21 April Key Words: crime, laws, 1982. guidelines, policy. FOR-82 Fordyce, S. Key Words: crime, threats, GON-83 "Computer Security: A government, general. Gonzales, P. Current Assessment," "Addressing Crime

Computers & Security , GAR-89 Legislation," Computer/Laws

January 1982, pp. 9-16. Gardner, P.E. Journal , Summer 1983, pp. "The Internet Worm: What 195-206. Key Words: awareness, Was Said and When,"

general. Computers & Security , June Key Words: crime, laws. 1989, pp. 291-296.

Key Words: computer viruses.

1-10 GOS-85 GUY-81 HAR-83 Gosler, J.R. Guynes, S. Hartson, D.R. "Software Protection: Myth "Software Security: Legal 'Teaching Protection in '85 or Reality," Proc. Crypto . Aspects and Traditional Computing: A Research- Santa Barbara, 1985, (9: Considerations," Journal of Oriented Graduate Course,"

WIL-86), pp. 140-157. Systems Management, April Computers & Security , 1981, pp. 34-38. November 1983, pp. 248-255. Key Words: software piracy. Key Words: awarenss, laws. Key Words: awareness, GOU-85 general. Goussy, A.R. GUY-83 "Legal Issues in Proprietary Guynes. V. HAR-83a Secxirity," Journal of Security "EFTS Impact on Computer Harari, A.

Administ. . December 1985, Security," Computers & "Education and Training of

pp. 23-29. Security , January 1983, pp. Computer Security Staff: 73-77. Methodology and Course '83 Key Words: policy, laws. Topics," Proc. IFIP/Sec. . Key Words: awareness, Stockholm, 1983, (2: FAK-83), GRA-84 policy. pp. 287-292. Graham, R.L. 'The Legal Protection of HAF-88 Key Words: awareness, Computer Software," Hafner, K.M., et al. general. Communications of the "Is Your Computer Secure,"

ACM , May 1984. pp. 422- Business Week, August 1, HAR-85 426. 1988, pp. 64-72. Harry, M.

The Computer Undeground , Key Words: software piracy. Key Words: awareness, Loompanics Unlimited, Port general. Townsend, WA, 1985. GRE-82 Greenlee, M.B. HAM-84 Key Words: book, hackers, "Financial (Banking) View of Hammond, R.G. threats. Computer Security," Proc. 5th "Theft of Information," The

Seminar, DoD Comp. Sec . Laws Quarterly Review , April HEL-88 Progr. (5: DOD-82), 1982, 1984. pp. 252-264. Helfant, R., and pp. 167-176. G.J. McLoughlin Key Words: crime, laws, Computer Viruses: Technical Key Words: awareness, threats. Overview and Policy

policy. Considerations , CRS Report to HAN-89 the Congress, No. 88-556 SPR, GRE-84 Hankinson, A.L. Congressional Research Greguras, P.M. "Computer Assurance: Service, Washington, DC, 'Technical and Other Security, Safety and December 15, 1988. Practical Software Protection Economics," Proc. COMPASS Measures," TeleSystems '89: Comp. Assurance (2: Key Words: computer viruses, Journal, March/April 1984, IEE-89), 1989, pp. 1-7. policy. pp. 28-32. Key Words: general, HEL-89 Key Words: policy, guidelines. Helsing, C, M. Swanson, and techniques. M.A. Todd HAR-82 Executive Guide to the GRE-84a Harris, B. Protection of Information

Greguras, P.M. "Data Security: Plan for the Resources , SP 500-169,

"Software Protection: Beyond Worst," Infosystems , June National Institute of Standards

Copyright," Computerworld, 1982, pp. 52-58. and Technology, Gaithersburg, Dec. 12, 1983, pp. ID25- MD, October 1989. ID32. Key Words: awareness, general, policy. Key Words: guidelines, policy, Key Words: software piracy. government.

1-11 HEL-89a HHS-83 HOF-86 Helsing, Swanson, C, M. Computer Related Fraud and Hoffman, K.J., and and M.A. Todd Abuse in Government L.M. Moran

Management Guide to the Agencies . Office of the "Societal Vulnerability to Protection of Information Inspector General, U.S. Dept. Computer System Failures,"

Resources . SP 500-170, of Health and Human Computers & Security . National Institute of Services, Washington, DC, September 1986, pp. 211-217. Standards and Technology, 1983. October Gaithersburg, MD, Key Words: awareness, threats, 1989. Key Words: crime, vulnerabiUties government, threats. Key Words: guidelines, HOL-80 policy. HIG-89 Holman. W.D. Higgins, J.C. "Remedies Available to HEL-89b "Information Security as a Victims of Crimes," Proc. Helsing, C, M. Swanson, Topic for Undergraduate Comp. Sec. & Priv. Symp. . and Education for MA. Todd ComputCT 1980 (1: HON-80), pp. 77-86. Computer User's Guide to Scientists," Proc. 12th Natl. the Protection of Information Comp. Sec. Conf. (5: NCS- Key Words: crime, jwlicy.

Resources , SP 500-171, 89), 1989, pp. 553-557. National Institute of HON-80 Standards and Technology, Key Words: awareness, Computer Security and Privacy Gaithersburg, MD, October guidelines. Symposium Proceedings . 1989. Honeywell Information HIG-89a Systems, Phoenix, AZ, April Key Words: guidelines, Highland, H.J. 1980. techniques. "What If a Computer Virus Strikes," EDPACS . July 1989, Key Words: proceedings, HER-84 pp. 11-17. general. Herschberg, I.S., and R. Paans Key Words: computer viruses, HON-81 "The Programmer's Threat threats. Computer Security and Privacy Cases and Causes," Proc. Symposium Proceedings, '84 MP/Sec. , Toronto, 1984, HJL-84 Honeywell Information (2: FIN-85), pp. 409-422. "Legislative Issues in Crime," Systems, Phoenix, AZ, April Harvard Journal on 1981

Key Words: threats, crime. Legislation , Winter 1984, pp. 239-254. Key Words: proceedings, HER-87 general. Herschberg, I.S. Key Words: crime, legislation. "Hackers' Comfort," HOR-85

Computers & Security , April HOF-82 Horgan, J. 1987, pp. 133-138. Hoffman, L.J. "Thwarting the Information

"Impacts of Information Thieves," IEEE Spectrum. July Key Words: crime, hackers. System Vulnerabilities on 1985, pp. 30-41. Society," Proceedings, 1982 HER-88 National Computer Key Words: crime, threats,

Herschberg, I.S. Conference , AFIPS Press, laws. "Make the Tigers Hunt for Reston, VA, 1982, pp. 461-

You," Computers & Security , 467. HOW-82 April 1988, pp. 197-203. Howe, C.L. Key Words: awareness, "Coping with Computer

Key Words: crime, hackers. threats. Criminals," Datamation , January 1982, pp. 118-126.

Key Words: crime, laws, guidelines.

1-12 HUB-86 IRM-84 JON-88 Huband, F.L., and "Information Security and Jones, L.G. R.D. Shelton Data Integrity. Special Issue," "Computer Viruses: Threat or Protection of Computer Information Resource Media Hype?," The EDP

Systems and Software , Laws Management, (UK), March Auditor Journal , Vol. 3, 1988. & Business, Inc., Clifton, NJ, 1984. 1986. Key Words: computer viruses, Key Words: awareness, awareness, threats. Key Words: book, general, general. policy, guidelines, techniques. KAN-89 ISR-87 Kane, P. HUN-87 Israel, H. V.I.R.U.S.: Vital Information

Hunt, D.B., and "Computer Viruses: Myth or Resources Under Siege , F.G. Tompkins Reality?, Proc. 10th Natl. Bantam Books, New York, "Protecting Sensitive Systems Comp. Sec. Conf. (5: NCS- 1989. and Data in an Open 87a), 1987, pp. 226-230. Agency," AIAA 97-3092, Key Words: virus, threats, Proc. 3d Aerospace Comp. Key Words: computer viruses, awareness, guidelines. Sec. Conf. (5: IEE-87b), threats, awareness, guidelines. 1987, pp. 158ff. KAP-84 JAC-80 Kaperonis, I. Key Words: policy, Jacks, E.L. "Industrial Espionage,"

guidelines. "Computer Security Interest in Computers & Security , May the Private Sector," Proc. 2nd 1984, pp. 117-122. IBM-83 Seminar, DoD Comp. Sec. Report on the Data Security Progr. (5: DOD-80a), 1980, Key Words: awareness, threats,

Leaders' Conference , San pp. El-ElO. guidelines, techniques. Jose, CA, April 1982, IBM Corp., White Plains, NY, Key Words: awareness, KAY-86 1983. policy. Kay, R. "Computer Security Key Words: proceedings, JAS-83 Information Sources,"

general, guidelines, Jaslow, M.D. Computer Security Journal , techniques. "How to Fight Computer Vol. 4, No. 1, 1986, pp. 29-

Fraud," EDPACS , July 1983, 40. IBM-86 pp. 6-9. Security, Auditability, Key Words: awareness, Systems Control Publications Key Words: crime, poUcy, general.

Bibliography , G320-9279-1, guidelines. IBM Corp., White Plains, KAY-86a NY. May 1986. JOH-85 Kay, R. (Ed.) Johnson, D.G. "Data Security Scoreboard,"

Key Words: awareness, Computer Ethics , Prentice- Computer Security Journal ,

general. Hall, Englewood Chffs, NJ, Vol. 4, No. 1, 1986, pp. 41- 1985 54. ING-80 Ingraham, D.G. Key Words: awareness, ethics. Key Words: awareness, "On Charging Crime," general.

Computer/Laws Journal , Spring 1980, pp. 429-456. KEL-88 Kelley, D.W. Key Words: crime, laws, "A Guide to Cost-Effective PC guidelines. Security," Security

Management , October 1988, pp. 55-58.

Key Words: guidelines, policy, PC.

1-13 KEN-85 KRA-88a KUR-82 Kenny, J.J.P. Kratz, M. Kurzban. S.A.

Data Privacy and Security , "Industrial Espionage and "A Selective. Slightly Pergamon Infotech, Oxford, Theft of Information," Proc. Armotated Bibliogr^hy on '88 1985. IFIP/Sec. . Australia, 1989, Works on Data Security and (2: CAE-89), pp. 279-289. Privacy." Computers & general, Key Words: book, Security . January 1982, pp. 57- policy, guidelines, techniques. Key Words: crime, threats, 64. laws. KIR-81 Key Words: awareness, Kirchner, J. KRI-80 general. "Vulnerability: WiU the U.S. Krieger, M.M. Confront Its Systems' "Current and Proposed KUR-86

Flaws?," Computerworld , Computer Crime Legislation," Kurzban, S.A.

- December 28, 1981, pp. 36- Computer/Law Journal , "Careers in Computer Misuse 32. Summer 1980, pp. 721-771. - Not So Appealing After All,"

Computers & Society , Winter Key Words: vulnerabilities, Key Words: crime, threats, 1986, pp. 7-9. awareness, threats. laws. Key Words: general, crime, KIR-83 KRU-86 threats. Kirby, M.D. Krull, A. "Computer Crime and Law 'Ten Losing Strategies for LAN-85 Reform in Australia," Data Security," Computer Landreth, B.

Information Age (UK), Security Joumal , Vol. 4, No. (with H. Rheingold)

October 1983. pp. 241-247. 1, 1986, pp. 21-28. Out of the Inner Circle . Microsoft Press, Bellevue, Key Words: crime, laws, Key Words: awareness, WA. 1985 policy, international. general, policy, guidelines. Key Words: book, hackers, KLI-80 KUO-87 general. vulnerabiUties. Kling, R. Kuong, J.F. "Computer Abuse and "Computer Disasters and LAS-81 Computer Crime as Corporate Amnesia and Lasden, M. Organizational Activities," Corporate Paralysis," CPR-J: "Computer Crime," Computer

Computer/Law Journal, Contingency Planning & Decisions , June 1981, pp. 104-

Spring 1980, pp. 403-427. Recovery Joumal , No. 4, 124. 1987, pp. 1-4. Key Words: crime, threats, Key Words: awareness, crime, policy. Key Words: Awareness, threats, general. threats, vulnerabilities, policy. KNA-83 LAU-88 Knapp, T.J. KUO-88 Laureson, A. "Selling Data Security to Kuong, J.F. "Keeping Your PCs Where Upper Management," Data "Computer Viruses ~ Are They Belong." Security

Management , July 1983, pp. They a Threat to Business Management, July. 1988, pp. 22-25. Continuity?," CPR-J: 53-55. Contingency Planning &

Key Words: policy, Recovery Joumal . No 2, 1988, Key Words: guidelines, PC, guidelines. pp. 5-7. policy.

KRA-88 Key Words: viruses, threats, LEE-86 Kratz, M. awareness, policy. Lee, J.A.N., G. Segal, and "Computer Crime Legislation R. Steier in Canada" Proc. IFIP/Sec. "Positive Altematives: A '88 . Austraha, 1989, (2: Report on an ACM Panel on CAE-89). pp. 101-118. Hacking," Communications of

the ACM , AprU 1986, pp. Key Words: crime, 297-299. international, legislation. Key Words: hackers, general, policy.

1-14 LEH-82 LOU-84 MAR-88 Lehman, R.L. Louwerse, CP., and Marx, P. 'Tracking Potential Security J.M.L. Kouwenberg* "The Legal Risks of Using Violations," Security Audit & "Data Protection Aspects in Information as a Competetive

Control Review , Winter an Integrated Hospital Weapon," Software Law

1981/82. pp. 26-39. Information System," Journal , Spring 1988, pp. 185-

Computers & Security , 201. Key Words: policy, November 1984, pp. 286-294. guidelines. Key Words: awareness, Key Words: general, general, policy, laws. LOB-81 guidelines, policy, techniques. Lobel J. MAX-85 "The Foreign Corrupt LYN-83 Maxfield, J.F. Practices Act Applied to Lyndon, K. "Computer Bulletin Boards and Information Systems," Proc. "A New Policy in Protection - the Hacker Problem," - Comp. Sec. & Priv. Computer Crime Insured," EDPACS , October 1985, pp. Symposiimi, Phoenix, AZ, Security World, January 1983, 1-11. 1981 (1: HON-81). pp. 69- pp. 38-40. 78. Key Words: hackers, threats. Key Words: general, policy. Key Words: legislation, MAY-85 policy. MAD-88 Mayo, K. Madsen, C. "Business Battles In-House LOB -83 "The World Meganetwork and Pirates," Business Computer

Lobel J. Terrorism," Proc. IFIP/Sec. Systems , February 1985, pp. '88 'The State-of-the-Art In , Australia, 1989, (2: CAE- 60-65. Computer Security," 89), pp. 343-349.

Computers & Security , Key Words: software piracy. November 1983, pp. 218-222. Key Words: awareness, policy, threats, intemational. MCA-89 Key Words: awareness, McAfee, J., and C. Haynes techniques. MAN-84 Computer Viruses, Worms, Mantle, R.A. Data Diddlers, Killer LOB -86 'Trade Secret and Copyright Programs, and Other Threats

Lobel J. Protection of Computer to Your System , St. Martin's "Impact of Technology on Software," Computer/Law Press, New York, 1989. Computer Security," Journal, Spring 1984, pp. 669- Information Age, (U.K.) 694. Key Words: book, viruses, April 1986, pp. 77-80. threats, vulnerabilities. Key Words: software piracy, Key Words: general, laws. MCA-89a techniques. McAfee, ID. MAR-83 "Managing the Virus Threat," LON-87 Marbach, W.D., et al. Computerworld, February 13, Longley, D., and M. Shain "Beware: Hackers at Play," 1989, pp. 89-96.

Data & Computer Security: Newsweek , Sept. 5, 1983, p. Dictionary of Standards and 5-1-. Key Words: viruses, threats.

Terms , Stockton Press, New York, 1987 Key Words: awareness, MCI-81 hackers, crime, threats. Mclsaac, D. Key Words: book, guidelines, "Introduction to Computers: laws, general, policy. MAR-84 Security Problems and Martin, W.P. Considerations," Assets

"Arresting Computer Crime," Protection ,

Interface Age , (U.K.) November/December 1981, pp. February 1984, pp. 71-75 13-22.

Key Words: crime, laws, Key Words: awareness, threats, guidelines. general, threats, policy.

1-15 MCL-88 MOU-82 NEU-86 McLeod. K. Moulton, R.T. Neugent, W. "Computer Insecurity," "A Strategy for Dealing with "Preposterous Opinions About

Information Age , (U.K.), Computer Fraud and Abuse," Computer Security," Security, April 1988. pp. 89-93. Computer Security Journal, Audit & Control Review, Winter 1982, pp. 31-40. Summer 1986, pp. 1-8. Key Words: awareness, general, crime, threats. Key Words: crime, threats, Key Words: awareness, policy, guidelines. general. MIL-85 MiUard, C.J. MUR-86 NOR-83 Legal Protection of Computer Murphy, I. Norman, A.R.D.

Programs and Data, Carswell "Aspects of Hacker Crime: Computer Insecurity . Chajwnan Co., Ltd, Toronto. 1985. High-Technology Tomfoolery and Hall, London. 1983.

or Theft?," Information Age , Key Words: software piracy, (U.K.) April 1986, pp. 69-73. Key Words: book, awareness, laws. general, threats. Key Words: crime, policy, MIS-85 laws, hackers, threats. NOR-84

Miskiewicz. J. Norman, A. "DP Security: A Delicate MUR-86a "Crime by Computer," Balance," Computer Murray, W.H. Information Resources

Decisions , April 23, 1985, "Security Concepts and the Management (UK) . March pp. 104ff. New Computer Economics," 1984, pp. 18-21.

Computer Security Journal, Key Words: awareness, Vol. 4, No. 1, 1986, pp. 7-14. Key Words: crime, threats, general, policy. general, policy. Key Words: general, poUcy. MOS-88 NYE-81 Mosaccio, J. MYE-83 Nye, J.M. "Computer Sites: Assessing Myers, J. "A Primer on Security, Part " the Threat," Security "Fraud and Computers." New 1, Mini-Micro Systems , June 139-148. Management , July 1988, pp. Law Journal , January 21, 1981, pp. 40-51. 1983, pp. 71-72. Key Words: awareness, Key Words: vulnerabilities, Key Words: crime, threats, general. threats, general. laws. NYE-81a MOU-81 NAF-80 Nye. J.M. Moulton, R.T. Naftalis, G.P. "A Primer on Security. Part " "System Security Standards," White Collar Crimes . 2. Mini-Micro Systems . July Computer Security Journal. American Law Institute and 1981, pp. 166-174. Spring 1981, pp. 73-82. American Bar Association, Philadelphia, PA, 1980. Key Words: awareness, Key Words: general, general. guidelines. Key Words: book, crime, general. OLI-85 M0U-81a OUver. C.R. Moulton, R.T. NBS-80 "A Psychological Approach to "Prevention: Better Than Guidelines for Security of Preventing Computer Abuse - History," Protection," Government Data Computer Applications , FTPS A Case Computer

Security Journal , Winter 1985, Systems , Nov ./Dec. 1981, pp. PUB 73, National Bureau of 20-23. Standards, Gaithersburg, MD, pp. 51-56. June 1980. Key Words: awareness, Key Words: crime, threats, general, guidelines, policy. Key Words: general, laws, guidelines, policy. guidelines, techniques, policy.

1-16 OMB-85 PAR-83a RIC-84 Management of Federal Parker, D.B. Richards, T.C.

Information Resources , OMB "How Much Computer Abuse "A Computer Fraud Survey," Circular No. A- 130, Office of Is There?" Computer Security ACM Security Audit &

Management and Budget, Journal , Spring 1983. pp. 85- Control Review , Spring-Sum. Washington, DC, December 89. 1984, pp. 17-23. 1985. Key Words: crime, general, Key Words: awareness, Key Words: government, threats, awareness. computer crime, general, policy. threats. PAR-84 OTA-81 Parker, D.B. RIC-86 Computer-Based National "A Strategy for Preventing Richards, R.M., and Information Systems: Program TTieft and System J.L. Guynes Technology and Public Policy Hacking," Computer Security "A Strategic Plan for Reducing

Issues , Office of Technology Journal , Siunmer 1984, pp. Consumer Anxiety About Assessm.ent, Washington, DC, 21-32. EFTS Security," Security,

September 1981. Audit & Control Review , Key Words: hackers, crime, Spring 1986, pp. 4-8. Key Words: government, threats, policy, guidelines. policy, guidelines, laws. Key Words: awareness, policy. PAR-84a OTA-86 Parker, D.B.. and RIC-86a Intellectual Property Rights in S.H. Nycum Richards, R.M. an Age of Electronics and "Computer Crime," "Insuring Computer Risks,"

Information. OTA-CIT-302, Communications of the ACM , Computers & Security , U.S. Congress, Office of April 1984, pp. 313-315. September 1986, pp. 207-210. Technology Assessment, Washington, DC, April 1986 Key Words: crime, threats, Key Words: policy, guidelines. general, awareness, guidelines. Key Words: government, RIC-86b policy, legislation. PER-84 Richards, T.C. Perry, T.. and P. Wallich "A Historical Perspective of PAR-80 "Can Computer Crime Be Computer Related Fraud,"

Parker, D.B. Stopped?," IEEE Spectrum , Security, Audit & Control

"Computer Abuse Research May 1984, pp. 34-49. Review , Summer 1986, pp. 15- Update," Computer/Law 25.

Journal , Spring 1980, pp. Key Words: crime, policy, 329-352. laws. Key Words: crime, threats, awareness, general. Key Words: crime, threats, POD-86 policy, awareness, laws. Podell, H.G.. and ROB-88 M.W. Abrams Roberts, R.

PAR-81 "Computer Security Glossary Computer Viruses , Compute! Parker, D.B. for the Advanced Books, Greensboro, NC, 1988 Ethical Conflicts in Computer Practitioner." Computer

Science and Technology , Security Journal . Vol. 4, No. Key Words: book, viruses,

AFIPS Press, Reslon, VA. 1, 1986. pp. 69-88 threats. 1981. Key Words: guidelines, ROB-88a Key Words: general, policy, general. Roberts. W. ethics. "Remember to Lock the Door: REB-86 MMI and the Hacker."

PAR-83 Reber, J. Information Age , (U.K.), July Parker, D.B. "The Essence of Industrial 1988, pp. 146-150.

Fighting Computer Crime , Espionage," Data Processing

Charles Scribner's Sons, New & Communications Security , Key Words: hackers, York, 1983. Winter 1986. pp. 24-25. awareness, threats, guidelines.

Key Words: crime, generd, Key Words: awareness, policy, guidelines, laws. general, threats, laws.

1-17 ROS-85 SCH-84a SEI-84 Ross. SJ. (Ed.) Scherer, M.E. Seif, R.A. "Computer Security Issues: A "Unsafe Software — The "Contingency Planning in the Roundtable," Computer Missing Security Perspective," Banking Community,"

Security Journal , Winter Computer Security Journal , Computers & Security , 1985. pp. 39-50 Summer 1984, pp. 43-52. February 1984, pp. 29-34.

Key Words: awareness, Key Words: awareness, Key Words: awareness, policy. policy. threats. SER-83 SAM-85 SCH-85 "Industrial Espionage," Samociuk, M. Schweitzer, J. A. Security Worid, April 1983, "Hacking or the Art of "A Management View: pp. 33-39. Armchair Espionage," Computer Security as a Computer Fraud and Security Discretionary Decision," Key Words: crime, threats.

Bulletin , July 1985. Computers & Security , March 1985, pp. 13-22. SEW-84 Key Words: hacking, crime, Sewell. C. Key Words: policy, "Screening Out The People

SAT-89 guidelines. Problem." Security World . Sato, O. October 1984. pp. 50-52. "Controlling End-User SCH-86 Computing: An Analytical Schweitzer, J.A. Key Words: policy, guidelines. Framework," ACM Security, "Who Owns Information

Audit and Control Review , Security?" Security, Audit & SEY-85

Fall 1989, pp. 6-12. Control Review , Spring 1986, Seymour. J. pp. 1-3. "Lx)cking Up Your Information

Key Words: policy, Assets," Today's Office , April guidelines. Key Words: awareness, 1985, p. 23ff. general. SCH-80 Key Words: policy, guidelines. Schulte, L.A. SCH-86a "Computer Crime Schweitzer, J.A. SIE-87 Bibliography," Computer/Law Computer Crime and Business Sieber, U.

Journal , Sununer 1980, pp. Information , Elsevier, New The International Handbook on 787-803. York, 1986 Computer Crime: Computer- Related Economic Crime and

Key Words: awareness, Key Words: crime, threats. the Infringements of Privacy , general, crime, guidelines. J. Wiley & Sons, Somerset, SEC-86 NJ. 1987 SCH-83 "How Business Battles Crime Schwartz, M.B. by Computer." Security Key Words: crime, threats,

"Safeguarding EFTS," World . October 1986, pp. 54- general, international.

Datamation , February 1983, 60. pp. 148-160. SIL-83 Key Words: crime, poUcy. Silverman, M.E. Key Words: policy, "Selling Security to Senior guidelines, techniques. SEC-89 Management, DP Persoimel "10 Top Security and Users," Computer Security

SCH-84 Trends, "Security, February Journal , FallAVinter 1983, pp. Schmucker K.J. 1989, pp. 47-51. 7-18. "Computer Crime: Fiction

and Science Fact," Abacus , Key Words: policy, Key Words: awareness, Spring 1984, pp. 8-21. techniques. general, poHcy, guidelines.

Key Words: awareness, crime.

1-18 SIL-85 STA-85 TUR-86 Silverman, M.E. Stanley, P.M. Turn, R. "Strategic Planning ~ The "Educating Computer Crime "Security and Privacy Missing Link in Computer Investigators," Proc. IHF/Sec. Requirements in Computing," Security" Computer Security ;85, Dublin, 1985, (2: GRI- Proc. ACM/IEEE Fall Joint 31- Journal. Winter 1985, pp. 85), pp. 313-322. Computer Conference , 38. November 1986, pp. 1106- Key Words: crime, guidelines. 1113. Key Words: policy, guidelines. STA-86 Key Words: policy, guidelines. Straub, D.W. SIM-81 "Computer Abuse and TUR-86a Simkin, M.C. Security: Update of an Turn, R. "Computer Crime: Lessons Empirical Pilot Study," "Security, Privacy, Safety and E)irections," The CPA Security, Audit & Control andResiliency in Computing,"

Journal , December 1981, pp. Review , Spring 1986, pp. 21- in J. Skwirzynski (Ed.),

10-14. 31. Software Design Methods , NATO ASDI Series Volume Key Words: crime, threats, Key Words: crime, guidelines, F22, Springer- Verlag, New policy. techniques. York, 1986, pp. 653-679.

SMA-84 STR-88 Key Words: policy, guidelines, "Controlling Computer Straub, D.W., and techniques.

Crime," Security Managment . W.D. Nance January 1984, pp. 19-34. "Uncovering and Disciplining VAN-84 Computer Abuse: Van Hoboken, W.R.C. Key Words: crime, poUcy, Organizational Responses and "The Burglar's Viewpoint,"

techniques. Options," Information Age , Computers & Security , (U.K.), July 1988, pp. 151- November 1984, pp. 295-302. SMI-83 156. Smith, T.H. Key Words: crime, threats. "Computers and the Law of Key Words: crime, policy, Evidence," Transnational Data threats, guidelines. VAN-85 Report, December 1983, pp. van Tongeren, H. 451-454. TUR-82 "Information Security in the Turn, R. Framework of the International Key Words: crime, policy, "Private Sector Needs for Information Flow Debate: A laws. Trusted/Secure Computer Business View," Proc. Systems," Proceedings, 1982 MP/Sec'85 (2: GRI-85), pp. SOK-90 National Computer 323-328.

Sokolik, S.L. Conference , AFIPS Press, "Computer Crime — The Reston. VA, 1982, pp. 449- Key Words: policy, guidelines, Need for Deterrent 460. international. Legislation," Computer/Law

Journal , Spring 1980, pp. Key Words: policy, VOL-80 333-383. guidelines. Volgyes, M.R. "The Investigation, Prosecution Key Words: crime, TUR-85 and Prevention of Computer legislation. Tumer, B.M. Crime: A State of the Art 'Tenorist Attacks Upon Review," Computer/Law

STA-84 Technological Systems," Journal , Spring 1980, pp. 385- Staikos, N. Journal of Security 402.

"Designs for Computer Administration , December Security," Security World, 1984, pp. 25-32. Key Words: crime, guidelines, March 1984, pp. 52-55. policy, laws. Key Words: crime, threats. Key Words: policy, guidelines, techniques.

1-19 VOL-83 WEB-85a WON-84 Volkman, T.C. Webster, W.H. Wong. K. "Computers — America's 'Technology Transfer, "Computer-Related Fraud in Achilles' Heel," Air Industrial Espionage, & the U.K.," EDPACS. June

University Review , May-June Computer Crime: The FBI's 1984. pp. 5-9. 1983. pp. 43-47. Activities," Computer Security

Journal , Winter 1985, pp. 7- Key Words: awaraiess. crime, Key Words: vulnerabilities, 12. international. threats. Key Words: crime, WON-85 WAR-83 government, guidelines, Wong. K.K. Ware, W.H. policy. "Computer Disaster in the "Computer Security Standards United Kingdom," EDPACS. for Government and Industry: WEI-82 January 1985, pp. 1-7. Where Will They Come Weiss, E.A. From?," Computer Security "Self-Assessment Procedure Key Words: awar^ess, crime, Journal. Spring 1983, pp. 71- E)ealing With Ethics in international. 76. Computing," Communications

of the ACM , March 1982. pp. WOO-82 Key Words: policy, 181-195. Wood, M. guidelines, government. Introducing Computer Security . Key Words: awareness, ethics. NCC Publications. Manchester. WAR-84 England. 1982. Ware, W.H. WEI-84 "Information Systems Weinberger, F. Keyword: awareness, general. Security and Privacy," "Computer Security: Plan for

Communications of the Action," TeleSystems Journal , YNG-88

ACM , April 1984, pp. 315- March/April 1984. pp. 11-21. Yngstrom, L. 312. "Experiences from a One- Year Key Words: awareness, Academic Programme in Key Words: awareness, policy, guidelines. Security Informatics." Proc. '88 general. IFIP/Sec. . Australia, 1989. WEL-86 (2: CAE-89). pp. 83-86. WAR-88 WeUer. R.. and S. Wall Ware. W.H. "Source Code Under Lock Keyword: awareness, general.

"Perspectives on Trusted and Key," Computerworld, Computer Systems," Proc. June 2, 1986. p. 69. YOS-85 '88 IFIP/Sec. , Australia, Yost, G. 1989, (2: CAE-89), pp. 309- Key Words: guidelines, Spy-Tech. Fact On File Pub., 330. techniques. New York, 1985.

Key Words: awareness, WON-83 Key Words: awaroiess, general, techniques. Wong, K. general. "Computer-Related Fraud,"

WEB-85 Information Age (UK) , YOU-82 Webster, W.H. January 1983, pp. 16+ Yourdan, E.

'Technology Transfer, Silent Witness . Yourdan Press, Industrial Espionage and Key Words: awareness, New York. 1982. Computer Crime: The general, crime, threats, Problems We Are Facing," Key Words: awareness, Computer Crime Digest, WON-83a general. January 1985. pp. 1-5. Wong, K. "Computer-Related Fraud in YOV-89 Key Words: crime, the U.K.," Information Age. Yovel. S.

guidelines, policy, techniques. (U.K.) , October 1983, pp. "On Viruses and Top

238-240. Managers." Information Age . (U.K.), September 1989. pp. Key Words: awareness, crime, 202-210. international. Key Words: awareness, viruses, guidelines.

1-20 ZAJ-85 ZAL-83 ZIM-85 Zajac, B.P.. Jr. Zalud, B. Zimmerman, J.S. "Police Response to "Computer Criminals Will Be "PC Security: So What's

Computer Crime in the Prosecuted: Adoping A New?" Datamation , November United States," The Computer 'Prevention First' Approach," 1, 1985, pp. 86-92 Law and Sectmty Report, Data Management, April July-August 1985, pp. 16-17. 1983, pp. 30+. Key Words: awareness, general, PC. Key Words: crime, Key Words: crime, policy, legisIatiorL guidelines.

ZAJ-86 ZIM-84 Zajac, B.P., Jr. Zimmerman, J.S. "What to Do When You "The Human Side of Have Reason to Believe Your Computer Security," Computer

Computer Has Been Security Journal , Summer Compromised". Computers & 1984, pp. 7-20.

Security . March. 1986, pp. 11-16. Key Words: awareness.- general, threats, guidelines. Key Words: hackers, viruses, threats, guidelines.

1-21

2. Management

The section cites publications on various management issues, including: the need for security in mainframe, minicomputer and personal computer systems (risk management, risk analysis); administrative and personnel policies and controls; physical security in computing facilities; and operational (disaster) recovery. Also included are publications containing technical discussions of threats and vulnerabilities (e.g., viruses).

ADD-87 AIM-81 ALS-86 Addison, K., et al. AIM/SAFE: A Data Al-Saffar, H. "Computer Security at SUN Processing Contingency "Using SMF Data for Audit

Microsystems, Inc.," Proc. Planning Methodology , Purposes," EDPACS , February

10th Natl. Comp. Sec. Conf. , Advanced Information 1986, pp. 1-14. (5: NCS-87a), 1987, pp. 216- Management, Inc., 219. Woodbridge, VA, 1981. Key Words: auditing, methods.

Key Words: company, Key Words: guidelines, ANC-83 general, policy, management, recovery, techniques. Ancker, A. techniques "Facilities for Computers and ALD-88 Office: Security Conscious '83 AFC-85 Aldridge, B.T. Planning," Proc. IFIP/Sec. , Proceedings, Symposium on "Preliminary Formulation of a Stockholm, 1983, (2: FAK-83), Physical/Electronic Security, Policy Based on Risk (PER) pp. 143-146. AFCEA, 1986. Asessment Methodology," Proc. Comp. Sec. Risk Key Words: guidelines, Key Words: proceedings, Manag. Model Builders physical.

physical. Workshop , 1988 (2: NBS-88), pp. 225-242. AUS-81 AFC-86 Austin, B.B. Proceedings, 2nd Annual Key Words: risk, policy, "ControUing Physical Access Symposium on methods. from a Central Locations,"

Physical/Electronic Security , Computer Security Journal , AFCEA, Philadelphia, PA, ALK-89 Spring 1981, pp. 83-98. August 1986. Alkemi

Computer Risk Manager , Key Words: physical, control, Key Words: proceedings, Elsevier Advanced techniques. physical. Technology New York, NY, 1989. BAD-89 AFC-87 Badenhorst, K.P., and J. Eloff Proceedings, 3d Annual Key Words: risk, "Framework of a Methodology Symposium on management, methods. for the Life Cycle of Computer Security in an Physical/Electronic Security , AFCEA, 1987. ALL-81 Organization," Computers &

Allen, B.R. Security , August 1989, pp. Key Words: proceedings, "Threat Teams: A Technique 433-442. physical. for the Detection and ftevention of Fraud in Key Words: general, methods. Automated and Manual Systems," Computer Security 1- Journal , Spring 1981, pp. 13.

Key Words: guidelines, techniques.

2-1 BAK-85 BEC-83 BER-83b Baker, R.H. Becker, H.B. Bernstein. R.A. The Computer Security Information Integrity: A "Contingency Planning — A for Its Handbook . TAB Professional Structure Definition Case Study," EDPACS .

and Reference Books, Blue and Management, McGraw- October 1983. pp. 9-12. Ridge Summit, PA, 1985. Hill, New York, 1983 Key Words: contingency, Key Words: book, geberal, Key Words: book, integrity, methods. techniques. general, methods, guidelines. BER-84 BAL-87 BEC-84 Berg. R. Baldwin, R.W. Becker, H.B. "Risk Management for "Rule Based Analysis of "Security Considerations in Computer Centers," Computer Security," the Small Systems Informormation Resource Proceedings, IEEE Compcon Environment," Proc. IFIF/Sec. Management (U.K). March

1987 , pp. 227-233. _;84, Toronto. 1984, (2: FIN- 1984, pp. 16-17. 85), pp. 501-516. Key Words: general, Key Words: risk, management, methods. Key Words: general, methods. guidelines. BAR-80 BES-88 Barbarino, P. BEI-84 Bessenhoffer. R. "Multi-Tiered Approach to Beitman, L. "Designing Security Into a System Security," Proc. 1980 "An Audit Software Program Modem Data Processing

IEEE Symp. on Security & Base," EDPACS , March 1984, Center." Computer Security 6-8. Privacy , (5: IEE-80), pp. pp. Journal, Volume V, No. 1, 114-120. 1988. pp. 53-66. Key Words: auditing, Key Words: general, method, software. Key Words: methods, techniques. techniques. BEN-89 BEA-84 Benzel, T.C.V. BIC-89 Beatman, L. "Integrating Security Bickner. L. "Microcomputer in the Audit Requirements and Software "Security Engineering of

Function," EDPACS , Development Standards," Proc. Secure Ground Stations," Proc. September 1984, pp. 4-6. 12th Natl. Comp. Sec.Conf. Aerospace Comp. Sec. Conf. (5: NCS-89), 1989. pp. 435- (5: IEE-85a), 1985, pp. 49-54. Key Words: auditing, 458. methods. Key Words: physical, Key Words: methods, techniques. BEA-85 software Beatson, J.G. BIS-86 "Development and BER-83 Bishop, M. Organization of the Audit Bermhed, L. "Analyzing the Security of An and Security Function," Proc. "A Method for Testing Existing Computer System," '85 MP/Sec. , Dublin, 1985, VuherabiUty." Proc. IFIP/Sec. Proceedings. ACM/IEEE Fall (2: GRI-85), pp. 251-259. ^83. Stockholm. 1983. (2: Joint Computer Conference, FAK-83). pp. 161-166. Nov. 1986, pp. 1115-1119. Key Words: audit, management. Key Words: vulnerability, Key Words: risk, methods. methods. BEA-86 BLA-81 Beatson, J.G. BER-83a Blanding, S.F. "Managing the EDP Audit Bemhard, R. "Computer Fraud Auditing -

and Security Function," "Foiling the Spoofers, Trap- A Case Study," EDPACS ,

«fe Computers Security , Doors, Trojan Horses...," Aug./Sept. 1981, pp. 4-24.

September 1986, pp. 201-206. Systems and Software , April 1983, pp. 67-68. Key Words: crime, auditing, Key Words: audit, company. management. Key Words: hackers, threats, methods.

2-2 BOL-84 BON-81 a BRA-81 Bologna, J. Bonyun, D.A. Brafman, M.J. "Disaster/Recovery Planning: 'Towards A Standard All- "Evaluating Computer Controls A Qualitative Approach," Purpose Activity Log," Using the Matrix Approach,"

Data Processing & Proceedings. Honeywell EDPACS . December 1981. pp.

Communications Security . Computer Security and 1-10.

March/April 1984, pp. 11-15. Privacy Symposium , April 1981. pp. 133-145. Key Words: risk, control, Key Words: contingency, methods. recovery, management. Key Words: auditing, guidelines. BRI-83 BOL-88 BriU, A.E. Bologna, G.J., and BON-88 Building Controls into

R.J. Linquist Bonyun. D.A.. and J. Graeme Structured Systems , Yourdon Fraud Auditing and Forensic "An Expert Systems Approach Press. New York, 1983.

Accounting , J. Wiley & to the Modelling of Risks in Sons, New York, 1988. Dynamic Envirorunent," Proc. Key Words: controls, methods. Comp. Sec. Risk Manag.

Key Words: book, auditing, Model Builders Workshop , BRO-84 control. 1988 (2: NBS-88). pp. 203- Browne, P.S. 223. 'The Automated Risk Profile BOL-88a (RiskPac), Proc. 7th Seminar, Bologna, J. Key Words: risk, methods, DoD Comp. Sec. Progr. (5: "Selection Risks in Hiring management. DOD-84). 1984. pp. 402-404. Information Systems Personnel," Computers & BOU-83 Key Words: risk, methods,

Security , August 1988, pp. Bound, W.A.J.. and D.R. Ruth management. 353-355. "Risk Mangement — How It Can Become a Useful Tool," BRO-86 '83 Key Words: risk, personnel. Proc. IFIP/Sec. , Brown. R.V. Stockholm. 1983, (2: FAK- "Managing Diffuse Risks from BOL-89 83), pp. 147-160. Adversarial Sotirces (DR/AS) Bologna, J. with Special Refemce to "The One Minute Fraud Key Words: risk, methods, Computer Security," Proc. 9th Auditor," Computers & management. Nati. Comp. Sec. Conf. (5: NCS-86). 1986. 162-167. Security , February 1989, pp. pp. 29-31. BOU-83a Bound, W.A.J., and D.R. Ruth Key Words: risk, management, Key Words: crime, auditing. "Making Risk Analysis A methods. Useful Management Tool with BON-81 Microcomputer Electronic BRO-87 Bonyun, D. Worksheet Packages." Brown, R.L. "Specification for a "The Role of a Well Defined Computers & Security . June Auditing Process in the 1983. pp. 102-115. CanonicalConfiguradon Enforcement of Privacy Management Tool," Proc. 10th PoUcy and Data Security," Key Words: risk, methods, NaU. Comp. Sec. Conf. (5: Proc. 1981 IEEE Symp. on management. NCS-87a), 1987. pp. 84-90.

Sec. & Privacy , (5: IEE-81), pp. 19-25. BOY-82 Key Words: management, Boyer. T.J. methods. Key Words: policy, auditing, "Contingency Planning: An methods. Opportunity for DP Management." Computer

Security Journal . Winter 1982, pp. 41-49.

Key Words: contingency, recovery, methods. BRO-88 BUR-85 CAR-82 Browne, P.S., and Bums, R.W. Carroll, J.M. J.E. Laverty "Security Implications of the Controlling White Collar "Using Decision Analysis to Space Station Information Crime: Design and Audit for

Estimate Computer Security System," Proc. Aerospace Systems Security , Butterworths, Risk," Proc. Comp. Sec. Risk Comp. Sec. Conf. (5: lEE- Wobum, MA, 1982. Manag. Model Builders 85a), 1985, pp. 3-10.

Workshop . 1988 (2: NBS- Key Words: book, crime,

88) , pp. 117-134. Key Words: requirements, auditing. govenmient. Key Words: risk, CAR-83 management, methods. BUR-88 Carroll, J.M., and O. Wu Burger, R.H. "Methodology for Security BRO-89 Computer Viruses: A High- Analysis of Data Processing

Brothers, M.H. Tech Disease , Abacus, Grand Systems," Computers &

"A 'How To' Guide for Rapids, MI, 1988. Security , January 1983, pp. 24- Computer Virus Protection in 34. MS-DOS," Proc. 12th Natl. Key Words: book, general, Comp. Sec. Conf. (5: NCS- virus, risk, techniques. Key Words: risk, threats,

89) , 1989, pp. 349-358. methods, managements. BUU-84 Key Words: virus, guidelines, Buurmeijer, F. CAR-83a methods. "IBM's Data Security Carroll, J.M. Strategy: Some "Descision Support for Risk BRU-85 Implementation Aspects," Analysis," Computers &

Bruske, S.Z., R.E. Wright, Computers & Security , Security , November 1983, pp. and W.D. Geaslen November 1984, pp. 273-277. 230-236. "Potential Uses of Probabilistic Risk Assessment Key Words: methods, Key Words: risk, threats, Techniques for Space Station company. methods, management. Development," Proc.

Aerospace Comp. Sec. Conf. CAE-89 CAR-84 (5: IEE-85a), 1985, pp. 21- CaelU, W.J. (Ed.) Carrroll, J.M. 29. Computer Security in the Age Managing Risk: A Computer-

of Information , Proc. Aided Strategy , Butterworth, Key Words: risk, methods. IFIP/Sec. '88, Gold Coast, Stoneham, MA 1984. AustraHa, May 1988, North- BUC-87 Holland, Amsterdam 1989. Key Words: book, risk, Buck, E.R. methods, management. An Introduction to Data Key Words: proceedings,

Security and Controls , Q.E.D. general, international. CAR-84a Information Sciences, Inc., Carroll, J.M., and Wellesley, MA, 1987. CAM-83 W.R. Maclver Campbell, R.P. 'Towards an Expert System Key Words: book, control, "Lxjcking Up the Mainframe, for Computer-Facility methods. Part 1," Computerworld, Certification," Proc. IFIP/Sec. October 10, 1983, pp. IDl- J4, Toronto, 1984, (2: FIN- BUI-87 ID15. 85),'84, pp. 293-306. Bui, T., and T.R. Sivasankaran Key Words: threats, policy, Key Words: physical, methods, "Cost-Effectiveness Modeling methods. risk. fora Decision Support System in Computer Security," CAM-83a CAR-85

Computers & Security , April Campbell, R.P. Carroll, J.M., and 1987, pp. 139-151. "Locking Up the Mainframe, W.W. Mac Iver 2," Part Computerworld, "COSSAC: A Framework for Key Words: methods, October 17, 1983, pp. IDl- Analyzingand Configuring management. ID14. Secure Computer FaciUties,"

Computers & Security . March Key Words: threats, policy, 1985, pp. 5-12. methods. Key Words: physical, methods.

2-4 CAR-87 CHO-89 COH-84a Carroll, ]M. Chokhani, S. Cohen, F.

Computer Security , Second "Protection of Call Detail "Computer Viruses: Theory Edition, Butterworths, Boston, Records Data in Federal and Experience," Proc. '84 MA, 1987 Telecommunications," Proc. mP/Sec. , Toronto. 1984, 5th Sec. Applicat. Conf. (4: (2: FIN-85), pp. 143-158. Key Words: book, general, IEE-89C), 1989. pp. 70-77. methods, guidelines, Key Words: virus, theory, techniques. Key Words: government, techniques. threats, policy, methods, CER-85 techniques. COH-87 Cerullo, MJ. Cohen, F. "General Controls in CLA-86 "Computer Viruses: Theory Computer Systems," Clark, R. and Experiments," Computers

Computers & Security , March "Risk Mangement ~ A New & Security , February 1987, pp. 1985, pp. 33-45. Approach," Proc. IHF/Sec. 22-25. ;86, Monte Carlo, 1986, (2: Key Words: controls, GRI-89). Key Words: virus, techniques, methods. theory. Key Words: risk, methods, CHA-82 management. COH-88 Chambers, A.D. Cohen. F.

Computer Auditing , CLY-87 "On the In-iplications of Commerce Clearing House, Clyde, A.R. Computer Viruses and Inc., Chicago, 1982. "Insider Threat Identification Methods of Defense,"

System," Proc. 10th Natl. Computers & Security , April

Key Words: auditing, Comp. Sec. Conf . (5: NCS- 1988. pp. 167-184. methods. 87a), 1987, pp. 343-356. Key Words: virus, threats, CHA-85 Key Words: threats, risk, methods. Chalmers, L.S. methods. "A Low-Cost Approach to COH-88a Disaster Recovery Planning," COC-84 Cohen, F.

Computer Security Journal , Cochrane, J.S. "Maintaining a Poor Person's Winter 1985, pp. 57-61. "Automated Data Processing Information Integrity,"

Security Accreditation Computers & Security . October Key Words: contingency, Program (A Composite 1988, pp. 489-494. recovery, methods, Guideline)," Proc. 7th

maangement. Seminar, DoD Comp. Sec . Key Words: integrity, methods. Progr. (5: DOD-84), 1984, pp. CHA-86 351-363. COH-88b Chalmers, L.S. Cohen, F. "An Analysis of the Key Words: guidelines, 'Terminal Viruses," The

Differences Between accreditation. Sciences , Nov.-Dec. 1988, pp. Computer Security Practices 24-30. in the Military and Private COH-84 Sectors," Proc. 1986 IEEE Cohen, F. Key Words: virus, techniques. Symp. on Security & Privacy "Computer Viruses: Theory (5: IEE-86), pp. 71-77. and Experiments," Proc. 7th COH-89

Seminar, DoD Comp. Sec . Cohen, F. Key Words: policy, methods, Progr. (5: DOD-84), 1984, pp. "Computational Aspects of management. 240-263. Computer Viruses," Computers

& Security , June 1989, pp. CHA-88 Key Words: virus, techniques, 325-344. Chantino theory.

Disaster Recovery , Elsevier, Key Words: virus, techniques. New York, NY, 1988.

Key Words: book, recovery, methods.

2-5 COO-89 COU-85 CRO-84 Cooper, J.A. Courtney, R.H., and Croft, R.B. Computer and M.A. Todd "A Flow Charting Technique Communications Security- "Problem Quantification: for Designing On-Line Data

Strategies for the 1990s, Importance of Cost-Effective Security," TeleSystems Journal , '85 McGraw-Hill, New York, Security," Proc. IFIP/Sec. , March/April 1984, pp. 22-27. 1989. Dublin, 1985, (2: GRI-85), pp. 55-63. Key Words: risk, techniques. Key Words: book, general, networks. Key Words: methods, CRO-85 techniques. Cronhjort, B.T., and COP-88 A. Mustonen Copigneaux, F., and COU-86 "Computer Assisted Reduction S. Martin Courtney, R.H. of Vulnerability of Data '84 "Software Security Evaluation "Security Measures Are Centers," Proc. IFIP/Sec. , Based on Top-Down McCall- Inherently Undesirable," Toronto, 1984, (2: FIN-85), 9- Like Approach," Proc. 4th EDPACS . March 1986, pp. pp. 397-425.

Aerosp. Comp. Sec. Conf. (4: 12. IEE-88b). 1988, pp. 414-418. Key Words: risk, Key Words: methods, vulnerabilities, methods, Key Words: risk, methods. management. techniques.

COR-82 COU-86a CRO-86 Coryen, G.C. Courtney, R.H. Cronin, D. A Methodology for Assessing "An Economically Feasible Microcomputer Data Security:

Security Risks Associated Approach to Contingency Issues & Strategies , Brady with Computer Sites and Planning," Proc. 9th Natl. Communicat./Prentice-HaU,

Networks , UCRL-53292, Comp. Sec. Conf. (5: NCS- Englewood Cliffs, NJ, 1986. Lawrence Livermore National 86), 1986, pp. 237-244. Laboratory, Livermore, CA, Key Words: book, June 23, 1982. Key Words: contingency, management, PC, techniques. recovery, methods. Key Words: risk, methods, CRO-89 networks. COU-88 Crocker, S., and M. Pozzo Courtney, R.H. "A Proposal for Verification- COR-87 "Another Perspective on Based Virus Filter," Proc. 1989 Corelis, J. Sensitive But Unclassified IEEE Symp. on Sec. &

"Source Code Security: A Data," Computers & Security , Privacy (5: IEE-89b), pp. 319- Checklist for Managers," February 1988, pp. 19-23. 324. ACM Sec. Audit & Control

Review , Spring 1987, pp. 12- Key Words: policy, Key Words: virus, techniques. 16. requirements. CSC-85

Key Words: software, COU-89 PC Security Considerations , guidelines. Courtney, R.H. NSSC-TG-002-85, National "Proper Assignment of Computer Security Center, Ft. COU-84 Responsibility for Data Meade, MD, 1985.

Courtney, R.H., and Security," Information Age , M.A. Todd (U.K.) April 1989, pp. 83-87. Key Words: guidelines, PC, "Problem Definition: An techniques. Essential Prerequisite to the Key Words: policy, Implementation of Security management. CSI-83

Measures," Proc. IFIP/Sec. Computer Security Handbook , 284, Toronto, 1984, (2: FIN- CRO-82 Computer Seciffity Institute, 85), pp. 97-106. Crow, W. Northboro, MA, 1983. "Making the ATM More Key Words: methods, Secure," The Bankers Key Words: book, guidelines,

techniques. Magazine , Jan./Feb. 1982, pp. general, techniques, 70-74. management.

Key Words: policy, techniques.

2-6 CSI-87 DEM-85 DON-84 "A Guide to Commercial DeMaio, H.B. Donovan, J.F. EHsastCT Recovery Services," "Controlling Advanced "Industrial Relations and Journal Computer Security , Information System Contingency Planning," Proc. Volume IV, No. 2, 1987, pp. Technology," Computer mP/Sec. '84. Toronto. 1984.

49-64. Security . Journal Winter 1985, (2: FIN-85), pp. 401-406. pp. 63-67. Key Words: contingency, Key Words: contingency, recovery. Key Words: management, management. control. CWO-86 DOS-85 "Disaster Recovery Hot DEN-81 Doswell, R.T.

Sites," Computerworld, May de Boef, A. "The Audit, Control and 12, 1986, p. 62ff. "Audit Monitoring of Security of the Project Life Production Data Files," Cycle ~ Pre-Implementation

Key Words: contingency, EDPACS , February '85 1981, pp. Stage," Proc. IFIP/Sec. , recovery. 1-16. Dublin, 1985, (2: GRI-85),'85, pp. 277-281. DAV-87 Key Words: auditing, Davis, F.G.F., and methods. Key Words: auditing, R.E. Gantenbein management. "Recovering from a DEN-87 Computer Virus Attack," Denning, D.E. DPC-84 Journal of Systems and "An Intrusion-Detection "Computer Security

Software , December 1987, Model," IEEE Trans, on Administration and Staffing," Software pp. 253-258. Engr. , February Data Processing &

1987, pp. 222-232. Communications Security , Key Words: virus, recovery, May/June 1984. methods. Key Words: threats, methods. Key Words: management, DAV-89 DES-88 persoimel. Davida, G.I., Y.G. Desmet, Desman, M.B. and B.J. Matt "Recovery Palnning — Pay DPC-84a "Defending Systems Against Attention to Your People," "Physical Security for Data

Viruses through Computer Security Journal , Processing Facilities," Data Cryptographic Volume V, No. 1, 1988. pp. Processing & Communications

Authentication," Proc. 1989 49-51. Security , Sept./Oct. 1984. IEEE Symp. on Sec. & Privacy (5: IEE-89b), pp. Key Words: policy, personnel, Key Words: physical, 312-318. management. techniques.

Key Words: virus, DEV-83 DUG-86 techniques, cryptography. DeVries, D. Dugan, E. "A Baker's Dozen: Security "Disaster Recovery Planning: DEL-89 Suggestions for Moving a Crisis Doesn't Equal

Computer Viruses: Data Center," Computer Catastrophe," Computerworld ,

Proceedings, Invitational Security Journal , Spring 1983, January 27, 1986, pp. 67-74.

Symposium , October 10-11, pp. 91-95. 1988, Deloite Haskings & Key Words: contingency, Sells. New York, 1989. Key Words: guidelines, recovery, management. physical. Key Words: proceedings, DUN-84 virus, methods, management. DOD-88 Dunmore, D. Security Requirements for "An EDP Risk Analysis

Automated Information Model," EDPACS . October

Systems (AIS) , U.S. 1984. pp. 6-11. Department of Defense, Washington, DC, March 1988. Key Words: risk, management, methods. Key Words: policy, requirements, government.

2-7 EAS-82 ESS-85 FEU-88

Eason, T.S., and D.A. Webb Essen, J., and B. Lindberg Feuerlicht, J., and P. Grattan Nine Steps to Effective EDP "The Bofors-Model for "The Role of Classification of

Loss Control , Digital Press, Working ADP Security," Proc. Information in Controlling '85 Bedford, MA, 1982. mP/Sec. , Dublin, 1985, Data Proliferation in End-User (2: GRI-85), pp. 47-53. PC Environment," Proc. '88 Key Words: book, control, IHP/Sec. . Australia, 1989, policy, guidelines. Key Words: risk, threats, (2: CAE-89). pp. 167-176. methods. EIC-89 Key Words: control, methods Eichin, M.Q.W., and FAK-83 management. J.A. Rochlis Fak, V.A. (Ed.)

"With Microscope and Security, Proc. of IFIP/Sec'83 . FEU-89 Tweezers: An Analysis of the Stockholm, Sweden, May 16- Feuerlicht, J., and P. Grattan Internet Virus of November 19, 1983, North-HoUand "The Role of Classification of 1988," Proc. 1989 IEEE Publishing Co., Amsterdam, Information in Controlling Symp. on Sec. & Privacy (5: 1983. Data Proliferation in End-User IEE-89b), pp. 326-343. Personal Computer Key Words: proceedings, Environment," Computers &

Key Words: virus, methods. general, international. Security , February 1989, pp. 59-66. ENG-80 FAS-89 Enger, N.L., and Fastiggi, M.V. Key Words: control, methods, P.W. Hoverton "Detection of Surreptitious management. Computer Security: A Insertion of or

Management Audit Approach , Viral Code in Computer FIE-82 Anacom, New York, 1980. AppUcation Programs," Fierello, M.

Information Age , (U.K.), "Cost-Benefit Impact Analysis Key Words: book, auditing, January 1989, pp. 3-10. of Computer Security methods, Standards & Guidelines," Proc.

Key Words: 5th Seminar, DoD Comp. Sec .

EPP-80 Prog . (5: DOD-82), 1982, pp. Epperly, E.V. FED-85 177-201. "The Department of Defense Proceedings, Federal Computer Security Initiative Information System Risk Key Words: guidelines,

Program and Current and Analysis Workshop , U.S. Air methods, management. Future Security Policies," Force Computer Security Proc. 2nd Seminar, DoD Program Office, San Antonio, FIN-85 Comp. Sec. Prog. (5: DOD- TX, January 1985. Finch, J.H., and 80a), 1980, pp. J1-J34. E.G. Dougall (Eds.) Key Words: proceedings, risk. Computer Security: A Global Key Words: policy, Challenge. Proc, IFIP/SEC '84 government. FER-87 , Toronto, Canada, 12-12 Ferris, M., and A. Cerulli Sept., 1984, North-Holland EPP-82 "Certification: A Risky Publishing Company, Epperly, E.V. Business," Proc. 10th Nad. Amsterdam, 1985. - "Computer Security Policies Comp. Sec. Conf. (5: NCS- Challenges and Prospects," 87a), 1987, pp. 266-272. Key Words: proceedings, Proc. 5th Seminar, DoD general, international. Comp. Sec. Prog. (5: DOD- Key Words: cerification, 82), 1982, pp. 99-137. policy. ns-89 Fish, T. and S. Meglathery Key Words: policy, "Professional Certification for government. Computer Security Practitioners," Proc. 12th Natl.

Comp. Sec. Conf . (5: NCS- 89), 1989. pp. 433-434.

Key Words: personnel, management.

2-8 FIT-81 FRY-83 GAO-81 Fitzgerald, J. Fry. B.G.P. and W.F. Main Federal Agencies Still Need to "EDP Risk Analysis Using "A Conceptual Methodology Develop Greater Computer

Matrices," EDPACS , for Evaluating Security Audit Capabilities , AFMD-82- November 1981. pp. 1-7. Requirements for Data 7. U.S. General Accounting Assets." Computers & Office, Washington, DC, 16

Key Words: risk, methods, Security . November 1983. pp. October 1981. management. 237-241. Key Words: auditing, FIT-89 Key Words: requirements, management, government. Fites, P.E. methods. Control and Security of GAO-81 a Computer Information FUG-84 Evaluating Internal Controls in

Systems , Computer Science Fugini, M.. and C. Martella Computer-Based Systems , Press, RockvUle. MD, 1989. "Security Mangement in AFMD-81-76, U.S. General Office Information Systems." Accounting Office, '84 Key Words: book, control, Proc. IFIP/Sec. . Toronto, Washington, DC, June 1981. methods. 1984, (2: FIN-85), pp. 487- 498. Key Words: control, FLA-86 government. Flach, J. Key Words: management, "Disaster Planning -- Beyond policy. GAR-87 a Prayer," Computer Security Garcia, A.A. (Ed.)

Products Report , Spring GAG-85 Computer Security: A 1986, pp. 9-11. Gage, D.W. Comprehensive Controls

"Security Considerations for Checklist , J. Wiley & Sons, Key Words: contingency, Autonomous Robots," Proc. Somerset, NJ, 1987. recovery. 1986 IEEE Symp. on Sec. & Privacy (5: IEE-86), pp. 224- Key Words: guidelines, FRA-83 228. methods. Francella, K. "Multiple Controls Combat Key Words: requirements. GAR-88 Computer Crime," Data Gamett, P.D. Management, July 1983, pp. GAL-85 "Selective Disassembly: A 21+. Gallery, S.M. First Step Towards Developing Computer Security: Readings Virus Filter," Proc. 4th Key Words: crime, controls, from Security Management Aerospace Comp. Sec. Conf. 2-6. methods, management. Magazine , Butterworths, (4: IEE-88b), 1988, pp. Boston, 1987. FRI-82 Key Words: virus, techniques. Friedman, S.D. Key Words: book, general, "Contingency and Disaster methods. GAR-89 Planning," Computers and Gardner, P.E.

Security , January 1982, pp. GAO-80 "Analysis of Five Risk 34-40. Most Federal Agencies Have Assessment Programs,"

Done Little Plaiming for ADP Computers & Security , October

Key Words: contingency, Disasters , AFMD-81-16, U.S. 1989, pp. 479-485. recovery, management. General Accounting Office, Washington, DC, 18 Key Words: risk, management, FRI-84 December 1980. techniques. Friedman, S.D. "Contingency and Disaster Key Words: contingency, GAS-86

Planning in EDP," EDPACS . recovery, government, Gascoyne, R.J.N. January 1984. pp. 4-9. management. "Basic Protection for

Microcomputers," EDPACS , Key Words: contingency, June 1986, pp. 5-6. recovery, management. Key Words: PC, techniques, management.

2-9 GIL-81 GIL-89 GRE-81 a Gilhooley, I.A. GUbert, I.E. Green, G., and R.G. Farber "Controlling the EDP Guide for Selecting Introduction to Security

Auditor," EDPACS , January Automated Risk Analysis Principles & Practices , Security

1981, pp. 1-7. Tools , SP 500-174, National World Publishing, Los Institute of Standards and Angeles, 1981. Key Words: auditing, control, Technology, Gaithersburg, management. MD, October 1989. Key Words: general, methods, policy, techniques. GIL-84 Key Words: risk, Gilhooley, I.A. management, methods, GRE-89 "Auditing System guidelines. Green, J.L., and P. L. Sisson Development Methodology," 'The 'Father Christmas

EDPACS , July 1984, pp. 1-8. GIN-89 Worm'," Proc. 12th Natl. Ginn, R. Comp. Sec. Conf. (5: NCS- Key Words: auditing, Continuity Planning: 89), 1989, pp. 359-368. methods. Preventing, Surviving and

Recovering from Disaster , Key Words: virus, techniques. GIL-84a Elsevier Advanced Gillin, P. Technology New York, NY, GRI-85 'Tightening Controls on 1989. Grimson, J.B., MicroBased Software," H.J. Kugler (Eds.) Computerworld, December 5, Key Words: book, Computer Security: The 1984, pp. 41-44. contingency, recovery, Practical Issues in a Troubled

management. World . Proc. IFIP/Sec '85, Key Words: control, PC, Dublin, Ireland, 12-15 August, software. GLE-89 1985, North-Holland Elsevier Gleissner, W. Publishing Company, GIL-85 "A Mathematical Theory for Amsterdam/New York, 1985 Gilhooley, I.A. the Spread of Computer "The Impact of Current EDP Viruses," Computers & Key Words: proceedings,

Development on Separation Security , February 1989, pp. general, international. of Duties," CQM-SAC. 35-41. Computer Security, Auditing GRI-89

& Controls , No. 2, 1985, pp. Key Words: virus, theory. Grissonnanche,A. (Ed.) A7-A14. Security Protection in

GOT-81 Information Systems , Key Words: management, Gottlieb, M. Proceedings IFIP/Sec '86, methods. "Audit Concerns About Monte Carlo, December 1986,

Minicomputers," EDPACS , North HoUand/Elsevier, GIL^86 Oct. 1981, pp. 12-15. Amsterdam, 1989. Gilhooley, I.A. "Productivity and Control in Key Words: auditing, Key Words: proceedings, System Development," methods. general, international.

EDPACS , July 1986, pp. 1-6. GRE-81 GUA-87 Key Words: control, Greguras, P.M. Guarro, S.B. management. "DP Contingency Planning: "Principles and Procedures of The Legal Considerations," the LRAM Approach to

GIL-86a Assets Protection , May/June Information Systems Risk Gilhooley, I.A. 1981, pp. 26-29. Analysis and Management,"

"Controlling End-User Computers & Security ,

Computing," EDPACS , Key Words: contingency, December 1987, pp. 493-504. October 1986, pp. 1-9. laws. Key Words: risk, methods. Key Words: control, management.

2-10 GUA-88 Key Words: auditing, HAR-80a Guano, S.B. methods. Hardenburg, K.L. "Analytical and Decision "Auditing the MVS Operating

Models of the Livermore HAL-88 Systems," EDPACS . June Risk Analysis Methodology," Habne, L.R., and B.L. Kahn 1980, pp. 1-10. Proc. Comp. Sec. Risk "Building a Security Monitor Manag. Model Builders with Adaptive User Work Key Words: auditing,

Workshop . 1988 (2: NBS- Profiles." Proc. 11th Natl. techniques. 88), pp. 49-71. Comp. Sec. Conf. (5: NCS- 88), 1988, pp. 374-383. HEA-83 Key Words: risk, methods. Healy, R.J

Key Words: auditing, Design for Security, 2nd Ed. , GUI-89 techniques. John Wiley & Sons, New Guinier, D. York. 1983. "Biological Versus Computer HAM-82 Viruses," ACM Sec., Audit Hammer, C. Key Words: book, physical,

& Control Rev. , Summer "Managing Computer methods, techniques. 1989. pp. 1-15. Security." Computer Security

Journal . Winter 1982, pp. 17- HEA-86 Key Words: virus, general. 21. Heaton, Y. "The Human Risks - An GUS-88 Key Words: management, Auditor's Point of View," The Gustoff, M.E. methods. Computer Law and Security "Personal Computer Report, Sept.-Oct. 1986, pp.

Security," Information Age , HAN-83 21-23. (U.K.), October 1988, pp. Hansen, J.V. and 195-202. W.F. Messier Key Words: risk, persormel. "Scheduling the Monitoring of Key Words: PC, techniques. EDP Controls in Online HEA-87 Systems," Intematl. Journal of Hearden, K. HAE-84 Computer and Information A Handbook of Computer

Haeckel, D.A., and Sciences, February 1983, pp. Security , Kogan Page. London, B.B. Johnson 35-46. 1987. "Complete the Cycle of Information Security Key Words: control, methods. Key Words: book, general, Planning," Security methods, guidelines, management. Management. May 1984, pp. HAN-83a 54-59. Hansen, J.V. "Audit Considerations in HEB-80 Key Words: management, Distributed Processing Hebbard. B., et al. methods. Systems," Communications of "A Penetration Analysis of the Michigan Terminal System," the ACM , August 1983, pp. HAH-88 562-569. ACM Operating Systems January 7- Hahn, M. Review , 1980, pp. "Auditing Changes to MVS," Key Words: auditing, 20. '88 Proc. IFIP/Sec. , Australia, methods. 1989, (2: CAE-89), pp. 407- Key Words: vulneabilities, 424. HAR-80 threats. Hardenburg, K.L. Key Words: auditing, "Controlling Systems HEN-85 methods. Programming Activities," Henrion, M., and M. G. Morgan, EDPACS , January 1980, pp. HAL-86 1-24. "A Computer Aid for Risk and Halme, L.R., and Other Policy Analysis," Risk Analysis J. Van Home Key Words: control, , September 1985. pp. "Automated Analysis of management. 195-208. Computer System Audit Trails for Security Purposes," Key Words: risk, management, Proc. 9th Natl. Comp. Sec. policy, methods. Conf. (5: NCS-86), 1986, pp. 71-74.

2-11 HER-84 HIG-85 HIG-88C Herschberg, I.S. and R. Paans Highland, H.J. Highland, H.J. "The Programmer's Threat: "Microcomputer Security: "The Brain Virus: Fact and Cases and Causes," Data Protection Techniques," Fantasy," Computers &

Computers Security , Computers Security , June & & Security , August 1988, pp. November 1984, pp. 263-272. 1985, pp. 123-134. 367-370.

Key Words: threats, Key Words: PC, techniques. Key Words: virus, techniques. persoimel, management. HIG-87 HIG-89 HIG-83 Highland, H.J. Highland, H.J. Highland, H.J. "Data Physician - A Virus "The Mibiet/Arpanet Attack,"

"Impact of Microcomputers Protection Program," Computers & Security .

on Total Computer Security," Computers & Security , February 1989, pp. 3-10. '83 Proc. IFIP/Sec. , February 1987, pp. 73-79. Stockholm, 1983, (2: FAK- Key Words: virus, techniques. 83), pp. 119-129. Key Words: virus, techniques. HIG-89a Key Words: PC, techniques, HIG-87a Highland, H.J. management. Highland, H.J. "A Macro Virus" Computers &

"How to Evaluate Security , May 1989, pp. 178- HIG-83a Microcomputer 182. Highland, H.J. Software and Hardware,"

"Impact of Microcomputers Computers & Security , June Key Words: virus, techniques. on Total Computer Security," 1987, pp. 229-244.

Computers & Security , June HIG-89b 1983, pp. 171-183. Key Words: PC, cryptography. Highland, H.J. "The Marijuana Virus Key Words: PC, techniques, HIG-88 Revisited," Computers &

management. Highland, H.J. Security , August 1989, pp. "Computer Viruses: A Post 369-373. HIG-83b Mortem," Computers & 17- Highland, H.J. Security , April 1988, pp. 1 Key Words: virus, techniques. "Operational Security for 122. Microcomputers," HIG-89C Proceedings, 1983 Key Words: virus, techniques. Highland, H.J.

CQMPCON Fall , IEEE 'The ItaUan or Ping-Pong

Computer Society, 1983. HIG-88a Virus," Computers & Security , Highland, H.J. April 1989, pp. 91-94. Key Words: PC, techniques. 'The Anatomy of a Virus Attack," Computers & Key Words: virus, techniques.

HIG-84 Security , April 1988, pp. 145- Highland, H.J. 150. HIG-89d "Data Protection in a Highland, H.J. Microcomputer Environment," Key Words: virus, techniques. "Anatomy of Three Computer '84 Proc. IFIP/Sec. . Toronto, Virus Attacks," Computers &

1984, (2: FIN-85), pp. 517- HIG-88b Security , October 1989, pp. 531. Highland, H.J. 461-466. "An Overview of 18 Virus Key Words: PC, techniques. Protection Programs," Key Words: virus, techniques.

Computers & Security , April HIG-84a 1988, pp. 157-163. HIG-89e Highland, H.J. Highland, H.J. Protecting Your Key Words: virus, techniques. "Secure File Storage and

Microcomputer System , J. Transfer," Computers &

Wiley & Sons, New York, Security , October 1989, pp. 1984. 466-474.

Key Words: book, PC, Key Words: database, techniques. techniques.

2-12 fflG-89f HIR-89 HOF-86a Highland, H.J. Hirst, J. Hoffman, L.J. "Secret Disk 11 — "Rotten to the Core: Bombs, "Risk Analysis and Computer Administrator," Computers & Trojans. Worms, and Viruses," Security: Bridging the Cultural

Seciirity , November 1989, pp. New Scientist, March 4, 1989, Gap," Proc. 9th Natl. Comp. 563-568. pp. 40-41. Sec. Conf. (5: NCS-86). 1986, pp. 156-161. Key Words: virus, Key Words: virus, threats. techniques. Key Words: risk, management. HOA-82 HIG-89g Hoar, T. HOF-88 Highland, H.J.. (Ed.) "Controls and Risk in Data Hoffman, L.J. The Computer Virus Processing," The Bankers "A Prototype Implementation

, Elsevier Handbook Advanced Magazine , May/June 1982, pp. of a General Risk Model," Technology, New York, NY, 49-52. Proc. Comp. Sec. Risk Manag.

1989. Model Builders Workshop . Key Words: risk, 1988 (2: NBS-88), pp. 135- Key Words: book, virus, management. 144. methods, techniques, guidelines. HOE-86 Key Words: risk, techniques. Hoebeke. L. HIG-89h "Computer Security — HOF-89 Highland. HJ. Prevention: Lessons from the Hoffman, L.J. "Datacrime Virus and New Operation of a Nuclear Power "Smoking Out the Bad Actors:

Anti -Virus Products," Plant," Computers & Security . Risk Analysis in the Age of

Computers & Security . June 1986, pp. 122-127. Microcomputer," Computers &

December 1989. pp. 659-661. Security , June 1989, pp. 299- Key Words: methods, 302. Key Words: virus, management. techniques. Key Words: risk, PC, HOF-81 management, techniques, HIG-89i Hoffman, L.J., and methods. Highland, H.J. L.A. Neitzel "VCHECKER - A Virus "Inexact Analysis of Risk," HRU-88

Search Program," Computers Computer Security Journal . Hniska, J., and K. Jackson

& Security . December 1989, Spring 1981. pp. 61-72. The PC Security Guide 88/89 . pp. 669-674. Elsevier Advanced Technology, Key Words: risk, techniques. New York, NY. 1988. Key Words: virus, techniques. HOF-85 Key Words: PC, guidelines. Hoffman, L.J., and HI 1^83 A.F. Westin HUT-88 Hildebrand. J. "A Survey: Office Automation Hutt. A.E.. et al., (Eds.),

"Records Retention: Security and Private Computer Security Handbook . Management's Involvement is Practices." Computer Security McMillan Pubhshing Co.. New

Critical," Data Management, Journal . Winter 1985. pp. 69- York, 1988. July 1983, pp. 18-1-. 76. Key Words: book, general, Key Words: contingency, Key Words: methods, methods, techniques, recovery. management. guidelines.

HIL-84 HOF-86 IBM-84 Hiller, E. Hoffman, L.J. Good Security Practices for

"Up from Disaster," Computer Security Risk Dial-Up Systems , G320-0690- Computerworld, March 26. Analysis: Problems and 0, IBM Corporation, White

1984. pp. ID/9-16. Issues , GWU-nST-86-04. The Plains, NY, March 1984. George Washington Key Words: contingency, University. Washington, DC, Key Words: techniques, recovery. March 1986. methods.

Key Words: risk, management.

2-13 IBM-84a ISA-83 JAE-84 Good Security Practices for Isaacson, G.I. Jaehne, E.M.

Personal Computers , G320- "A Guide to Commercial "Security and Productivity," '84 9280-0, IBM Corporation, BackupServices," Computer Proc. IFIP/Sec. . Toronto,

White Plains, NY, March Security Journal . Spring 1983, 1984. (2: FlN-85). pp. 107- 1984. pp. 51-69. 111.

Key Words: PC, techniques. Key Words: contingency, Key Words: management, recovery. methods. IBM-85

Information Systems Security : JAC-81 JAN-81 Executive Checklist, GX20- Jacobson, R.V. Jancura, E.G.. and R. Boos 2430, IBM Corporation, "Analyzing the Limits of Establishing Controls and White Plains, NY, 1985. Risk," Government Data Auditing the Computerized

Systems , Nov. -Dec, 1981. pp. Accounting System . Van Key Words: guidelines, 28-29. Nostrand, New York, 1981. methods. Key Words: risk, Key Words: book, auditing, IBM-86 management. methods, management. Control Planning for Catastrophic Events in Data JAC-81 a JAR-83

Processing Centers , G320- Jacobson, R.V. Jarvis, M. 6729, IBM Corporation, "Optimizing Disaster Recovery "Designing Security into the White Plains, NY, 1986. Planning," Proceedings, Computer Environment,"

Honeywell Computer Security Assets Protection . March/April

Key Words: contingency, and Privacy Symposium , April 1983, pp. 9-12. recovery, management. 1981. pp. 95-100. Key Words: management, IEE-87 Key Words: contingency, methods. Proceedings. COMPASS '87: recovery.

Computer Assurance , JOH-80 Washington. DC, June 1987, JAC-86 Johnson, K.P. and IEEE Publishing Service. Jackson. C.B. R.H. Jaenicke New York, 1987. "Making Time for DP Risk Evaluating Internal Control:

Analysis." Security World . Concepts, Guidelines,

Key Words: proceedings, March 1986. pp. 68-70. E)ocumentation . J. Wiley & general. Sons. New York, 1980. Key Words: risk, IEE-88 management. Key Words: book, control, Proceedings. COMPASS '88: methods.

Computer Assurance . JAC-86a Gaithersburg, MD, June Jackson, C.B. JOH-83a 1988, IEEE PubUshing "Dau Processing Risk Johnson. T.W. Service. New York, 1988. Analysis: Beneficial or "Auditing DOSA'SE System

Unnecessary?" ISSA Software." EDPACS , January

Key Words: proceedings, Newsletter , July/August/ 1983, pp. 1-14. general. September 1986, pp. 6-8. Key Words: IEE-89 Key Words: risk, Proceedings. COMPASS '89: management. JOH-88 4th Annual Conference on Johnson, H.L., and J.D. Layne Computer Assurance. JAC-88 "Modeling Security Risk in Gaithersburg, MD. June Jacobson, R.V. Networks," Proc. 11th Natl.

1989, IEEE Publishing "IST/RAMP and CRITI- Comp. Sec. Conf . (5: NCS- Service. New York, 1989. CALC: Risk Managemnt 88), 1988, pp. 59-64. Tools," Proc. Comp. Sec. Risk Key Words: proceedings, Manag. Model Builders Key Words:

general. Workshop , 1988 (2: NBS-88), pp. 73-87.

Key Words: risk, techniques, methods.

2-14 JOH-88a KAR-88 KOC-84 Johnson, H.L. Karrent, D.T. Koch. H.S. "Security Protection Based on 'Typical System Access "Auditing On-Line Syitems: Mission Criticality," Proc. 4th Control Problems and An Evaluation of Paraileil v>. Aerospace Comp. Sec. Conf. Solutions," Information Aec Continuous and Intermittent (4: IEE-88b). 1988. pp. 228- (U.K.), January 1989, pp. Simulation,'' Compulert A 232. 41045. Security. February 1984. pp. 9- 20, Key Words: risk, Key Words: guidelines, requirements. methods. Key Words: auditing, methnds.

JOS-88 KEA-86 KRA-80 Josej^ M.K., and Kearby, D.B. Krauss. L.I. AA. Avizienis "Personnel Policies Procedures SAFE: Security Audit and "A Fault-TolCTance Approach and Practices: Key to Field Evaluation for Comnrpater to Computer Viruses," Proc. Computer Security," Computer Facilities and Information

1988 IEEE Svmp. on Sec. & Security Journal . Vol. 4, No. Systems. Amacom, New York,

Privacy . (5: IEE-88a). pp. 52- 1. pp. 63-68, 1986. 1980. 58. Key Words: policy, personnel, Key Words: book, auditing, Key Words: virus, management, methods. methods. techniques. KEE-88 KUH-86 JUD-87 Keenan, T. Kuhn. J. Judd, T.C., and "Emerging Vulnerabilities in "Research Toward Intrusion H.W. Ward, Jr. Office Automation Security," Detection Through Automated '83 "Return to Normalcy: Issues Proc. IFIP/Sec. , Abstraction of Audit Data,' in Contingency Planning." Stockholm, 1983, (2: FAK- Proc. 9th Natl. Comp. Sec.

Proc. 10th Natl. Comp. Sec. 83), pp. 139-145. Conf. (5: NCS-86A 1986. pp. Conf.. (5: NCS-87a). 1987, 204-208 pp. 379-383. Key Words: vulnerabilities. Key Words: auditing, methods. Key Words: contingency, KIN-86 recovery, management. Kinnon, A., and R.H. Davis KUO-82 "Audit and Security Kuong, J.F. JUI-89 Implications of Electronic Audit and Control of Juitt, D. Fimds Transfer," Computers & Computerized Systems, "Security Assurance Through Security, March 1986, pp. 17- Management Advisory System Management," Proc. 23. Publications, Wellesley Hills,

12th Natl. Comp. Sec. Conf. , MA, 1983. (5: NCS089), 1989. pp. 418- Key Words: auditing, 422. requirements. Key Words: book, auditing, control Key Words: methods, KNE-83 management. Kneeer, D.C., and J.C. Lampe KUO-83 "Distributed Data Processing: Kuong, J.F. KAR-85 Internal Control Issues and Controls for Advanced/On-

Karabin. S.J. Safeguards," EDPACS . June Line/Database Systems, "Data Classification for 1983. pp. 1-14. Management Advisory Security and Control." Publications, Wellesley Hills,

EDPACS . December 1985. Key Words: control, methods. MA, 1983. pp. 1-20. KOB-89 Key Words: book, concrol, Key Words: guidelines, Kobus. P. Jr., and G.H. Rovin general. management. "C-Guard Computer Security Systems." Information Age, (U.K.), January 1989, pp. 41- 45.

Key Words: policy, techniques.

2-15 KUO-85 KUO-86b LAN-85

Kuong, J.F. Kuong, J.F. Lane, V., and J. Step "What to Look for When "What Are EDP Audit Test "The Formidable - If Not Auditing Your Company's Objectives, and How to Insurmountable - EDP Contingency and Develop Them," COM-AND, Organizational Problems in Recovery Plan for Business Computer Audit News & Disaster Recovery Planning," '84 Continuity," COM-AND. Developments , July -August, Proc. IFIP/Sec. , Toronto. Computer Audit News & 1986. 1984, (2: FIN-85), pp. 361-

Developments , September- 369. October, 1985. Key Words: auditing, policy, methods, management. Key Words: contingency, Key Words: auditing, recovery, management. guidelines, contingency, KUO-86C recovery. Kuong, J.F. LAP-86 "Pinpointing Areas of High Lapid, Y., N. Ahituv, KUO-85a Exposure for Effective and S. Neumann Kuong, J.F. Safeguards," COM-SAC, "Approaches to Handling "Evolution of Information Computer Security, Auditing Trojan Horse' Threats,"

Processing Technology, and & Controls, Volume 13, No. Computers & Security . Deficiencies in the Present 1, 1986, pp. A1-A4. September 1986. pp. 251-256. Internal Control Methodologies," COM-AND, Key Words: risk, Key Words: threats, Computer Audit News & vulnerabihties, methods, techniques.

Developments , November- management. December, 1985. LEC-83 KUO-88 Lechter, M.A. Key Words: control, methods. Kuong, J.F. "Protecting Software and "Computer Viruses: Should Firmware Development," IEEE

KUO-86 the Audit and Security Computer , September 1983, Kuong, J.F. Professional Be Concerned?," pp. 73-82. "Reducing Your Audit Risk COM-AND, Computer Audit

Level and Improving Audit News and Developments , No. Key Words: methods, Option Reliability when 3, 1988, pp. 1-4. management. Auditing Computer Based Systems," COM-AND, Key Words: virus, auditing, LEE-88 Computer Audit News & threats. Lee, W.

Developments , January- "Automation of Internal February, 1986. KUO-89 Control Evaluation," Proc. '88 Kuong, J.F. IFIP/Sec. , AustraUa, 1989, Key Words: auditing, risk, 'Test Approaches and (2: CAE-89), pp. 391-406. methods. Techniques for Testing EDP Disaster Recovery Provisions," Key Words: control, KUO-86a COM-AND. Computer Audit management.

Kuong, J.F. News and Developments , No. 'Towards a Unified View to 2, 1989, pp. 1-7. Lrr-81 the Building and Assessing Litecky, C.R., and of Internal Control in Key Words: contingency, L.E. Rittenberg Computerized Systems," recovery, management. "The External Auditor's COM-AND, Computer Audit Review of Computer

News & Developments , KUR-86 Controls," Communications of

March-April, 1986. Kurzban, S.A. the ACM . May 1981, pp. 289- "Computer System Defenses" 295. Key Words: control, policy. ACM Security, Audit &

Control Rev. , Winter 1986, Key Words: auditing, controls. pp. 1-27.

Key Words: methods, techniques.

2-16 LOB-80 MAR-84 MEN-85a Lobel J. Mar, S. Menkus, B. "Risk Analysis in the 1980s," "EDP Security & EDP Audit "The Impacts of the Bell Proceedings, 1980 National Team Work," COM-SAC. System Breakup on DP Computer Conference, AFIPS Computer Security, Auditing Disaster Recovery Planning,"

Press, Reston, VA, 1980, pp. and Control , January 1984, Computers & Security , 831-836. pp. A1-A4. September 1985. pp. 219-222.

Key Words: risk, Key Words: auditing, Key Words: contingency, management. methods. recovery, management.

LOB-89 MAU-84 MEY-83 Lobel J. Maude, T., and D. Maude Meyer, M.M. "Managing Information "Hardware Protection Against "Checking References: It's Security in the Space Age," Software Piracy," Worth the Investment,"

Information Age (U.K.), Communications of the ACM , Security Management, March September 1989, pp. 195-198. September 1984, pp. 950-959. 1983, pp. 10-I-.

Key Words: management, Key Words: software piracy. Key Words: persormel, policy. methods, management. MAY-87 LOT-80 Mayerfield. H.N., et al. MIC-83 Lott, R.W. "M2 RX: Model Based Risk "Microcomputers: A Checklist Auditing the Data Processing Assessment Expert." AIAA of Security and Recovery

Functions , Amacom, New No. 87-3080, Proc. 3d Considerations," Assets

York, 1980. Aerosp. Comp. Sec. Conf. (5: Protection , May/June 1983, pp. IEE-87b), 1987, pp. 87-92. 15-16. Key Words: auditing, methods. Key Words: risk, Key Words: guidelines, PC, management. LUN-89 MIG-87 Lunt, T.F. MCA-89 Migues, S. "Real Time Intrusion McAfee, J.D. "A Guide to Effective Risk Detection," Proceedings, "Managing the Virus Threat," Management," AIAA No. 87-

IEEE Compcon Spring , 1989, Computerworld, February 13, 3078, Proc. 3d Aerospace

pp. 348-353. 1989. pp. 89-96. Comp. Sec. Conf. (5: lEE- 87b), 1987. pp. 66-86. Key Words: methods, Key Words: virus, threats, techniques. management. Key Words: risk, guidelines.

MAL-83 MCC-85 MIL-85 Malvik, C. McCormack, W.G.. m Miller. J.E. "Security and the Home "The Audit of EDP Backup." 'Transaction Controls: Steps to

Computer," Information Age EDPACS . November 1985, Take After the Equipment Has (UK), April 1983, pp. 87-90. pp. 1-5. Been Secured," Computers &

Security , June 1985, pp. 139- Key Words: requirements, Key Words: auditing, 141. PC. contingency. Key Words: control, MAR-83 MEN-85 guidelines. Mar, S. Menkus, B. "Long Range Plaiming for 'The EDP Auditor's Role in MOE-88 EDP Audits," COM-SAC: Computer Security," MoeUer, R.

Computer Security, Auditing, Computers & Security . June "Considering Security when Applications and Control , January 1983, 1985. pp. 135-138. Auditing Under pp. A1-A8. Development," Proc. IFIP/Sec. Key Words: auditing, :88, Australia, 1989, (2: CAE- Key Words: auditing, methods. 89), pp. 245-262. management. Key Words: auditing, methods.

2-17 MOL-84 MUR-81 NAN-86 Molnar, L. Murray, J.P. Nancekivell, B.D. "Disaster Recovery Testing," "Protecting Corporate Data "Auditing IBM System/38

. with EDPACS November 1984, Off-Site Vault Storage," Security," EDPACS , January pp. 1-6. Computerworld. March 16, 1986, pp. 1-10. 1981, pp. ID/l-ID/24. Key Words: contingency, Key Words: auditing, methods. recovery. Key Words: contingency, recovery. NBS-81 MOR-81 Guidelines for ADP

Morrison, R.M. MUR-82 Contingency Planning . FIPS "Advanced Audit Concepts Murray, J.P. PUB 87, National Bureau of for A Distributed System," "Contingency Planning," Standards. Gaithersburg. MD, Proceedings. Honeywell Computerworld. May 10, 27 March 1981. Security and Privacy 1982, pp. ID/36-ID/44. Symposium, April 1981, pp. Key Words: contingency, 119-127. Key Words: contingency, recovery, guidelines. recovery. Key Words: auditing, NBS-83 methods. MUR-83 Guidelines for Life Cycle Murray, W.H. Validation, Verification and

MOU-84 "Good Computer of Computer Software , Moulton, R.T. Practices for Two Areas of FIPS PUB 101, National "Data Security Is A Current Concern: Personal Bureau of Standards, Management Responsibility," Computers and Dial-Up Gaithersburg, MD, 1983.

Computers & Security , Systems," Computer Security

February 1984, pp. 3-8. Journal , Fall/Winter 1983, pp. Key Words: guidelines, 77-88. software. Key Words: management, policy. Key Words: techniques, NBS-83a methods, PC. Guidelines for Computer MOU-84a Security Certification and

Moulton, R.T. MUR-83a Accreditation . FIPS PUB 102, "A Practical Approach to Murray. W.H. National Bureau of Standards, System Security Devices," "Computer Security: Gaithersburg, MD, September

Computers & Security , May Observations on the State of 27, 1983. 1984, pp. 93-100. the Technology." Computers

& Security , January 1983, pp. Key Words: guidelines, Key Words: techniques, 16-23. methods, certification. methods. Key Words: techniques, NBS-88 MOU-86 methods. Proceedings, 1988 Computer Moulton, R.T. Security Risk Management

Computer Security Handbook: MUR-84 Model Builders Workshop , Strategies and Techniques for Murray, J.P. National Bureau of Standards Preventing Data Loss or "Surviving (and Profiting et al., Denver, CO, May 24- Theft, Prentice-Hall, Inc. from) the Audit: Manager's 26, 1988

Englewood Cliffs, NJ, 1985 View," Computerworld, September 24. 1984, pp. Key Words: proceedings, risk. Key Words: book, guidelines, ID/13-23. techniques, methods. NES-85 Key Words: auditing, Nesbit, I.S. MUR-80 management. "On Thin Ice: Micros and

Murray, W.H. Data Integrity." Datamation .

"Good Security Practices," MUR-84a November 1, 1985. pp. 80-84.

EDPACS . October 1980, pp. Murray, W.H. 1-6. "Security Considerations for Key Words: integrity, PC. Personal Computers," IBM

Key Words: methods, Systems Journal . Vol. 23. No. techniques. 3, 1983. pp. 297-304.

Key Words: requirements. PC.

2-18 NEU-82 PAS-86 PER-81 Neugent, W. Passori, A. Perley. E.H. "Acceptance Criteria for "Contingency Planning "Optimizing the EDP Security

Computer Security," Options Protect Corporate Function," EDPACS , April Proceedings, 1982 National Data Assets," Computerworld. 1981, pp. 1-11. Computer Conference. AFIPS January 27. 1986. pp. 73-74. Press, Reston, VA, 1982, pp. Key Words: management, 441-448. Key Words: contingency, policy. recovery, management, Key Words: guidelines, methods. PER-81 a methods. Perry, W.E. PED-86 Computer Control and

NOL-85 Pedigo, J. Security , J. Wiley & Sons, Nolan, M. "Disaster Recovery: Making New York, 1981. "Disaster Recovery for Plans That Could Save Your Online Systems," Proc. Company." Computerworld, Key Words: book, control, '84 IFIP/Sec. , Toronto. 1984, May 12. 1986. pp. 49-60. methods. (2: FIN-85), pp. 163-174. Key Words: contingency, PER-82 Key Words: contingency, recovery, management. Perry, W.E. revovery. "Developing Computer PER-80 Security and Control Strategy,"

ORL-88 Perry, W.E. Computers & Security . January Orlandi, E. Controls in Data Base 1982, pp. 17 26. "Computer Security: Environment, Q.E.D. Operational or Investment Information Systems. Key Words: control, '88 Cost," Proc. IFIP/Sec. . WeUesley Hills. MA. 1980. management. Australia, 1989. (2: CAE-89). pp. 381-390. Key Words: book, control, PER-82a database. Perry, W.E. and J.F. Kuong Key Words: management, EDP Risk Analysis and methods. PER-80a Controls, Management Perry, W.E. Advisory Publications, OTW-89 How to Test Internal Control WeUesley Hills, MA. 1982. Otwell. K.. and B. Aldridge and Integrity in Computerized risk, "The Role of Vulnerability in Systems , Management Key Words: book, Risk Management," Proc. 5th Advisory Publications, controls.

Security Applicat. Conf. , (4: Wellesley Hills. MA. 1980. IEE-89c). 1989. pp. 32-38. PER-82b Key Words: book, control, Perry, W.E.. and J.F. Kuong Key Words: vulnerabilities, integrity. Effective Computer Audit

risk. Practices - ECAP MAnual . PER-80b Management Advisory PAR-81 Perry. W.E. Publications, Wellesley Hills, 1982. Parker, DB. Selecting ADP Audit Areas . MA. Computer Security EDP Auditors Foundation. Words: book, auditing, Management, Reston Altamonte Springs. FL. 1980. Key Publishing Co., Reston, VA, methods. 1981. Key Words: auditing, guidelines. Key Words: book, risk, management. PER-80C Management Guide to

PAR-84 Computer Security , J. Wiley Parker. DB. & Sons, New York. 1980. "Safeguard Selection Principles." Computers & Key Words: book, guidelines,

Security . May 1984, pp. 81- methods. 92.

Key Words: guidelines, methods.

2-19 PER-82C PRA-85 QUA-89 Perry, W.E., and J.F. Kuong Prause. P.N.. and Quant. H. Generalized Computer Audit G.I. Isaacson "Virus vs. Vaccine."

Software: Selection and "Protecting Personal Information Age . April 1989, Application. Management Computers: A Checklist pp. 138-143. Advisory Publications, Approach." Computer Security

Wellesley Hills. MA, 1982. Journal , Winter 1985, pp. 13- Key Words: virus, techniques. 24. Key Words: book, auditing, RAO-89 software, guidelines, methods. Key Words: guidelines, PC. Rao. K.N. "Security Audit for Embedded PER-82d PRE-89 Avionics Systems." Proc. 5th

Perry, W.E. and J.F. Kuong Preston, CM. Security Applicat. Conf. . (4: How to Test Internal Control "Artificial inteUigence Applied IEE-89c), 1989, pp. 78-84. and Integrity in Computerized to Information System

Systems , Management Security." Information Age Key Words: auditing, methods. Advisory Publications, (U.K.). September 1989. pp. Wellesley Hills. MA, 1982. 217-221. RAT-84

Rattner. J. Key Words: book, control, Key Words: methods, "Security Controls in a guidelines. techniques. Manufacturing AppUcations

System." TeleSystems Journal . PER-83 PRI-80 March/April 1984, pp. 33-37. Perry, W.E. Prichard, J.

Ensuring Data Base Integrity , "Computer Security and Key Words: controls, methods. J. Wiley & Sons, New York, Unionization," Information 1983. Privacy (UK), March 1980. RCM-82 pp. 69-74. EDP Threat Assessment

Key Words: book, integrity, Concepts and Planning Guide , methods. Key Words: f)ersormel, SIP No.2, Royal Canadian management. Mounted Police. Ottawa, PHE-86 January 1982. Phelps, N.L. PRI-84 'Top Management's Role in Prigge, E. Key Words: book, guidelines, Disaster Recovery," Data "Security and Integrity Issues threats, risk. Processing & in End-User Computing,"

Communications Security , Computer Security, Auditing RIC-86

Summer 1986, pp. 16-19. & Controls , October 1984, pp. Richards, R.M., and A7-I-. J. Yestingsmeier Key Words: contingency, "Risk Management - A Key recovery, policy, Key Words: awareness, to Security in Electronic Funds management. requirements, integrity. Transfer Systems," Computers

& Security , June 1986, pp. PIC-84 PRU-86 135-140. Pickard, W.V. Pryijm, R.A.M. "EDP Benefits Control -- A "The Audit of Software Key Words: risk, management,

Management Function," Maintenance," EDPACS , methods. 1-5. EDPACS , February 1984. pp. August 1986, pp. 1-5. RID-86 Key Words: auditing, Riddle. C, and J. Austin Key Words: control, software. "Updating Security, Auditing management, policy. and Quality Assurance — The PWA-84 Dedicated On-Line Computer POR-81 Managing Computer Risks: A Security Monitor." COM-SAC. Porter, W.T., and W.E. Perry Guide for the Policymaker, Computer Security, Auditing &

EDP Controls and Auditing, Price Waterhouse, Inc., 1984. Controls , Volume 13, No. 1,

3d Ed. , Kent Publishing, 1986, pp. A5-A6. Boston, MA, 1981. Key Words: book, risk, threats, magagement, Key Words: auditing, methods. Key Words: book, auditing, guidelines. methods, control, techiuques.

2-20 ROB-83 RUT-84 SCH-80 Roberts, M.B. Ruthberg. Z.G., and Schweitzer. J.A. EDP Controls: A Guide for W. Neugent "Policy Structure Gives the EDP Auditors and Overview of Computer Basis for An Effective Security

Accountants , J. Wiley & Security Certification and Program," Security

Sons, New York. 1983. Accreditation . SP 500-109, Management , December 1980, National Bureau of Standards, pp. 18-25. Key Words: book, auditing. Gaithersburg, MD, April 1984. Key Words: policy, ROD-81 management. Rodgers, G.L. Key Words: certification, "Auditor's Watchdog Role in methods. SCH-80a Computer Fraud," Schweitzer, J.A.

Commercial Law Journal . RUT-86 "Personal Computing and Data May 1981. pp. 172-178. Ruthberg, Z.. and Security." Security World, June B. Fisher (Eds.) 1980. pp. 30-35. Key Words: auditing, crime. Work Priority Scheme for EDP Audit and Computer Key Words: guidelines, PC. RUB-85 Security NBSIR 86-3386, Rubin, H. National Bureau of Standards, SCH-81 "Patient Auditing with Potent Gaithersburg, MD, March Schweitzer, J.A. Results," Security Audit & 1986. "Computing Security Risk Control Review, Winter Analysis ~ Is It Worth It?." 1985, pp. 4-9. Key Words: Security Management, August 1981. pp. 104-106. Key Words: auditing, SAA-89 methods. Saari, J., and D.B. Parker Key Words: risk, management. "New Baseline Methodology RUL-80 Applied to Reviewing Security SCH-82 RuUo, T.A. (Ed.) Experiences from USA and Schweitzer, J.A. Advances in Computer Finland," Information Age Managing Information Security

Security Management, Vol. 1 , (U.K.), September 1989. pp. - A Program for the

Heyden & Son. Philadelphia, 195-198. Electronic Information Age . 1980. Butterworth. Wobum, MA, Key Words: awareness, 1982. Key Words: book, methods, international. management. Key Words: book, policy, SAR-81 management, methods. RUT-80 Sardinas, J.L., Jr., et al.

Ruthberg, Z.G. (Ed.) EDP Auditing Primer. J. SCH-82a Audit and Evaluation of Wiley & Sons. New York, Schmitt, W.R. Computer Security 11: System 1981. "Data Security Program Vulnerabilities and Controls Development: An Overview,"

Workshop Report. SP 500-57, Key Words: book, auditing. Computer Security Journal , National Bureau of Standards, Winter 1982, pp. 23-29. Gaithersburg, MD, April SAR-82 1980. Sardinas, J.L., and Key Words: policy, R.J. Asebrook management. Key Words: proceedings, "Bridging the Gap Between auditing. DP Professionals and SCH-83 Auditors," Computer Security Schweitzer, J.A.

Journal , Winter 1982. pp. 91- Protecting Information in the 97. Electronic Workplace: A Guide

to the Managers , Reston Key Words: auditing, Publish.. Reston, VA, 1983. persoimel. Key Words: book, guidelines, methods, management.

2-21 SCH-83a SKU-84 SOC-83 Schmidt, P. Skundra, V.J., and Socha, W.J. "Evaluating Backup F.J. Lackner "The Auditor's Own

Services," Data Mangement, "The Implementation of Microcomputer," EDPACS, July 1983, pp. 30+. Concurrent Audit Techniques December 1983, pp. 5-15. in Advanced EDP Systems," 1- Key Words: contingency, EDPACS , April 1984, pp. Key Words: auditing, methods, recovery. 10. PC.

SCH-84 Key Words: auditing, SRI-81 Schweitzer, JA. techniques. Srinivasan, C.A., and "Personal Workstation P.E. Dascher Automation Security SMI-80 "Computer Security and Vulnerabilities," Computers & Smith, J.E. Integrity: Problems and

Security , February 1984, pp. "Risk Management for Small Prospects," Infosystems , May 21-28. Computer Installations," in 1981, pp. 116-123. RuUo, T.A. (Ed.), Advances Key Words: vulnerabilities, in Computer Security Key Words: awareness,

PC. Management, Vol. 1 , Heyden, integrity, requirements, Philadelphia, 1980, pp. 3-32. methods. SHA-82 Shaw, J.K., and S.W. Katzke Key Words: risk, STC-83 Executive Guide to ADP management, methods. St.Clair, L.

Contingency Planning , SP "Security for Small Computer

500-85, National Bureau of SNO-84 Systems," EDPACS , November Standards, Gaithersburg, MD, Snow, M. 1983. pp. 1-10. January 1982. 'The First-Time EDP Audit,"

EDPACS , February 1984, pp. Key Words: awareness, Key Words: contingency, 6-8. methods, PC. guidelines, recovery, management. Key Words: auditing, STE-84 guidelines. Steinauer, D.D. SIL-83 "Security of Personal Silverman, M.E. SNO-87 Computers: A Growing "Contingency Planning: The Snow, D., and R.J. Aguilar Concern," Computer Security

Backup Site Decision," "A Mission Driven Process Journal , Summer 1984, pp. 33-

Computer Security Journal , for the Risk Management of 42. Spring 1983, pp. 43-50. ADP Systems," AIAA No. 87-3077, Proc. 3d Aerospace Key Words: awareness, PC,

Key Words: contingency, Comp. Sec. Conf., (5: lEE- methods, requirements, policy. recovery, management, 87b), 1987, pp. 184-154. methods. STO-80 Key Words: risk, Stokel, K.J. SIZ-89 management, techniques, "How to Audit Libray Control Sizer, R. methods. Software," EDPACS. May "Computer Security — A 1980, pp. 1-10. Pragmatic Approach for SOB-84 Managers," Information Age Sobol, M.I. Key Words: auditing,

(U.K.) , January 1989, pp. 88- "Data Communications Primer guidelines.

97. for Auditors," EDPACS , March 1984, pp. 1-5. STR-82 Key Words: policy, Streeter. B. management guidelines. Key Words: auditing, "People. More than the networks, methods. Technology Are Still Key to EFT Security," ABA Banking

Journal . July 1982, pp. 32-37.

Key Words: jjersormel. threats.

2-22 TAL-81 TOM-86 VAN-87 Talbot, J.R. Tomkins, F.G., and R.Rice Van Meter, S.D., and Management Guide to "Integrating Security Activities J.D. Veatch Computer Security, Halsted into the Software "Space Station Program Threat Press/J. Wiley & Sons, New Development life Cycle and and Vulnerability Analysis," York, 1981. the Software Quality AIAA No. 87-3082. Proc. 3d Assurance Process," Aerospace Comp. Sec. Conf.. book, Key Words: Computers & Security , (5: IEE-87b), 1987, pp. 104- management, guidelines. September 1986, pp. 218-242. 107.

TEA-84 Key Words: management, Key Words: threats, Teas, H. software. vulnerabilities. "Self-Audit of Microcomputer

Controls," EDPACS , TOP-84 VDB-84 December 1984, pp. 1-6. Toppen, R. vd Berg, B., and H. Leenaars "InFmite Confidence: The "Advanced Topics on Key Words: auditing, PC, Audit of Communication Computer Center Auditing," Networks" methods. Computers & Computers & Security , October

Security , November 1984, pp. 1984, pp. 171-185. TIN-89 303-313. Ting, T.C. Key Words: auditing, methods. "Application of Information Key Words: auditing, Security Semantics: A Case networks. VOU-88 of Mental Health Delivery," Vouitilainen, R. Proc. IFIP WG 11.3 (Data TRO-84 "Experience in the Use of the base) Workshop (6: M-89), Troy, G. SBA Vulnerability Analysis for 1989. "Thwarting the Hackers," Improving Computer Security

Datamation , July 1, 1984. in Finland," Proc. IFIP/Sec. •88 Key Words: methods, , Austraha, 1988, (2: CAE- database. Key Words: hackers, 89), pp. 263-271. techniques. TOD-89 Key Words: risk, international. Todd, M.A., and C. Guitian TRO-86 Computer Security Training Troy, E.F. WAC-89

Guidelines . SP 500-172, Security for Dial-Up Lines , Wack, J.P., and L.J. Camahan National Institute of SP 500-137, National Bureau Computer Viruses and Related

Standards and Technology, of St^dards, Gaithersburg, Threats: A Management Guide , Gaithersburg, MD, November MD, 1986. SP 500-166, National Institute 1989. of Standards and Technology, Key Words: techniques, Gaithersburg, MD. August Key Words: awareness, network. 1989. guidelines. VAN-85 Key Words: viruses, TOI-87 van Eck, W. guidelines. Toigo, J.W. "Electromagnetic Radiation Disaster Recovery Planning: from Video Display Units: An WAD-82 Managing Risk and Risk?," Wade. J.R.

Catastrophe in Information Computers & Security , 'The Basics of EDP Risk Systems, Yourdan Press, December 1985, pp. 269-286 Assessment," Sectirity

Englewood Cliffs, NJ, 1987 Management, March 1982, pp. Key Words: threats, 56-70. Key Words: risk, recovery. vulnerabilities. Key Words: risk, management.

WAI-84 Wainwright, 0.0. "Security Management of the Future," Security Management, March 1984, pp. 47-51.

Key Words: management, policy.

2-23 WAR-81 WEB-81 Wardlaw, J. Weber, R. WIN-89 "Pattern Matching for EDP EDP Auditing: Conceptual Winkler, J.R., and W.J. Page

Auditors," EDPACS . March Foimdations and Practice, "Intrusion and Anomaly 1981, pp. 1-12. McGraw-Hill, Highstown, NJ, Detection in Trusted Systems," 1981. Proc. 5th Security Applicat.

Key Words: auditing, Conf. , (4: IEE-89c), 1989, pp. techniques. Key Words: book, auditing, 39-45. methods, techniques, WAR-83 management. Key Words: auditing, threats, Warren, A.D. methods, techniques. "Evaluating Risks of WHI-89 Computer Fraud and Error," White, S.R. and D.M. Chess WOD-88

Computers & Security , June Coping with Computer Woda, A.

1983, pp. 231-143. Viruses and Related Problems , "Enstiring Reliability and RC 14405, IBM Thomas J. Integrity of Data in EDP Key Words: risks, techniques. Watson Research Center, Application Systems," COM- Yorktown, NY, January 30, SAC, Computer Sec. Auditing WAR-83a 1989 & Control. No. 2, 1988, pp. Ward, G. A1-A6. "Micros Pose Mainframe Size Key Words: viruses, Security Problems," Data guidelines. Key Words: integrity, methods. Mangement, July 1983, pp. 38+ WIE-86 WOF-83 Wiesand, C.G. Wofsey, M.M. (Ed.) Key Words: vulnerabilities, "An Audit Approach to Advances in Computer

PC. Microcomputers," EDPACS , Security Management, Vol. 2 , May 1986, pp. 1-18. J. Wiley & Sons, New York, WAR-84 1983. Ward, CM, and Key Words: auditing, R.D. Paterson methods, PC. Key Words: book, general, "Surviving (and Profiting methods, management, from) the Audit: Auditors WIL-84 techniques. View," Computerworld, Wilkes, M.V. September 24, 1984, pp. "Security Management and WON-85 ID/13-18. Protection: A Personal Wong, K. Approach," The Computer "Computer Crime — Risk

Key Words: auditing, Journal (UK) , February 1984, Management and Computer management. pp. 3-7. Security," Computers &

Security , December 1985, pp. WAR-84a Key Words: management, 287-295. Warren, A. policy, methods, guideUnes. "Auditing Computer Key Words: crime, risk, Systems," Information WIN-83 methods, management.

Resource Management , (UK), Winters, CM. March 1984, pp. 36-39. "Auditing Data WON-86 Commimications Networks," Wong. K.

Key Words: auditing, EDPACS , August 1983, pp. "The Risks Involved in methods. 1-9. Computerization." The Computer Law and Sec. WAR-86 Key Words: auditing, Report, March-April 1986, pp. Ward, G.M., and J.D. Harris networks. 15-18. Managing Computer Risk: A Guide for the Policymaker, J. Key Words: threats, risks, Wiley & Sons, Inc., 1986. laws.

Key Words: book, risk, methods, guidelines, management.

2-24 WON-86a WOO-86 YAR-84 Wong, K. Wood. C.C. Yarberry, W.A. "Effective Computer Security "Establishing Internal "Managing the EDP Audit

- Management," EDPACS , July Technical System Security Fimction A Practical 7-10. 1986, pp. Standards." Computers & Approach," EDPACS , May

Security , June 1986, pp. 193- 1984, pp. 6-8. Key Words: management, 200. methods. Key Words: auditing, Key Words: policy, management, personnel. WOO-83 guidelines, management. Wood, C.C. YAR-84a "Enhancing Information WOO-86a Yarberry, W.A. Security with the Information Wood, C.C. "Auditing the Change Control

Resource Management "Quantitative Risk Analysis System," EDPACS , June 1984, Approach," Computers & and Information System pp. 1-5.

Security , November 1983, pp. Security," Data Processing &

223-229. Communications Security , Key Words: auditing, methods, Winter 1986, pp. 8-11. techniques. Key Words: management, methods. Key Words: risk, techniques. YAR-84b Yarberry, W.A. WOO-84 WOO-87 "Audit Software: Eliminating

Wood, M., and T. Elbra Wood, C.C, et al. the Middle Man," EDPACS , System Design for Data Computer Security: A September 1984, pp. 1-4.

Protection . National Comprehensive Controls

Computer Centre (UK), J. Checklist , J. Wiley & Sons. Key Words: auditing, software, Wiley & Sons, Chichester, Somerset, NJ, 1987 methods. 1984. Key Words: book, controls, Key Words: book, methods, guidelines. techniques. WYS-84 WOO-85 Wysong, E.M.. and I. DeLx)tto

Wood. C.C. Information Systems Auditing . "Floppy Diskette Security Proceedings. International

Measures." Computers & Conference , Milan, 1983,

Security . September 1985. pp. North-Holland, Amsterdam. 223-228. 1984.

Key Words: techniques. PC. Key Words: proceedings, auditing, methods, management.

2-25

3. Foundations

This section cites publications that emphasize fundamental principles, concepts, and models of computer security.

ADK-89 BEN-89 BIS-89 Adkins, M.M., et al. Benson, G., W. Appelbe, and Bishop, M. "The Argus Security Model," I. Akyildiz "A Model of Security Proc. 12th Natl. Comp. Sec. "The Hierarchical Model of Modeling," Proc. 5th Security

Conf. . (5: NCS-89), 1989, Distributed Systems Security," Applicat. Conf. . (4: IEE-89c). pp. 123-134. Proc. 1989 IEEE Symp. on 1989, pp. 46-52

Sec. & Privacy . (5: IEE-89b), Key Words: models, pp. 194-203. Key Words: models, theory. description. Key Words: model, BOE-84 BAD-89 hierarchical, network. Boebert, W.E. Badger, L. "On the Inability of an "A Model for Specifying BER-87 Unmodified Capability Multi-Granularity in Integrity Berry, D.M. Machine to Enforce the - PoUcies," Proc. 1989 IEEE 'Towards a Formal Basis for Property," Proc. 7th Seminar,

Symp. on Sec. & Privacy , (5: the Formal Development DoD Comp. Sec. Progr. , (5: IEE-89b), pp. 269-277. Method and the InaJo DOD-84), 1984, pp. 291-293. Specification Language," IEEE

Key Words: models, Trans, on Software Engr. . Key Words: models, capability, integrity, policy. February 1987, pp. 184-200. MLS

BEL-88 Key Words: formal, BOE-85 BeU. D.E. specification. Boebert. W.E., and R.Y. Kain "Concerning 'Modeling' of "A Practical Alternative to Computer Security," Proc. BIS-81 Hierarchical Integrity Policies," 1988 IEEE Symp. on Sec. & Bishop, M. Proc. 8th National Comp. Sec. 8- Privacy . (5: IEE-88a), pp. "Hierarchical Take-Grant Conf. , (5: NCS-85), 1985, pp. 13. Systems," Proceedings, 8th 18-27. ACM Symposium on

Key Words: modeling, Operating System Principles , Key Words: policy, integrity, theory, policy. December 1981, pp. 109-122. methods.

BEL-88a Key Words: models, take- BOE-85a BeU, D.E. grant. Boebert, W.E., and "Security Policy Modeling for C.T. Ferguson the Next-Generation Packet BIS-88 "A Partial Solution to the Switch," Proc. 1988 IEEE Bishop, M. Discretionary Trojan Horse in Natl. Symp. on Sec. & Privacy , (5: 'Theft of Information the Problem," Proc. 8th

IEE-88a), pp. 212-216. Take-Grant Protection Model," Comp. Sec. Conf. . (5: NCS- Proc. Comp. Sec. Foundat. 85), 1985, pp. 141-144.

Key Words: models, poUcy, Workshop , 1988, (3: CSF-88), network. pp. 194-218. Key Words: discretionary, method. Key Words: models, take- grant. BOE-86 Boebert, W.E., R.Y. Kain, and W.D. Young "The Extended Matrix Model of Computer Security," ACM

Software Engr. Notes , August 1985, pp. 119-125.

Key Words: models, technique.

3-1 BOS-89 BUR-89 COH-89 Boshoff. W.H., and Burrows, M., M. Abadi, and Cohen, F. S.H. von Solms R. Needham "Models of Practical Defenses "A Path Context Model for "A Logic of ," Against Computer Viruses."

Addressing Security in ACM Operating Systems Computers & Security . April

Potentially Non-Secure Review , December 1989, pp. 1989. pp. 149-160. Environments," Computers & 1-13.

Security , August 1989, pp. Key Words: models, virus, 417-425. Key Words: authentication, methods. theory. Key Words: models, policy, CSF-88 methods. CAR-84 Proceedings, The Computer Carroll, J.M. Security Foundations

BOT-83 "Intractable Problems in Workshop , Franconia, NH, Bottom, N.R. Jr. Computer Security," June 1988, Report M88-37. "An Informational Theory of Transnational Data Report, The Mitre Corporation, Security," Computers & December 1984, pp. 472- 474. October 1988.

Security , November 1983, pp. 275-280. Key Words: theory, models, Key Words: proceedings, policy. models, theory, methods. Key Words: models, theory. CHE-88 DAS-89 BRE-89 Cheng. P.-C. and V.D.Cligor Dasher. D.N. Brewer, D.F.C., and "A Model for Secure "Modular Presentation of M.J. Nash Distributed Computation in Hardware: Bounding the "The Chinese Wall Security Heterogenous Environment," Reference Monitor Concept," Policy," Proc. 1989 IEEE Proc. 4th Aerospace Comp. Proc. 12th Nad. Comp. Sec.

Symp. on Sec. «fe Privacy , (5: Sec. Conf. . (4: IEE-88b), Conf. , (5: NCS-89). 1989. pp. IEE-89b), pp. 206-214. 1988, pp. 233-241. 591-600.

Key Words: models, poUcy, Key Words: model, networks. Key Words: models, methods, theory. MLS. CLA-87 BUD-83 Clark. D.D., and D.R. Wilson DIO-81 Budd, T.A. "A Comparison of Dion, L.C. "Safety in Grammatical Commercial and Military "A Complete Protection Protection Systems," Computer Security Policies," Model," Proc. 1981 IEEE

International Journal of Proc. 1987 IEEE Symp. on Symp. on Sec. & Privacy , (5: IEE-81), 49-55. Computer and Information Sec. & Privacy . (5: IEE-87a), pp.

Sciences , Vol. 12, No. 6, pp. 184-194. 1987, pp. 413-431. Key Words: models, theory. Key Words: models. poUcy. Key Words: models, poUcy, integrity. DIV-88 safety. DiVito. B.L. CLA-88 "Derived Information BUR-88 Clark, D.D. and D.R. WUson Sensitivity as a Modeling Burrows, M., R. Needham, "Evolution of a Model for Technique." Proc. Comp. Sec.

and M. Abadi Computer Integrity." Foundat. Workshop . 1988. (3: "Authentication: A Practical Postscript, Uth Natl. Comp. CSF-88).

Study in Belief and Action," Sec. Conf. . (5: NCS-88a), Proceedings, 2nd Conference 1988. pp. 14-27. Key Words: models, on Theoretical Aspects of techniques.

Reasoning About Knowledge , Key Words: models, integrity. Morgan Kaufmann Publishers, Los Altos, CA, 1988, pp. 325-342.

Key Words: proceedings, theory, authentication, methods.

3-2 DOB-89 FOL-89 GLA-87 Dobson, J.E., and Foley, S.N. Glasgow, J.J., and JA. McDermid "A Model of Secure G.H. McEwen "A Framework for Expressing Information Flow," Proc. 1989 'The Development and Proof Models of Security Policy," IEEE Symp. on Sec. & of a Formal Specification for a

Proc. 1989 IEEE Symp. on Privacy , (5: IEE-89b), pp. Multi-Level Secure System,"

Sec. & Privacy . (5: IEE-89b), 248-258. ACM Trans, on Computing

pp. 229-239. Systems . Vol. 5. No.2, 1987, Key Words: models, theory, pp. 151-184. Key Words: models, flow. methods, general. Key Words: formal, FRE-88 specifications. DOB-89a Freeman, J., R. Neely, and Dobson, J. G. Dinolt GLA-88 "Conversational Structures as "An Internet System Security Glasgow, J.J., and a Means of Specifying Policy and Formal Model," G.H. MacEwen Security Policy," Proc. IFIP Proc. 11th Natl. Comp. "Reasoning About Knowledge

WG 11.3 (Data Base) Sec.Conf. . (5: NCS-88), 1988, in Multi-level Secure

Workshop , (6: IFI-89), 1989. pp. 10-19. Distributed Systems," Proc. 1988 IEEE Symp. on Sec. &

Key Words: specification, Key Words: model, formal, Privacy , (5: IEE-88a), pp. 122- methods. network. 128.

ELO-85 FUG-84 Key Words: models, theory, Eloff. J.H.P. Fugini, M., and G. Martella MLS. "The Development of a "ACTEN: A Conceptual Specification Language for a Model for Security Systems GLA-88a Computer Security System," Design," Computers & Glasgow, J., G.H. MacEwen,

Computers & Sectirity , June Security , October 1984, pp. and P. Panangaden 1985, pp. 143-147. 196-214. "Reasoning about Knowledge and Permission in Secure Key Words: specification, Key Words: model, theory. Distributed Systems," Proc. methods. Comp. Sec. Foundat.

FUG-87 Workshop . 1988, (3: CSF-88), FIN-89 Fugini, M.G., and G. Martella pp. 139-146. Fine, T., et al. "A Petri Net Model of Access "Noninterference and Control Mechanisms," Key Words: models, theory,

Unwinding in LOCK," Proc. Information Systems , Vol. 13, MLS. Comp. Sec. Foundat. No. 1, 1988.

Workshop H . 1989, (3: BEE- GLA-89 89a), pp. 22-28. Key Words: model, control. Glasgow, J.I., and G.H. MacEwen Key Words: models, GAS -89 "Obligation as the Basis of infCTence, methods. Gasser, M. Integrity Specification," Proc. "An Optimization for Comp. Sec. Foundat.

FOL-87 Automated Information Flow Workshop E , 1989. (3: lEE-

Foley, S.N. Analysis," IEEE Cipher, Jan. 89a), pp. 64-70. "A Universal Theory of 1989, pp. 32-36. Information Flow," Proc. Key Words: specification, 1987 IEEE Symp. on Sec. & Key Words: flow, techniques. methods.

Privacy , (5: IEE-87a), pp. 116-121. GLA-85 GOG-82 Glasgow, J.I., and Goguen. J.A., and J. Meseguer, Key Words: models, theory, G.H. MacEwen "Security Policies & Security flow. "A Two-Level Security Model Models," Proc. 1982 IEEE

for a Secure Network," Proc. Symp. on Sec. & Privacy , (5:

8th Natl. Comp. Sec. Conf. , IEE-82), pp. 11-20. (5: NCS-85), 1985, pp. 56-63. Key Words: models, policy, Key Words: models, network. theory.

3-3 GOU-84 HAI-84 HAR-88a Gougen, J.A., and J. Mesgeur Haigh, J.T. Harkness, W., adn P. Pittelli "Unwinding and Inference "Comparison of Formal "Command as a Control," Proc. 1984 IEEE Security Policy Models," Proc. Component of Information

Symp. on Sec. & Privacy , (5: 7th Seminar, DoD Comp. Sec. Integrity." Proc. Comp. Sec.

IEE-84), pp. 75-86. Progr. , (5: DOD-84), 1984, Foundat. Workshop , 1988, (3: pp. 88-111. CSF-88). pp. 201-226. Key Words: model, inference, theory. Key Words: models, theory, Key Words: integrity, general. techniques. GOV-85 Gove, R.A. HAI-86 HEA-89

"Modeling of Computer Haigh, J. and W.D. Young Heany, J., et al. Networks," Proc. 8th Natl. "Extending the "Security Model Development

Comp. Sec. Conf. . (5: NCS- Noninterference Version of Environment," Proc. 5th

85), 1985, pp. 47-55. MLS for SAT," Proc. 1986 Security Applicat. Conf. , (4: IEEE Symp. on Sec. & IEE-89c), 1989, pp. 299-307.

Key Words: models, Privacy , (5: IEE-86), pp. 232- methods, netowrks. 239. Key Words: models, techniques. GRO-84 Key Words: models, MLS, Grove, R.A. methods. HER-89 "Extending the Bell & Herlihy, M.P.. and J.M. Wing LaPadula Security Model," HAI-87 "Specifying Security Proc. 7th Seminar, DoD Haigh, J. and W.D. Young Constraints with Relaxation

Comp. Sec. Program , (5: "Extending the Lattices," Proc. Comp. Sec.

DOD-84), 1984. pp. 112-119. Noninterference Version of Foundat. Workshop n , 1989, MLS for SAT," IEEE Trans, (3: IEE-89a), pp. 47-53. Key Words: models, theory, on Software Engr., February MLS. 1987, pp. 141-150. Key Words: specification, methods. GUT-87 Key Words: models, MLS, Guttman, J. methods. IEE-89 "Information Flow and Proceedings, The Computer Invariance," Proc. 1987 IEEE HAR-85 Security Foundations

Symp. on Sec. & Privacy , (5: Harrison, M.A. Workshop 11, Franconia, NH, IEE-87a). pp. 67-73. 'Theoretical Issues Concerning June 11-14, 1989, IEEE Protection in Operating Computer Society Press, Key Words: models, flow, Systems," in M.C. Yovits, Washington, DC, June 1989. theory. Ed., Advances in Computers,

Vol. 24 . Academic Press, Key Words: proceedings, GUT-88 New York, 1985. models, theory, methods. Guttman, J., and M. Nadel "What Needs Securing," Proc. Key Words: models, theory, JAC-88 Comp. Sec. Foundat. general. Jacob, J.

Workshop , 1988, (3: CSF- "Security Specifications," Proc. 88), pp. 34-57. HAR-88 1988 IEEE Symp. on Sec. &

Hartman, B.A. Privacy , (5: IEE-88a), pp. 14- Key Words: models, theory. "A General Approach to 23. Tranquility in Information GUT-89 Flow Analysis," Proc. Comp. Key Words: specification,

Guttman, J.D. Sec. Foundat. Workshop , methods. "The Second Computer 1988, (3: CSF-88). Security Foundations JAC-88a

Workshop," IEEE Cipher , Key Words: models, flow, Jacob, J.L. Fall 1989, pp. 15-26. methods. "A Security Framework." Proc. Comp. Sec. Foundat.

Key Words: awareness, Workshop . 1988, (3: CSF-88). models. pp. 98-111.

Key Words: models, theory, general.

3-4 JAC-89 KAT-89 KOR-88a Jacob, J. Katzke, S.W., and Korelsky, T., et al. "On the Derivation of Secure Z. G. Ruthberg (Eds) "Security Modeling in the Components," Proc. 1989 Report of the 1987 Ulysses Enviroimient," Proc.

IEEE Symp. on Sec. & Invitational Workshop on 4th Aerosp. Comp. Sec. Conf. ,

Privacy . (5: IEE-89b), pp. Integrity Policy in Computer (4: IEE-88b), 1988, pp. 386-

242-247. Information System , SP 500- 392. 160, National Institute of Key Words: models, theory, Standards and Technology, Key Words: modeling, methods. Gaithersburg, MD, 1989. techniques.

JAC-89a Key Words: integrity, policy. KRE-80 Jacob, J. Kreissig, G. "A Note on the Use of KEE-88 "A Model to Describe Separability for Detection of Keefe, T.F.. W.T. Tsai, and Protection Problems," Proc. Covert Channels," IEEE M.B. Thuraisingham 1980 IEEE Symp. on Sec. &

Cipher , Summer 1989, pp. "A Multilevel Security Model Privacy , (5: IEE-80), pp. 9-17. 25-33. for Object-Oriented Systems," Proc. 11th Natl. Comp. Sec. Key Words: models, methods. Key Words: covert channel, Conf.. (5: NCS-88). 1988, pp. methods. 1-9. LAN-81 Landwehr, C.E. JOH-88 Key Words: models, MLS, "Formal Models for Computer Johnson, D.M., and methods. Security," ACM Computing

F.J. Thayer Surveys , September 1981, pp. "Stating Sectirity KEE-89 247-278. Requirements with Tolerable Keefe, T., and W. Tsai Sets," ACM Trans, on "Security Model Consistency Key Words: models, formal,

Computer Systems . Vol. 6, in Secure Object-Oriented general. No. 3, 1988. Systems" Proc. 5th Security

Applicat. Conf. , (4: IEE-89c), LAN-82 Key Words: requirements, 1989, pp. 290-298. Landauer, C, and S. Crocker methods. "Precise Information Flow Key Words: models, theory, Analysis by Program JOH-88a MLS. Verification," Proc. 1982 IEEE

Johnson, D.M., and Symp. on Sec. & Privacy , (5: FJ. Thayer KOH-89 IEE-82). pp. 74-80. "Security and Composition of Ko, H.-P. Machines," Proc. Comp. Sec. "Security Properties of Ring Key Words: verification,

Foundat. Workshop , 1988, (3: Brackets," Proc. Comp. Sec. methods.

CSF-88), pp. 72-89. Foundat. Workshop H . 1989, (3: IEE-89a), pp. 41-46. LAN-84 Key Words: models, theory. Landwehr, C.E., Key Words: models, C.L. Heitmeyer, JOH-89 techniques. and J. McLean Johnson, D.M., and "A Security Model for Military FJ. Thayer KOR-88 Message Systems," ACM

"Security Properties Korelsky, T., et al. Trans, on Computer Systems , Consistent with Testing "ULYSSES: A Computer- August 1984, pp. 198-222. Semantics for Communicating Security ModeUng Processes," Proc. Comp. Sec. Enviroiunent." Proc. 11th Key Words: models,

Foundat. Workshop , 1988, (3: Natl. Comp. Sec. Conf. . (5: techniques. CSF-88), pp. 9-21. NCS-88). 1988, pp. 20-28

Key Words: models, theory, Key Words: modeling, methods. techniques.

3-5 LAN-89 LIN-89a MAC-87 Landauer, J., T. Redmond, Lin, T.Y., L. Kershberg, and MacEwen, G.H., and T. Benzel R.P. Trueblood V.Q.W. Poon, and "Formal Policies for Trusted "Security Algebras and J.I. Glasgow Processes," Proc. Comp. Sec. Formal Models - Using Petri "A Model for Multilevel

Foundat. Workshop H . 1989, Net Theory." Proc. IFIP WG Security Based on Operator

(3: IEE-89a), pp. 31-40. 11.3 (Data Base) Workshop , Nets," Proc. 1987 IEEE Symp.

(6: IFI-89), 1989. on Sec. & Privacy , (5: lEE- Key Words: policy, formal, 87a), pp. 130-160.

models. Key Words: models, theory * methods Key Words: models, MLS, LAP-89 methods. La Padula, L.J. LIU-80 "The 'Basic Security Liu, L. MAR-86 Theorem' of Bell and La "On Security Flow Analysis Marcus, L., and T. Redmond Padula Revisited," IEEE in Computer Systems," Proc. "Semantics of Read," Proc. 9th 26- Cipher, January 1989, pp. 1980 IEEE Symp. on Sec. & Natl. Comp. Sec. Conf. . (5:

31. Privacy , (5: IEE-80), pp. 22- NCS-86), 1986, pp. 184-193. 33. Key Words: awareness, Key Words: models, theory. models, theory, formal. Key Words: models, flow, methods, techniques. MAR-88 LEI-83 Marcus. L.. and T. Redmond Leiss, E.L. LOC-82 "A Model-Theoretic Approach "On Authorization Systems Lockman, A., and N. Minsky, to Specifying, Verifying, and With Grant-or -Controlled "Unidirectional Transport of Hooking Up Security Policies," Propagation of Privileges," Rights and Take-Grant Proc. Comp. Sec. Foundat.

Proceedings, 1983 Control," IEEE Trans, on Workshop , 1988, (3: CSF-88),

COMPCON Spring . 1983, pp. Software Engr. , December pp. 127-138. 499-502. 1982. pp. 597-604. Key Words: models, theory, Key Words: models, Key Words: models, take- policy. authorization, techniques. grant, techniques, methods. MAR-89 LIN-88 LUB-89 Marcus, L., and T. Menas Lin, T.Y. Lubarsky. R.S. "Safety via State Transition "A Generalized Information "Hook-Up Security and Language Plus Invariants," Flow Model and the Role of Generalized Restrictiveness," Proc. Comp. Sec. Foundat.

the Security Officer," Proc. Proc. 12th Natl. Comp. Sec. Workshop H , 1989. (3: lEE- 71-77. IFIP WG 11.3 Meeting . (6: Conf. . (5: NCS-89), 1989, pp. 89a). pp. LAN-88), 1987. pp. 85-103. 112-122. Key Words: theory, methods, Key Words: models, flow, Key Words: models, theory. safety. methods. LUN-88 MAR-89a LIN-89 Lunt, T.F. Marcus, L. Lin. T.Y. "Access Control Policies: 'The Search for a Unifying "Chinese Wall Security Some Unanswered Questions," Framework for Computer

Policy — An Aggressive Proc. Comp. Sec. Foundat. Security," IEEE Cipher , Fall

Model." Proc. 5th Security Workshop , 1988, (3: CSF-88), 1989, pp. 55-63.

Applicat. Conf. , (4: IEE-89c), pp. 227-245. 1989. pp. 282-289. Key Words: models, theory, Key Words: policy, control. general. Key Words: models, policy, theory.

3-6 MCC-87 MCH-86 MCL-87

McCullough. D.M. McHugh, J., and A.P. Moore McLean, J. "Specifications for Multilevel "A Security PoUcy and "Reasoning About Security Security and a Hook-Up Formal Top Level Models," Proc. 1987 IEEE Property," Proc. 1987 IEEE Specification for a Multi- Symp. on Sec. & Privacy , (5: Privacy Symp. on Sec. & , (5: Level Secure Local Area IEE-87a), pp. 123-131 IEE-87a), pp. 161-166. Network," Proc. 1986 IEEE

Symp. on Sec. & Privacy . (5: Key Words: models, theory, Key Words: specification, IEE-86), pp. 34-39 general. MLS. Key Words: specification, MCL-88 MCC-88 MLS. LAN. McLean, J. McCullough, DJ^. 'The Algebra of Security," "Noninterference and the MCH-87 Proc. 1988 IEEE Symp. on ComposabiUty of Security J. McHugh, Sec. & Privacy , (5: IEE-88a), Properties," Proc. 1988 IEEE "Active vs. Passive Security pp. 2-7.

Symp. on Sec. & Privacy , (5: Models: The Key to Real IEE-88a). pp. 177-186. Systems," Proc. 3d Aerosp^ice Key Words: models, theory.

Comp. Sec. Conf. . (5: lEE- Key Words: inference, 87b), 1987, pp. 15-20. MCL-89 theory. McLean, J., and C. Meadows Key Words: models, theory, "Composable Security

MCC-88a general. Properties," IEEE Cipher , Fall McCullough, D.M. 1989, pp. 27-36. "Covert Channels and MCH-88 Degrees of Insecurity," Proc. McHugh, J. Key Words: models, theory. Comp. Sec. Foundat. "A Formal Definition for

Workshop , 1988, (3: CSF- Information Flow Analysis," MEN-81 88), pp. 1-33. Proc. Comp. Sec. Foundat. Mennie, A.L., and Workshop. 1988, (3: CSF-88), G.H. MacEwen Key Words: covert channel, pp. 147. "Information Flow Certification theory. Using an Intermediate Code Key Words: formal, models, Program Representation," IEEE

MCC-88b flow. Trans, on Software Engr. , McCullough, D.M. November 1981, pp. 594-607. Foimdations of Ulysses: The MCL-84

Theory of Sectirity , RADC- McLean, L, C.E. Landwehr, Key Words: flow, techniques, TR-87-222, U.S. Air Force and C.L. Heitmyer verification. Rome Air Development "A Formal Statement of the Center, Rome, NY, July MMS Security Model," Proc. MIL-81 1988. 1984 IEEE Symp. on Sec. & MiUen, J.K.

Privacy , (5: IEE-84), pp. 188- "Information Flow Analysis of Key Words: verification, 194. Formal Specifications." Proc. theory, MLS. 1981 IEEE Symp. on Sec. &

Key Words: formal, models, Privacy . (5: IEE-81), pp. 3-8. MCD-89 network. McDermid, J., and Key Words: specification, E. Hocking MCL-85 formal, flow, methods. "Security Policies for McLean, L Integrated Project Support "A Comment on the Basic MIL-84 Environments," Proc. IFIP Security Theorem of Bell and MiUen, J.K. WG 11.3 (Data Base) LaPadula," Information "Al Policy Modelling," Proc.

. Workshop , (6: IFI-89), 1989. Processing Letters , February 7th Seminar, DoD Comp. Sec

1985, pp. 67-70. Progr. , (5: DOD-84), 1984, pp. Key Words: policy, 137-145. techniques. Key Words: models, formal, theory. Key Words: models, MLS, methods.

3-7 MIL-87 MIN-84 PAG-89

MiUen, J.K. Minsky. N.. Page. J. et al. "Covert Channel Capacity," "Selective and Logically "Evaluation Security Model Proc. 1987 IEEE Symp. on Controlled Transport of Rule Base." Proc. 12th Natl. Privacy. Privileges." Sec. & (5: IEE-87a), ACM Trans, on Comp. Sec. Conf. . (5: NCS- pp. 60-66 Programming Languages and 89). 1989. pp. 98-111.

Systems , Vol. 6, No. 4, 1984. Key Words: covert channel, pp. 573-602. Key Words: models, theory, models. methods. Key Words: models, take- MIL-87a grant, methods. PIT-87 MiUen, J.K. Pittelli, P.A. "Interconnection of MOR-88 'The Bell-LaPadula Computer Accredited Systems," AIAA Morgenstem, M. Security Model Represented as No. 87-3075, Proc. 3d "Spiral Classification for a Special Case of the Aerosp. Comp. Sec. Conf., Multilevel Data and Rules." Hairison-Ruzzo-Ullman (5: IEE-87b). 1987, pp. 60- Proc. 11th Natl. Comp. Sec. Model," Proc. 10th Natl.

65. Conf. . (5: NCS-88). 1988. pp. Comp. Sec. Conf. , (5: NCS- 270-273. 87a), 1987, pp. 118-121. Key Words: models, techniques. Key Words: models, Key Words: models, theory, techniques, MLS. methods. MIL-89 MiUen, J.K. MOS-87 PIT-88 "Finite-State Noiseless Covert Moser, L.E. PitteUi, P.A. Channels," Proc. Comp. Sec. "Graph Homomorphisms and "Formalizing Integrity Using

Foundat. Workshop H , 1989. the Design of Secure Non-interference." Proc. 11th

(3: IEE-89a), pp. 81-86. Computer Systems," Proc. National Comp. Sec. Conf. . (5: 1987 IEEE Symp. on Sec. & NCS-88). 1988. pp. 38-42.

Key Words: covert channel, Privacy . (5: IEE-87a). pp. 88- models. 96 Key Words: formal, integrity, theory. MIL-89a Key Words: models, theory, Millen, J.K. methods. RAN-88 "Models of Multilevel Rangan. P.V. Computer Security," in M. MOS-89 "An Axiomatic Basis of Trust Yovits, (Ed), Advances in Moser. L.E. in Distributed Systems," Proc.

Computers . Academic Press. "A Logic of Knowledge and 1988 IEEE Symp. on Sec. &

New York, 1989, pp. 1-40. Belief for Reasoning about Privacy , (5: IEE-88a), pp. 204- Computer Security." Proc. 211. Key Words: models, MLS. Comp. Sec. Foundat.

general. Workshop n . 1989. (3: lEE- Key Words: models, theory, 89a), pp. 57-63. network. MIN-83 Minsky, N.H. Key Words: theory, methods, ROS-88 "On the Transportation of general. Rosenthal. D. Privileges," Proc. 1983 IEEE "An Approach to Increasing

Symp. on Sec. & Privacy , (5: NEU-83 Automation of Verification of IEE-83a), pp. 41-48. Neumann, P.G. Security." Proc. Comp. Sec.

"Experiences with Formality Foundat. Workshop . 1988, (3: Key Words: models, take- in Software Development," in CSF-88), pp. 90-97. grant, methods. D. Ferrari et al (Eds.), Theory and Practice of Software Key Words: verification,

Technology , North-Holland, techniques. Amsterdam, 1983.

Key Words: formal, software, methods.

3-8 ROS-88a SAN-88a SNY-81 Roskos, I.E. Sandhu, R.S. Snyder. L. "Minix Security Policy "Expressive Power of the "Formal Models of Capability- Model," Proc. 4th Aerospace Schematic Protection Model," Based Protection Systems."

. Comp. Sec. Conf. (4: lEE- Proc. Comp. Sec. Foundat. IEEE Trans, on Computers .

88b). 1988. pp. 393-399. Workshop , 1988, (3: CSF-88). March 1981. pp. 172-181 pp. 188-193. Key Words: models, policy, Key Words: formal, models, decription. Key Words: models, capability. description. RUS-84 SNY-81b Rushby. J. SAN-89 Snyder, L. "The Security Model of Sandhu. R.S. 'Theft and Conspiracy in the Enhanced HDM," Proc. 7th 'Transformation of Access Take-Grant Model." Joumal

Seminar, DoD Comp. Sec. Rights." Proc. 1989 IEEE Comp. and System Sciences .

Progr. . (5: DOD-84), 1984, Symp. on Sec. & Privacy , (5: December 1981. pp. 333-347. pp. 120-136. IEE-89b), pp. 259-268. Key Words: models, take- Key Words: models, Key Words: control, grant, threats. description. techniques. SOR-83 SAN-85 SAN-89a Sorkin. A., and C.J. Buchanan Sandhu, R.S. Sandhu, R. "Measurement of "Analysis of Acyclic "Currrent State of the Safety Cryptographic Capability Attenuating Systems for the Problem in Access Control," Protection Algorithms,"

SSR Protection Model," Proc. IEEE Cipher . Fall 1989. pp. Computers & Security . 1986 IEEE Svmp. on Sec. & 37-46. November 1983. pp. 101-116.

Privacy , (5: ffiE-86), pp. 197-206. Key Words: control, safety, Key Words: capability, general. techniques. Key Words: models, description. SAY-86 STO-81 Saydjari. O.S.. and Stoughton. A. SAN-86 T. Kremann "Access Flow: A Protection Sandhu, R.S., and M.E. Share "A Standard Notation in Model which Integrates Access "Some Owner Based Computer Security Models." Control and Information Schemes With Dynamic Proc. 9th Natl. Comp. Sec. Flow." Proc. 1981 IEEE Symp.

Groups in the Schematic Conf. . (5: NCS-86), 1986, pp. on Sec. & Privacy . (5: lEE- Protection Model," Proc. 194-203. 81). pp. 9-18. 1986 IEEE Symp. on Sec. &

Privacy , (5: IEE-86). pp. 61- Key Words: models, methods, Key Words: models, flow, 70 general. control.

Key Words: models, SIL-83 SUT-86 methods. Silverman, J.M. Sutherland, D. "Reflections on the "A Model of Information," SAN-88 Verification of the Security of Proc. 9th National Computer

Sandhu, R.S. an Operating System," Sec. Conf. , (5: NCS-86). 1986. "The Schematic Protection Proceedings, 9th ACM pp. 175-183. Model: Its E>efinition and Symposium on Operating

Analysis of Acyclic Systems Principles , October Key Words: models, theory, Attenuation Schemes," 1983, pp. 143-154. general.

Journal of the ACM , No. 2, 1988. pp. 404-432. Key Words: verification, description. Key Words: models, description.

3-9 SUT-89 TSA-87 WIL-88 Sutherland, I., S. Perlo, and Tsai, C.-R, V.D. Gligor. and Williams, J.C. and M.L.Day R. Varadarajaan C.S. Chandersekaran "Security Labels and Security "Deducibility Security with "A Formal Method For the Profiles," Proc. 11th Natl.

Dynamic Level Assignments," Identification of Covert Comp. Sec. Conf. . (5: NCS- Proc. Comp. Sec. Foundat. Storage Chaimels in Source 88). 1988. pp. 257-266.

Workshop H . 1989, (3: lEE- Code," Proc. 1987 IEEE

89a), pp. 3-8 Symp. on Sec. & Privacy , (5: Key Words: models, methods, IEE-87a), pp. 74-86 MLS. Key Words: models, theory, general. Key Words: covert channel, WIT-89 formal, methods, techniques. Wittbold, J.T.. TAY-84 "Controlled Signalling Systems Taylor, T. TSA-88 and Covert Channels," Proc. "Comparison Paper Between Tsai, C.-R., and V.D. Gligor Comp. Sec. Foundat. I

the Bell-La Padula Model "A Bandwidth Computation Workshop n . 1989, (3: lEE- and the SRI Model," Proc. Model for Covert Storage 89a), pp. 87-104. 1984 IEEE Symp. on Sec. & Chaimels and Its

Privacy , (5: IEE-84), pp. Applications," Proc. 1988 Key Words: covert channel, 195-202. IEEE Symp. on Sec. & methods, techniques.

Privacy . (5: IEE-88a), pp. Key Words: models, theory, 108-121. WRA-89 general. Wray, J.C. Key Words: covert channel, "An Optimization for TAY-87 models, techniques. Information Flow Analysis," Taylor, T., and B. Hartman Proc. Comp. Sec. Foundat.

"Formal Models, Bell- WEB-89 Workshop H . 1989. (3: lEE- LaPadula, and Gypsy," Proc. Weber, D.G., and 89a), pp. 105-110.

10th Natl. Comp. Sec. Conf. , R. Lubarsky (5: NSC-10), 1987, pp. 193- "The SDOS Project - Key Words: models, flow, 200. Verifying Hook-Up Security," methods. Proc. 3d Aerospace Comp.

Key Words: models, formal, Sec. Conf. . (5: IEE-87b), WUM-81 general. 1987, pp. 7-14. Wu. M.S. "Hierarchical Protection TER-89 Key Words: verification, Systems." Proc. 1981 IEEE

Terry, P., and S. Wiseman description. Symp. on Sec. & Privacy . (5: "A 'New' Security Policy IEE-81). pp. 113-123. Model," Proc. 1989 IEEE WIL-87

Symp. on Sec. & Privacy , (5: Williams. J.C. and Key Words: models, IEE-89b), pp. 215-228. G.W. DLnolt hierarchical. "A Graph-Theoretic Key Words: models, theory. Formulation of Multilevel YOU-89 Secure Distributed Systems: Young. W.D. TRU-86 An Overview" Proc. 1987 'Toward Foundations of

Trueblood, R.P., and IEEE Symp. on Sec. & Security." IEEE Cipher . Fall

A. Sengupta Privacy . (5: IEE-87a). pp. 97- 1989. pp. 47-54. "Dynamic Analysis of the 103. Effects Access Rule Key Words: models, theory, Modifications Have Upon Key Words: theory, models, general. Security," IEEE Trans, on general.

Software Engr. , August 1986, pp. 866-870.

Key Words: models, techniques.

3-10 4. Access Control

This section cites publications on identification and authentication methods (e.g., , biometrical identifiers), traditional access control methods (such as memory and file protection), the use of capabilities and access control lists, and add-on software packages for discretionary access control.

AHI-87 BAC-89 BOU-83 Ahituv, N., Y.Lapid, and Bacic, E. Bound, W.A.J. S. Neumann "Process Execution Controls "Securing the Automated "Verifying Authentication of as a Mechanism to Ensure Office," Computer Security

an Information System User," Consistency," Proc. 5th Journal , Fall/Winter 1983. pp.

Computers & Security , April Security AppUcat. Conf. (4: 97-103. 1987, pp. 152-157. IEE-89c), 1989, pp. 114-120. Key Words: control. Key Words: authentication, Key Words: controls, OS, techniques. techniques. techniques. BOW-88 ALV-88 BAN-84 Bowers, D.M. Alvare, A., and E. Schultz Banton, B.F. and M.S. Barton Access Control and Personal

"A Framework for "User-Friendly Password Identification Systems , Selection," Proceedings, Methods for Computer- Butterworths, Boston, 1988. USENIX UNIX Security Mediated Information

Workshop , August 1988. Systems," Computers & Key Words: book, control,

Security , October 1984, pp. general. Key Words: authentication, 186-195. methods, passwords. BRA-84 Key Words: authentication, Brand, S.L., and M.E. Flaherty AND-88 methods, passwords. "Password Management in Anderson, L. Practice," Proc. 7th Seminar,

"UNIX Password Security," BEK-88 POD Comp. Sec. Progr. , (5: Proceedings. USENIX UNIX Beker, H. DOD-84), 1984, pp. 264-269.

Security Workshop , August "Secure Access Control and 1988. MAC-Based Signatvires," Key Words: authetication,

Information Age , (U.K.) methods, passwords, Key Words: authentication, January 1988, pp. 20-22. management. methods, passwords. Key Words: control, BRO-84 ANC-83a mandatory. Brown, R.L. Ancilotti, P., N.Lijtmaer, and "Computer System Access M. Boari BON-83 Control Using Passwords," '84 "Language Features for Bonyun, D.A. Proc. IFIP/Sec. . Toronto, Access Control," IEEE Trans. "The Use of Architectural 1984, (2: FIN-85), pp. 129- 142. on Software Engr. , January Principles in the Design of 1983, pp. 16-24. Certifiably Secure Systems," '83 Proc. IFIP/Sec. , Key Words: control, Key Words: control. Stockholm, 1983, (2: FAK- passwords. techniques. 83), pp. 81-94.

Key Words: architecture, design.

4-1 BUN-87 CAR-88a COM-84 Bunch, S. Carlton, S.F., J.W. Taylor, Comer, M. (Ed.) "The Setuid Feature in UNIX and J.L. Wyszynski "How Passwords are Cracked," and Security," Proc. 10th "Alternate Authentication Computer Fraud and Security

Natl. Comp. Sec. Conf., (5: Mechanisms," Proc. 11th Natl. Bulletin (U.K.) , November

NCS-87a), 1987, pp. 245- Comp. Sec. Conf. , (5: NCS- 1984, pp. 1-10. 253. 88), 1988, pp. 333-338. Key Words: threats, passwords. Key Words: authentication, Key Words: authentication, methods. techniques. CON-83 Connolly, W. BUR-89 CHA-85 "Bypassing the Passwords," Burk, H., and A. Pfitzmann Chaum, D. Computer Fraud and Security "Digital Payment Systems "Security Without Bulletin, July 1983, pp. 1-7. Enabling Security and Identification: Transaction Unobservability," Computers Systems to Make Big Brother Key Words: threats, passwords.

& Security , August 1989, pp. Obsolete," Communications of

399-416. the ACM , October 1985, pp. COO-84 1030-1044. Cooper, J.A.

Key Words: control, methods. Computer Security Technology , Key Words: general, methods. Lexington Books, Lexington, CAR-83 MA, 1984. Carlsson, A. CHA-86 "The Active Card and its Chang, C.C. Key Words: book, general, Contribution to EDP "On the Design of a Key- methods. Security," Proc. IFIP/Sec. Lock-Pair Mechanism in

_;83, Stockholm, 1983, (2: Information Protection CSC-85 FAK-83), pp. 69-72. Systems," BIT, July 1986, pp. Department of Defense 410-417. Password Management

Key Words: control, Guideline , CSC-STD-002-85, techniques. Key Words: control, National Computer Security techniques. Center, Ft. Meade, MD, 12 CAR-87 April 1985. Carroll, J.M. CLE-87 Computer Security, 2nd Clements, P.C. Key Words: guidelines, Edition, Butterworths, Boston, "Engineering More Secure passwords. 1987. Software Systems," Proc. COMPASS '87: Comp. CSC-88

Key Words: book, general, Assurance , (2: IEE-87), 1987, Trusted Unix Working Group methods, techniques. pp. 79-81. (TRUSIX) Rationale for Selecting Access Control CAR-88 Key Words: architecture, Features for the Unix System, Carroll, J.M., et al. design. NCSC-TG-020-A, National 'The Password Predictor — A Computer Security Center, Ft. Training Aid for Raising COH-88 Meade, MD, 18 August 1988. Security Awareness," Cohen, F. control, Computers & Security , "Designing Prov ably Correct Key Words: October 1988, pp. 475-481. Information Networks with guidelines. Digital Diodes," Computers &

Key Words: authentication, Security , June 1988, pp. 279- CUS-80 passwords, awareness, 286. Gushing, S. techniques. "Software Security and How to Key Words: design, network, Handle It," in Rullo, T.A. hardware. (Ed.), Advances in Computer

Security Management, Vol. 1 , Heyden & Son, Philadelphia, 1980, pp. 79-105.

Key Words: software, guidelines.

4-2 DAV-81 DEH-89 DPC-83 Davida, G.I., and J. Livesey Dehnad, K. "Special Issue on Access "The Design of Secure CPU- "A Simple Way of Improving Control." Data Processing &

Multiplexed Computer the Login Security." Comm. Security . SeptA^cU

Systems: The Master/Slave Computers & Security , 1983, pp. 8-29. Approach," Proc. 1981 IEEE November 1989, pp. 607-611. Symp. on Security & Privacy Key Words: control, methods, (5: IEE-81), pp. 133-139. Key Words: authentication, general. methods. Key Words: design, control, DUC-85 methods. DEN-86 du Croix, A.J. Denning, D.E. "Data Sharing and Access DAV-85 "An Intrusion Detection Protection in Business System 12," Davida, G.I. and B.J. Matt Model," Proc. 1986 IEEE Computers & Security ,

"Crypto-Secure Operating Symp. on Security & Privacy , December 1985, pp. 317-323. Systems," Proceedings, 1985 (5: IEE-86), pp. 118-131. National Computer Key Words: control,

Conference . AFIPS Press, Key Words: auditing, techniques. Reston. VA, 1985. pp. 575- techniques. 581. DUP-86 DES-86 Dupy, M., et al. Key Words: control, OS. Deswarte, Y., et al. "About Software Security with techniques. "A Satuj-ation Network to CP8 Card," Proc. IFIP/Sec. Tolerate Faults and '86, Monte Carlo, 1986, (2: DAV-88 Intrusions," Proceedings, 5th GRI-89). Davida, G.I., and B.J. Matt IEEE Symposium on "UNIX Guardians: Active Reliability in Distributed Key Words: software, User Intervention in Data Software and Database techniques. Protection," Proc. 4th Aerosp. Systems, January 1986, pp.

Comp. Sec. Conf. , (4: lEE- 74-81. DUV-88 88b). 1988, pp. 199-204. Duval, S., et al. Key Words: architecture, "Use of Fingerprints as Key Words: control, design. Identity Verification," Proc. techniques. IFIP/Sec. '88. Australia, 1989, DOB-86 (2: CAE-89), pp. 479-481. DEB-85 Dobson, J.E., and B. Randell de Bruyne, P. "Building ReUable Secure Key Words: authentication, "Signature Verification Using Computing Systems out of methods. Holistic Measures," Unreliable, Insecure

Computers & Security , Components," Proc. 1986 ELO-83 December 1985, pp. 309-315. IEEE Symp. on Sec. & Eloff, J.H.P.

Privacy . (5: IEE-86), pp. 187- "Selection Process for Security Key Words: authentication, 193 Packages," Computers &

methods, techniques. Security , November 1983, p. Key Words: architecture, 256. DEC-89 design. software, Security for VAX Systems , Key Words: Digital Equipment DOW-84 guidelines. Corporation, Maynard, MA, Downs. D.D. 1989. "Operating Systems Key Security with Basic Software

Key Words: book, control, Mechanisms." Electronics , general. March 8. 1984, pp. 122-127.

Key Words: OS, techniques.

4-3 ELS -88 FAR-86 ns-88 Ekbury, J. Farrow, R. Fish, T. "Personal Authentication "Security for Superusers, Or "A Model for Mainframe Devices: Data Security How to Break the UNIX Access Control Software

Applications," Proc. IFIP/Sec. System," UNIX/Worid. May Selection," EDPACS . May •88 (2: 65-70. . AustraUa, 1989. 1986, pp. 1988, pp. 1-5. CAE-89), pp. 471-478. Key Words: OS, Key Words: control, model, Key Words: authentication, vulnerabilities. methods. methods, techniques. FAY-86 FIT-88 ENG-87 Fray, J.-M., and J.-C. Fraga Fitzgerald, K. Engelman. P.D. "Fragmented Data Processing: "Choosing a Logical Access "The Application of 'Orange An Approach to Secure and Control Strategy," Proc. Standards to Reliable Processing '88 Book' Secure a in MP/Sec. . AustraUa, 1989, Telephone Switching Distributed Computing (2: CAE-89), 1988, pp. 235- System." Proc. 10th Natl. Systems," Preprints, 244.

Comp. Sec. Conf. . (5: NCS- International Working 87a), 1987. pp. 282-287. Conference on Dependable Key Words: control, Computing for Critical guidelines.

Key Words: control, AppUcations , Santa Barbara, techniques. CA, August 1989, pp. 131- FRA-86 137. Fray, J.M., Y. Deswarte, and EST-89 D. Powell Estrin, D., and G. Tsudik Key Words: architecture, "Intrusion-Tolerance Using "Security Issues in Policy design. Fine-Grain Fragmentation Routing," Proc. 1989 IEEE Scattering," Proc. 1986 IEEE

Sec. Privacy . (5: Symp. on & FEI-86 Symp. on Sec. & Privacy , (5: IEE-89b). pp. 183-193. Feinstein, H. IEE-86), pp. 194-201. "Security in Unclassified Key Words: control, Sensitive Computer Systems," Key Words: architecture, requirements. Proc. 9th Natl. Comp. Sec. design.

Conf. , (5: NCS-86), 1986, pp. EVA-83 81-90. FRI-88 "Evaluating Security Friedman, M. Software," Assets Protection, Key Words: control, "Access-Control Software, July/August 1983, pp. 9-13. techniques. Information Age, (U.K.), July 1988, pp. 157-161. Key Words: guidelines, FIL-86 software. Filipski, A., and J. Hanko Key Words: control, software.

"Making UNIX Secure," Byte , FAK-84 April 1986, pp. 113-128. FUG-88 Fak, V. Fugini, M., and R. Zicari "Characteristics of Good Key Words: control, OS, "Authorization and Access One-Way Encryption design. Control in the Office-Net '88 Functions for Passwords — Systems," Proc. IFIP/Sec. , Some Rules for Creators and ns-84 AustraUa, 1989, (2: CAE-89), Evaluators," Proc. IFIP/Sec. Fisher, R.P. pp. 147-162.

:84, Toronto, 1984, (2: FIN- Information Systems Security , 85), pp. 189-191. Prentice-Hall, New York, Key Words: control, 1984. techniques. Key Words: passwords, techniques. Key Words: book, general, GON-89 methods, techniques. Gong, L. "A Secure Identity-Based Capability System," Proc. 1989 IEEE Symp. on Sec. &

Privacy . (5: IEE-89b), pp. 56- 63.

Key Words: architecture, capabiUty.

4-4 GON-89a HAG-86 HEN-87 Gong, L. Hagopian. G. Henning, R.R., and "On Security of Capability- "Planning and Implementing a S. A. Walker Based Systems', ACM Security Package, Part I." "Data Integrity vs. Data

Operating Systems Review , Computer Security Products Security: A Workable April 1989, pp. 56-60. Report. Winter 1986, pp. 18- Compromise." Proc. 10th Natl. 22. Comp. Sec. Conf. , (5: NCS- Key Words: control, 87a), 1987, pp. 334-339. capability. Key Words: control, software, design. Key Words: control, integrity, GRA-84 design. Grampp, F.T., and HAG-86a R.H. Morris Hagopian. G. HEN-87a "UNIX Operating System "Planning and Implementing a Henderson, S.C. Security," Bell System Security Package. Part 11." "A Comparison of Data Access

Technical Journal . August Computer Security Products Control Packages: Part I,"

1984. pp. 1651-1971. Report, Spring 1986, pp. 18- Computer Security Journal , 20. Vol. IV, No. 2, 1987, pp. 75- Key Words: control. OS. 111. design. Key Words: control, software, design. Key Words: control, software. GRA-89 Graubart, R. HAS -84 HEN-88 "On the Need for a Third Haskett. J.A. Henderson, S.C. Form of Access Control," "Pass-Algorithms: A User "A Comparison of Data Access Proc. 12th Natl. Comp. Sec. Vahdation Scheme Based on Control Packages: Part n,"

Conf. , (5: NCS-89). 1989. Knowledge of Secret Computer Security Journal .

pp. 296-303. Algorithms." Communications Vol. V, No. 1. 1988, pp. 67-

of the ACM . August 1984. 104. Key Words: control, pp. 777-781. requirements. Key Words: control, software. Key Words: control, GRE-81 techniques. HER-89 Green. G.. and R.G. Farber Herlihy, M.P.. and J.D. Tygar Introduction to Security HAY-88 "Implementing Distributed

Principles & Practices , Haykin, M.E.. and Capabilities Without a Trusted Security World Publishing, R.B.J. Warner Kernel." International Working Los Angeles, CA. 1981. Technology: New Conf on Dependable Comp.

Methods for Computer Access for Critical Applic , Santa

Key Words: book, general, Control , SP 500-157, National Barbara, CA, Aug. 1989, pp. methods, techniques. Institute of Standards and 113-120. Technology, Gaithersburg, GRO-84 MD, 1988. Key Words: OS, capabilities, Grossman, G. design. "Gould Software Division's Key Words: control, methods. Security Program," Proc. 7th HIG-85 Seminar, E)oD Comp. Sec. HEB-80 Highland, H.J.

Progr. , (5: DOD-84), 1984. Hebbard, B., et al. "Microcomputer Security: Data pp. 180-187. "A Penetration of the Protection Techniques."

Michigan Terminal System," Computers & Security , June Key Words: control, ACM Operating Systems 1985, pp. 123-134. 7- techniques. Review , January 1980, pp. 20. Key Words: control, PC, GUY-85 general. Guynes. S. Key Words: vulnerabilities, "Security of Computer OS. Software," Security Audit &

Control Review . Winter 1985. pp. 31-35.

Key Words: control, software, design.

4-5 fflG-86 IBM-83 JOH-83 Highland. H.J. System Security Guide, IBM Johnston, R.E.

"How to Modify a System 36 , FSC 219042, IBM "Comparison of Access Microcomputer Operating Corporation, White Plains, Control Software Packages,"

System for Added Security," NY, 1983. Computer Security Journal ,

Computers & Security , Fall/Winter, 1983, pp. 19-58. December 1986, pp. 340-343. Key Words: control, guidelines. Key Words: control, software. Key Words: OS, PC, guidelines. IBM-88 JOH-83a AS/400 Programming: Johnston, R.E. HIG-88 Security Concepts and "Security Software Packages

Highland, H.J. Planning . SC2 1-8083, IBM for CICS," Computer Security

"Program Aids for Office Corporation. White Plains, Journal , Spring 1983, pp. 19- Automation Security," NY, June 1988. 41.

Computers & Security , February 1988, pp. 37-43. Key Words: control, Key Words: control, software. guidelines. Key Words: control, JOH-83b software. ISR-83 Johnston, R.E. Israel, J.E. and T.A. Linden "Comparison of Access HOG-88 "Authentication in Office Control Software for IBM Hogan, C.B. System Internetworks," ACM Operating Systems: ACF2, "Protection Imperfect: The Trans, on Office Infor. Syst., RACE, SAC, SECURE, TOP Security of Some Computing July 1983, pp. 192-210. SECRET," Computer Security Environments," ACM Journal . FallAVinter 1983, pp.

Operating Systems Review , Key Words: 19-58. July 1988. JOB -89 Key Words: control, software. Key Words: control, general, Jobush, D.L., and design. A.E. Oldenhoeft JOH-89 "A Survey of Password Johnson, H.L., and C. Arvin HOS-88 Mechanisms: Weaknesses and "Security for Embedded Hosmer, H.H. and Potential Improvements, Part Tactical Systems," Proc. 12th " M. Merriman 1, Computers & Security , Natl. Comp. Sec. Conf. . (5: "Using CASE Tools to November 1989, pp. 587-604. NCS-89). 1989. pp. 339-348. Improve the Security of Application Systems," Proc. Key Words: control, Key Words: control, 4th Aerosp. Comp. Sec. passwords. requirements.

Conf. , (4: IEE-88b), 1988, pp. 205-208. JOB-89a JON-80 Jobush, D.L., and Jonekait, J. Key Words: control, A.E. Oldenhoeft "Gnosis: A Secure Capability techniques, methods, design. "A Survey of Password Based 370 Operating System." Mechanisms: Weaknesses and Proc. 3d Seminar, DoD Comp.

HOV-83 Potential Improvements. Part Sec. Progr. , (5: DOD-80a), " Hovig, P.L. 2, Computers & Security . 1980, pp. G1-G16. 'To Install an Access Control December 1989, pp. 675-689. System: Activities and Key Words: control, OS, Checklists," Proc. IFIP/Sec. Key Words: control, capabiHty. ;83, Stockhohn, 1983, (2: passwords. FAK-83), pp. 57-67. JON-86 JOH-81 Jones, R.W. Key Words: control, Johnston, R.E. "The Design of Distributed guidelines. "Security Software Packages," Secure Logical Machines," ICL

Computer Security Journal , Technical Journal (UK) , Spring 1981, pp. 15-38. November 1986, pp. 291-308.

Key Words: control, software. Key Words: control, design, network.

4-6 JON-89 KAI-86 KIE-88 Jones, R.W. Kain, R.Y., and Kielsky, M. "Security Classes and Access C.E. Landwehr "Security and Access Control Rights in a Distributed "On Access Checking in Features of the VAXA'MS System," Report, Invitat. Capability-Based Systems," Operating System," Information

Workshop on Data Integrity , Proc. 1986 IEEE Symp. on Age (U.K.) . October 1988, pp.

NIST, (4: RUT-89), 1989, Sec. & Privacy, (5: IEE-86), 203-210. pp. A.6.1-27. pp. 95-101 Key Words: control, OS, Key Words: control, network, Key Words: control, methods. design. c^abiUty. KNO-87 JOS-89 KAI-87 Knowles, F., and S. Bunch Joseph, M.K. Kain. R.Y., and "A Least Privilege Mechanism "Integration Problems in C.E. Landwehr for Unix," Proc. 10th Natl.

Fault-Tolerant Secure "On Access Checking in Comp. Sec. Conf. . (5: NCS- Computer Design," Preprints, Capability-Based Systems," 87a). 1987. pp. 257-262. International Working IEEE Trans, on Software

Conference on Dependable Engr. , February 1987, pp. Key Words: control, technique. Computing for Critical 202-207.

Applications , Santa Barbara, KNO-88 CA, Aug. 1989, pp. 141-147. Key Words: Knox. M.J.. and E.D. Bowden "Unix System Security Issues."

Key Words: architecture, KAR-88 Information Age (U.K.) , April design. Karger, P.A. 1988, pp. 67-72. "Implementing Commercial JUE-88 Data Integrity with Secure Key Words: OS, techniques, Juenemann, R.R. Capabilities," Proc. 1988 methods. "Integrity Controls for IEEE Symp. on Sec. &

Military and Commercial Privacy , (5: IEE-88a), pp. KOE-84 Applications," Proc. 4th 130-139. Koehring, J.

Aerosp. Comp. Sec. Conf. , "Automatic Identity integrity, (4: IEE-88b), 1988, pp. 298- Key Words: Verification," Information Age , 322. capability. (UK), April 1984, pp. 103-110.

Key Words: control, integrity. KAR-88a Key Words: authentication, Karren, D.T. methods. JUE-89 'Typical System Access Jueneman, R.R. Control Problems and KON-81 "Integrity Controls for Solutions," Information Age Konigsford, w.L.

Military and Commercial (U.K.) , January 1988, pp. 23- "Developing Standards for AppUcations, 11," Report, 32. Operating System Security,"

Invitat. Workshop on Data Computer Security Journal ,

Integrity , NIST, (4: RUT-89), Key Words: control, Spring 1981, pp. 45-60. 1989, pp. A.5.1-61. techniques. Key Words: control, OS, Key Words: control, integrity. KAR-89 methods. Karger, P.A. KAH-88 "New Methods for Immediate KRA-88 Kahane, Y., S.Neumann, and Revocation," Proc. 1989 IEEE Krayem, R.

C.S. Tapiero Symp. on Sec. & Privacy , (5: "Smart Cards: A New Tool for "Computer Backup Pools, IEE-89b), pp. 48-55. Identification and Access

Disaster Recovery, and Protection," Information Age . Default Risks," Key Words: capability, (U.K.). April 1988. pp. 85-88. Communications of the methods. control, ACM , January 1988, pp. 78- Key Words: 83. techniques, authentication.

Key Words: contingency, risks.

4-7 KUR-85 LAN-89 LEG-88

Kurth, H. Landau, C.R. Legge, J. "Paper Output Labeling in a "Security in a Secure "Rendering a Commercial Dedicated System Running Capability-Based System," Operating System Security." Proc. 8th Natl. '88 Under MVS." ACM Operating Systems Proc. MP/Sec. . Australia, 2- Comp. Sec. Conf. , (5: NCS- Review , October 1988, pp. 1989, (2: CAE-89), pp. 273- 85). 1985. pp. 86-90. 4. 289.

Key Words: techniques, Key Words: control, Key Words: control, OS, methods. c^abiUty, techniques. methods.

KUR-85a LAR-86 LEV-83 Kurzban, S.A. Larson. J.A. Leveson, N.G., and "Easily Remembered "Granting and Revoking P.R. Harvey Passphrases — A Better Discretionary Authority." "Analyzing Software Safety," Approach," ACM Sec., Audit Information Systems (U.K.). IEEE Trans, on Software

, Fall- & Control Review Vol. 13. No. 1. 1988. Engr. . September. 1983, pp. Winter 1985. pp. 10-21. 569-579. Key Words: control, Key Words: control, discretionary, methods, Key Words: software, safety. passwords. techniques. LIP-82 KUR-89 LEE-84 Lipner, S.B. Kurzban, S. Lee, T.M.P. 'Tlondiscretionary Controls for 'Toward a Model for "Future Directions of Security Commercial Applications," Commercial Access Control," for Sperry Series 1100 Proc. 1982 IEEE Symp. on

Report, Invitat. Workshop on Computers," Proc. 7th Sec. & Privacy , (5: IEE-82),

. 2-10. Data Integrity , NIST, (4: Seminar, DoD Comp. Sec pp.

RUT-89), 1989. pp. A.9.1-6. Progr. , (5: DOD-84), 1984, pp. 161-168. Key Words: controls, methods, Key Words: control, models. techniques. Key Words: control, design, LAI-89 methods. LIP-85 Laih. C.S., L. Ham. and Lipner, S.B. J.Y. Lee LEE-88 "Secure System Development "On the Design of a Single- Lee, T.M.P. at E)igital Equipment: Key-Lock Mechanism Based "Using Mandatory Integrity to Targetting the Needs of a on Newton's Interpolating Enforce 'Commercial' Commercial and Government Polynomial," IEEE Trans, on Security," Proc. 1988 IEEE Customer Base," Proc. 9th Natl. Sec. Software Engr. , September Symp. on Sec. & Privacy , (5: Comp. Conf. , (5: 1989. pp. 1135-1137. IEE-88a), pp. 140-146. NCS-85), 1985, pp. 120-123.

Key Words: control, Key Words: control, integrity, Key Words: developemnt, techniques. methods. description.

LAM-81 LEG-83 LIP-85a Lamport, L. Legrand, S. Lipton, D.L. and H.K.T. Wong "Passwords Authentication "Access Control for a Safety "Modem Trends in With Insecure Critical Distributed System Authentication," ACM Security

Communication." Interface Set," AL^ No. 87- Audit & Control Review , Communications of the 3083, Proc. 3d Aerosp. Comp. Winter 1985, pp. 35-42.

ACM. November 1981. pp. Sec. Conf. . (5: IEE-87b). 770-772. 1987. pp. 108-113. Key Words: authentication, general. Key Words: authentication, Key Words: control, methods, passwords, network. techniques.

4-8 LIP-86 MEN-88 MON-84 Lipton, D.L. Menkus, B. Montini, G., and F. Sirovich "Logical Authentication "Understanding the Use of "Access Control Models and Study," ACM Sec., Audit & Passwords," Computers & Office Structures," Proc. '84 Control Review , Spring 1986, Security . April 1988, pp. 132- mP/Sec. . Toronto, 1984, pp. 9-20. 136. (2: FIN-85), pp. 473-485.

Key Words: authentication, Key Words: awareness, Key Words: control, models. methods. passwords. MOR-86 LOP-84 MEN-88a Morshedian, D. Lopriore, L. Menkus, B. "How to Fight Passwords "Capability Based Tagged "Understanding Password Pirates and Win," IEEE Trans, Architectures," IEEE Compromise," Computers & Computer , January 1986, pp.

on Computers , September Security , December 1988, pp. 104-105. 1984, pp. 786-803. 549-552. Key Words: control, Key Words: architecture, Key Words: awareness, passwords. capability. passwords. MUR-84 LUK-84 MIL-89 Murray, W.H. Luke, L.R. MiUer, D.V., and "Security Considerations for "Password Security Systems," R.W. Baldwin Personal Computers," IBM

EDPACS , October 1984, pp. "Access Control by Boolean Systems Journal , No. 3, 1984, 1-6. Expression Evaluation," Proc. pp. 297-304.

5th Security Applic. Conf. , (4: Key Words: control, IEE-89c), 1989. pp. 131-139. Key Words: control, PC, passwords. methods. Key Words: control, LUN-89 techniques. NBS-85

Lunt, T.F. Password Usage . FIPS-PUB "Access Control Policies: MIN-84 112, National Bureau of Some Unanswered Minsky. N.H. Standards, Gaithersburg, MD, Questions," Computers & "Selective and Locally May 1985.

Security , February 1989, pp. Controlled Transport of 43-54. Privileges." ACM Trans, on Key Words: passwords, Programming Languages and guidelines, techniques,

Key Words: control, policy. Systems . October 1984. management.

MAR-87 Key Words: control, NBS-85a Maria, A. techniques. Standard on Computer Data

"RACE Implementation at Authentication , FIPS-PUB 113. Pudget Power," Proc. 10th MOF-88 National Bureau of Standards,

Nad. Comp. Sec. Conf. , (5: Moffett, J.D. and Gaithersburg. MD. May 1985. NCS-87a), 1987, pp. 91-97. M.S. Sloman "The Source of Authority for Key Words: authentication, Key Words: control, Commercial Access Control," methods, guidelines,

software, IEEE Computer , February techniques. 1988, pp. 59-69. MAR-88 NES-83 Martin. D.F., and J.V. Cook Key Words: control, Nessett, D.M. "Adding ADA Program management. "Security Mechaiusms in Verification Capability to the LINCS," Proc. 6th Seminar,

State Delta Verification MOL-84 DoD Comp. Sec. Progr. , (5: System (SDVS)," Proc. 11th Molloy, C. DOD-83a), 1983, pp. 60-64.

Nati. Comp. Sec. Conf. , (5: "Improving Security Controls NCS-88). 1988, pp. 139-146. within CICS." TeleSystems Key Words: control,

Journal . March/April 1984, description. Key Words: verification, pp. 3-11. methods. Key Words: control, methods.

4-9 NEW-86 PAA-86 POZ-89 Newsome, R.M. Paans, R. P0ZZ0.M.. and S. Crocker "Access Controls Within an A Close Look at MVS "Work-in Progress: IBM System/34 Systems: Mechanisms, Transformation Procedure (TP)

Environment," EDPACS , Performance and Security , Certification." Report. Invitat.

December 1986, pp. 1-6. North-Holland Elsevier, New Workshop on Data Integrity . York, 1986. NIST. (4: RUT-89). 1989, pp. Key Words: control, A.8.1-15. description. Key Words: book, control, methods. Key Wprds: certification, NEW-88 methods. Newberry, M., and J. Seberry PAA-86a "Experience in Using a Type Paans. R. RAB-89 Signature Password for User "Performance Aspects of MVS Rabin, M.O. Authentication in a Heavily Access Control," Proc. "Efficient Dispersal of '86 Used Computing IFIP/Sec. . Monte Carlo, Information for Security, Load Environment," Proc. IMF/Sec. 1986. (2: GRI-89). Balancing, and Fault '88 . Australia, (2: CAE-89). Tolerance," Journal of the

1989, pp. 303-307. Key Words: control, ACM , AprU 1989. pp. 335- description. 348. Key Words: control, passwords. PAA-86b Key Words: control, design, Paans, R.. and I.S. Herschberg methods. OPA-86 "How to Control MVS User Opaska, W.P. Supervisor Calls." Computers RAJ-82

"Access Control Systems for & Security , March 1986, pp. Rajunas, S.A. Personal Computers," 46-54. "Meeting Policy Requirements

EDPACS , August 1986, pp. Using Object-Oriented 6-8. Key Words: control, Systems," Proc. 5th Seminar,

description. DoD Comp. Sec. Progr. . (5: Key Words: control, PC, DOD-82), 1982. pp. 227-232. methods. POS-87 Post, G.V. Key Words: requirements, OPA-86a "Improving Operating System policy. Opaska, W.P. Security." Computers &

"Closing the VAX Default Security . October 1987. pp. RAL-88 Password ''," 417-425. Raleigh, T.. and

EDPACS , September 1986, R. Underwood pp. 6-9. Key Words: control, OS, "CRACK; A Distributed methods. Password Adviser," Key Words: control, Proceedings. USENIX UNIX

passwords, vulnerabilities. POW-87 Security Workshop , August Power, J.M., and S.R. White 1988. PAA-83 "Authentication in a Paans, R., and G. Bonnes Heterogenous Environment," Key Words: control,

"Surreptitious Security Computers & Security , passwords. Violation in the MVS February 1987, pp. 41-48. Operating System," RAN-86

Computers & Security . June Key Words: authentication, Randell. B.. and J.E. Dobson 1983. pp. 144-152. methods. "Reliability and Security Issues in Distributed Computing Key Words: threats, OS, POZ-86 Systems," Proceedings, 5th methods. Pozzo. M.M.. and T.E. Gray IEEE Symposium on "Managing Exposure to Reliability in Distributed Potentially Malicious Software and Database

Programs," Proc. 9th Natl. Systems , January 1986, pp.

Comp. Sec. Conf. . (5: NCS- 113-118. 86). 1986, pp. 75-80. Key Words: control, design, Key Words: threats, methods. management.

4-10 REE-84 RUT-89 SAT-88 Reeds, J., and P. Weinburger Ruthberg, Z.G., and Satyanarayanan, M. "File Security and the UNIX W.T. Polk "Integrating Security in a System Crypt Command," Report of the Invitational Large Distributed System,"

AT&T Bell Lab. Technical Workshop on Data Integrity , Postscript, 11th Nad. Comp.

Journal . October 1984, pp. SP 500-168, National Institute Sec. Conf. , (5: NCS-88a), 1673-1684. of Standards and Technology, 1988, pp. 91-108. Gaithersburg, MD, Sept. 1989. Key Words: control, Key Words: control, design, techniques. Key Words: proceedings, network. integrity. REI-86 SCH-83 Reid, B. SAN-88 Schweitzer, J.A. "Lessons from the UNIX Sandhu, R. "Computer Security: Make Breakin at Stanford," ACM 'Transaction Control Your Passwords More

Software Engineering Notes, Expressions for Separation of Effective," EDPACS , February October 1986, pp. 29-35. Duties," Proc. 4th Aerosp. 1983. pp. 6-11.

Comp. Sec. Conf. . (4: lEE- Key Words: OS. 88b). 1988. pp. 282-286. Key Words: control, vulnerabilities. passwords, methods. Key Words: integrity, REI-88 techniques. SCH-88 Reisinger. DA. Schokley. W.R. "Access Control Methods of SAN-88a "Implementing the VAXA'MA." Information Sandhu, R.S. Clark/Wilson Integrity Policy

Age. (U.K.). July 1988. pp. "The N-Tree: A Two Using Current Technology." 162-168. Dimensional Partial Order for Postscript, 11th Nad. Comp.

Protection." ACM Trans, on Sec. Conf. . (5: NCS-88a).

Key Words: control, Computer Systems . May 1988. 1988, pp. 29-37. descriptions. pp. 197-222. Key Words: intgerity, policy, RID-89 Key Words: control, methods. methods. Riddle. B.L.. M.S. Miron, and J.A. Semo SAN-88b SHA-87 "Passwords in Use in a Sandhu, R.S. Shannon, T.C. University Timesharing "Nested Categories for Access "An Introduction to VAX/VMS Environment," Computers & Control," Computers & Security Mechanisms and

Security, November 1989, pp. Security , December 1988, pp. Techniques," Computer

569-579. 599-605. Security Journal , Vol. IV, No. 2, 1987, pp. 39-47. Key Words: control, Key Words: control, methods. passwords. Key Words: control, SAN-89 description. ROW-87 Sandhu, R. Rowe, K.E., and 'Terminology, Criteria and SHE-89 CO. Ferguson, Jr. System Architectures for Data Sherizen, S., and F. Engel "ADA Technology/Compusec Integrity," Report, Invitat. "Striving for Unix Security,"

Insertion Status Report," Workshop on Data Integrity , Computerworld, March 20, Proc. 10th Nad. Comp. Sec. NIST, (4: RUT-89). 1989, pp. 1989, pp. 85-93.

Conf. . (5: NCS-87a). 1987, A.4.1-14. pp. 357-360. Key Words: control, Key Words: control, general, description. Key Words: control, methods, guidelines. requirements.

4-11 SIM-81 STO-89 TEN-88 Simmons, GJ. Stotts, P.S., and R. Furuta Tener, W. "Half a Loaf Is Better than "Access Control and "AI and 4GL: Automated None: Some Novel Integrity Verification in Petri-Net-Based Detection and Investigation Problems," Proc. 1981 IEEE Hyperdocuments," Proc. Tools," Proc. IFIP/Sec. '88. Sec. Privacy '89: Symp. on & , (5: COMPASS Comp. Australia, 1989, (2: CAE-89), 65-69. IEE-81), pp. Assurance, (2: IEE-89), 1989, pp. 23-29. pp. 49-55. Key Words: integrity, design, Key Words: methods, methods, requirements. Key Words: control, techniques. verification, methods. SIN-85 THO-82 Singh. K. SUM-84 Thom, A.B. "On Improvements to Summers, R.C. "Hardware Security," Computer Security," Password ACM "An Overview of ComjHiter Security Journal , WintCT 1982,

Operating Systems Review , Security," IBM Systems pp. 105-107. January 1985, pp. 53-60. Journal, Vol. 23, No. 4, 1984, pp. 309-325. Key Words: control, methods, Key Words: control, architecture. passwords. Key Words: control, awareness, general. THO-88 SMI-87 Thomas, T. Smith, S.L. SYM-84 "A "Authenticating Users by Symons, C.R., and Mechanism for the UNIX File Word Association," JA. Schweitzer System," Proc. 4th Aerosp.

Computers & Security , "A Proposal for an Automated Comp. Sec. Conf. . (4: EEE- December 1987, pp. 464-470. Logical Access Control 88b), 1988, pp. 173-177. Standard," Proc. IFIP/Sec. '84. Key Words: authentication, Toronto, 1984, (2: FIN-85), Key Words: control, methods. pp. 115-127. mandatory, description.

SOL-88 Key Words: control, TUR-86

Sollins, K.R. guidelines. Turn, R., and J. Habibi "Cascaded Authentication," "On the Interactions of Proc. 1988 IEEE Symp. on TAN-82 Security and Fault-Tolerance," Sec. & Privacy, (5: IEE-88a). Tangney, J.D., and Proc. 9th Nad. Comp. Sec. P.S. pp. 156-163. Tasker Conf. . (5: NCS-86). 1986. pp. "Safeguarding Today's 138-142. Key Words: authentication, Interactive Computer methods. Systems," Computer Security Key Words: control, design,

Journal . Winter 1982, pp. 57- methods. SPE-87 70. Spender, J.-C. USA-80 "Identifying Computer Users Key Words: control, Proceedings. Third Automation

with Authentication Devices techniques. Security Workshop . U.S. Army (Tokens)," Computers & Computer Systems Command,

Security , October 1987, pp. TEN-87 December 1989. 385-395. Tensa, D. 'Typical Weaknesses in Key Words: proceedings, Key Words: authentication, Operating Systems Software," control.

methods. Information Age , (U.K.), April 1987, pp. 74-78. VAC-89 STE-83 Vaccaro, H.S., and Steinauer, D.D. Key Words: OS, G.E. Liepins 'Technical Security Issues in vulnerabilities. "Detection of Anomalous Small Computer Systems," Computer Session Activity," Proceedings, 1983 Proc. 1989 IEEE Symp. on

CQMPCQN Fall, September Sec. & Privacy. (5: IEE-89b), 1983. pp. 289-289.

Key Words: control, PC, Key Words: control, methods. techniques.

4-12 VAN-83 WAG-88 WIL-81 Van de Riet, R.R., and Wagner, D.A. Wilkinson, A.L., et al. M.L. Kersten "System Security in Space "Penetration, Analysis of the "Privacy and Security in Flight Operations Center," Burroughs Large Systems," Information Systems Using Proc. 4th Aerosp. Comp. Sec. ACM Operating Systems

Language Features," Conf. . (4: IEE-88b), 1988, pp. Review , January 1981, pp. 14-

Information Systems , (U.K.), 426-430. 25. Vol. 8, No. 2. 1983, pp. 95- 103. Key Words: control, Key Words: vulnerabiUties, description. threats, description. Key Words: control, methods. WAL-81 WON-85 VAN-84 Walsh, M.E. Wong, R. Van de Goor, A.J. "Software Security," Journal "One-Time Passwords Fortify "Effects of Technical of Systems Management, System Security," Developments on System October 1981, pp. 6-13. Computerworld, December 23, Security," Computers & 1985, pp. 31-32.

Security , November 1984, pp. Key Words: control, software. 315-322. Key Words: control, WAT-81 passwords. Key Words: control, design, Wattam, K.W. methods. "Virtual Machine Enviromnent WON-89 — Security Aspects," Wong, R.M. and Y.E. Ding

VAS-83 Information Privacy , (U.K.), "Providing Software Integrity Vasak, J.M. March 1981, pp. 68-74. Using Type Managers," Proc.

"Issues in Secure System 4th Aerosp. Comp. Sec. Conf. . Acquisition," AIAA No. 87- Key Words: control, (4: IEE-88b), 1988, pp. 287- 3089, Proc. 3d Aerosp. architecture. 298.

Comp. Sec. Conf. , (5: lEE- 87b), 1987, pp. 114-117. WEI-88 Key Words: integrity, software, Weiss, J.D., and techniques, methods. Key Words: control, design, E.G. Amoroso methods. "Ensuring Software Integrity," WOO-80 Proc. 4th Aerosp. Comp. Sec. Wood. H.M.

VET-80 Conf. . (4: IEE-88b), 1988, pp. "A Survey of Computer-Based Vetter, L.L. 323-330. Password Techniques." in "Computer Access Control RuUo. T.A.. (Ed.). Advances in

Software," EDPACS , Key Words: integrity, Computer Security

February 1980, pp. 1-12. software, Management , Vol. 1, Heyden & Son, Inc. Philadelphia, PA, Key Words: control, WEL-84 1980, pp. 140-167. software. WeUs, P. "On-Chip Hardware Supports Key Words: control, VIN- Computer Security Features," passwords, general.

Vinter, S.T. Electronics , March 8, 1984, "Extended Discretionary pp. 128-130. WOO-83 Access Controls," Proc. 1988 Wood, C.C. IEEE Symp. on Sec. & Key Words: control, "Effective Information Systems Security With Password Privacy , (5: IEE-88a), pp. 39- architecture. 49. Controls," Computers & 5- WEL-88 Security , January 1983, pp. Key Words: control, WeUs, C. 10. discretionary. "A Note on 'Protection Imperfect'," ACM Operating Key Words: control passwords.

Systems Review , October 1988.

Key Words: control, methods.

4-13 WOO-84 WOO-87 WUM-84 Wood. M., and T. Elbra Woodcock, M.E. Wu, M.L., and T.Y. Hwang System Design for Data "The Use of ADA in Secure "Access Control with Single

Protection , National and Reliable Software," Proc. Key-Lock," IEEE Trans, on

J. Computer Centre (UK), 10th Natl. Comp. Sec. Conf. , Software Engr. , May 1984, pp. Wiley & Sons, Chichester, (5: NCS-87a), 1987, pp. 362- 185-191. 1984. 365. Key Words: control, technique. Key Words: book, general, Key Words: control, software, control, design, methods. methods. YEO-85 Yeo. O.K. WOO-85 WOO-88 "Incorporating Access Control Wood, C.C. Wood, C.C. in Forms Systems," Computers

"Floppy Diskette Security "Extended User & Security , June 1985, pp. Measures," Computers & Authentication: The Next 109-122.

Security , September 1985, pp. Major Enhancement to Access 223-228. Packages," Proc. IFIP/Sec. Key Words: control, methods. '88 , Austraha, (2: CAE-89), Key Words: control, PC, 1989, pp. 223-234. ZAJ-88 methods. Zajac, B.P., Jr. Key Words: authentication, "Dial-Up Communication WOO-85a methods. Lines: Can They Be Secured,"

Wood, P.H., and S.G. Computers & Security , Kochan WOR-85 February 1988, pp. 35-36.

UNDC System Security , Worthington, T.K., et al. Hayden Publishing Co., "IBM Dynamic Signature Key Words: control, network. Hasbrouck Heights, NJ, 1985. Verification," Proc. IFIP/Sec. 284, Toronto, 1984, (2: FIN- Key Words: book, control, 85), pp. 129-154. methods, description. Key Words: authentication, WOO-86 methods. Wood, C.C, and H.M. Zeidler "Security Modules: Potent Information Security System Components," Computers &

Security , June 1986, pp. 114- 121.

Key Words: control, techniques.

4-14 5. Trusted Systems

This section cites publications on trusted operating systems and trusted systems architecture research and development, formal evaluation criteria, implementation of the reference monitor concept, design of trusted operating systems, descriptions of specific systems, correcmess proof methods and techniques for trusted systems, and certification criteria.

ABR-86 AME-81 AND-85 Abrams, M.D., Ames, S.R., Jr. Anderson, E.R. H.J. PodeU (Eds.). "Security Kemels: A Solution "ADA'S Suitability for Trusted Computer and Network or a Problem," Proc. 1981 Computer Systems," Proc.

Security Tutorial , IEEE IEEE Symp. on Sec. & 1985 IEEE Symp. on Sec. &

Computer Society Press, Privacy. (5: IEE-81), pp. 141- Privacy , (5: IEE-85), pp. 184- Washington, DC. 1986. 150. 189.

Key Words: book, general, Key Words: kemels, general, Key Words: trusted, methods. methods. requirements.

AKL-82 AME-83 ARN-84 Akl, S.G., and P.D. Taylor Ames, S.R. Jr., M. Gasser, Arnold, T.S. "Cryptographic Solution to a and R.R. Schell "The Practical Aspects of Multilevel Security Problem," "Security Kernel Design and Multi-level Security," Proc. 7th

Proc. Crypto '82, Santa Implementation: An Seminar, DoD Comp. Sec .

Barbara, (9: CHA-83b), 1982, Introduction," IEEE Computer, Progr. . (5: DOD-84), 1984, pp. pp. 237-249. July 1983, pp. 14-22. 30-37.

Key Words: MLS, Key Words: kernel, design, Key Words: MLS, design, cryptography. general. methods.

ALB-87 AND-82 ARN-85 Albert, S.B. Anderson, J.P. Arnold, T.S. "Criteria Extension for "Accelerating Computer "Multilevel Security from a Distributed Systems," AIAA Security Innovations," Proc. Practical Point of View," Proc.

No. 87-3095. Proc. 3d 1982 IEEE Symp. on Sec. & 8th Natl. Comp. Sec. Conf. , 91- 43-46. Aerosp. Comp. Sec. Conf. , Privacy , (5: IEE-82), pp. (5: NCS-85), 1985, pp. (5: IEE-87b), 1987, pp. 122- 97. 127. Key Words: MLS, design, Key Words: trusted, methods, methods. Key Words: criteria, general. networks. ASH-89 AND-83 Asby, V.A., T. Gregg, AME-80 Anderson, J.P. and A. Lee Ames, S.R., and "An Approach to "Security Approach for Rapid J.G. Keeton-Williams Identification of Minimum Prototyping in Mutlilevel "Demonstrating Security for TCB requirements for Various Secure Systems," Proc. 5th

Trusted Applications on a Threat/Risk Environments," Security Applicat. Conf. , (4: Security Kernel," Proc. 1980 Proc. 1983 IEEE Symp. on IEE-89c), 1989, pp. 328-334.

IEEE Symp. on Sec. & Sec. & Privacy , (5: IEE-83a), design, Privacy , (5: IEE-80), 145- pp. 102-104. Key Words: MLS, 156. methods. Key Words: TCB, Key Words: tusted, kernel, requirements, risk. methods.

5-1 BAR-84 BEN-84 BEV-89 Bames, D. Benzel, T.V. Bevier, W.R. "Secure Communications "Analysis of a Kernel "Kit: A Study in Operating Processor Research," Proc. Verification," Proc. 1984 System Verification," IEEE 7th Seminar, DoD Comp. IEEE Symp. on Sec. & Trans, on Software Engr.,

Sec. Progr. , (5: DOD-84), Privacy , (5: IEE-84), pp. 125- November 1989, pp. 1382- 1984, pp. 312-318. 131. 1396.

Key Words: MLS, design, Key Words: verification, Key Words: verification, OS, network. kernel. case.

BAR-88 BEN-85 BIR-86 Barker, W.C., P. Cochrane, Benzel, T.C.V. and Birrell, A.D., et al. and M. Branstad D.A. Travilla, "A Global Authentication "Embedding Cryptography 'Trusted Software Service Without Global Trust," into a Trusted Mach System," Verification: A Case Study," Proc. 1986 IEEE Symp. on Proc. 4th Aerosp. Comp. Sec. Proc. 1985 IEEE Symp. on Sec. & Privacy. (5: IEE-86),

Conf.. (4: IEE-88b), 1988, Sec. & Privacy , (5: IEE-85), pp. 223-230. pp. 379-383. pp. 14-31. Key Words: authentication, Key Words: OS, design, Key Words: verification, methods. cryptography. software. BLA-81 BAR-89 -BEN-89 Blakely, G.R., G. Ma, Barker, W.C. Benzel, T.C.V. and L. Swanson "Use of Privacy-Enhanced "Developing Trusted Systems "Security Proofs for Mail for Software Using DOD-STD-2167A," Information Protection

Distribution," Proc. 5th Proc. 5th Sec. Applicat. Conf. , Systems," Proc. 1981 IEEE

Security AppHcat. Conf. , (4: (4: IEE-89C), 1989, pp. 166- Symp. on Sec. & Privacy , (5: IEE-89C), 1989, pp. 344-347. 176. IEE-81), pp. 75-88.

Key Words: methods, Key Words: trused, design, Key Words: verification, software. methods. methods.

BAX-86 BER-80 BLO-86 Baxter, M.S.J. Berstis, V. Blotcky, S., K. Lynch, "A Layered Architecture for "Security and Protection of and S. Lipner Multilevel Security," Proc. Data in the IBM System/38," "SEA^MS: Implementing '86 IFIP/Sec. , Monte Carlo, Proceedings, 7th IEEE Mandatory Security in 1986, (2: GRI-89). Conference on Computer VAXA'MS," Proc. 9th Nad.

Architectures, 1980, pp. 245- Comp. Sec. Conf. , (5: NCS- Key Words: MLS, 252. 86), 1986, pp. 47-54. architecture. Key Words: design, methods, Key Words: MLS, design, BEL-84 case. case. BeU, D.E. "Working Toward Al," Proc. BER-88 BOE-85 7th Seminar, DoD Comp. Berch, R., et al. Boebert, W.E., R.Y. Kain,

Sec. Progr. , (5: DOD-84), "Use of Automated and W.D. Young 1984, pp. 24-29. Verification Tools in a Secure "Secure Computing: The Software Development Secure Ada Target Approach,"

Key Words: MLS, trusted, Methodology," Proc. 11th Scientific Honeyweller , July 1-17. design. Natl. Comp. Sec. Conf. , (5: 1985, pp. NCS-88). 1988, pp. 284-289. Key Words: MLS, design, Key Words: verification, methods. software.

5-2 BOE-85a BON-89 BRA-88a Boebert, W.E., et al. Bondi, J.O., and Branstad, M., H. Tajalli, "Secure Ada Target: Issues, M.A. Branstad and F. Mayer System Design, and "Architectural Support of "Security Issues of the Trusted Verification," Proc. 1986 Fine-Grained Secure Mach System," Proc. 4th Sec. IEEE Symp. on & Computing," Proc. 5th Aerosp. Comp. Sec. Conf. , (4:

Privacy . (5: IEE-86), pp. Security Applicat. Conf. , (4: IEE-88b), 1988, pp. 362-367. 176-183. IEE-89c). 1989. pp. 121-130. Key Words: trusted, OS, Key Words: MLS, Key Words: architecture, policy, case. verification, design. design. BRA-89 BOE-88 BRA-84 Branstad, M., et al. Boebert, W.E. Brand. S.L. "Access Mediation in a 'The LOCK Demonstration," "Environmental Guidelines for Message Passing Kernel," Postscript, 11th Natl. Comp. Using the DoD Trusted Proc. 1989 IEEE Symp. on

Sec. Conf. , (5: NCS-88a), Computer Systems Evaluation Sec. & Privacy , (5: IEE-89b), 1988, pp. 73-88. Criteria," Proc. 7th Seminar. pp. 66-72.

DoD Comp. Sec. Progr. , (5: Key Words: TCB. DOD-84), 1984, pp. 17-23. Key Words: control, kernel, architecture, design. design. Key Words: criteria, BOE-88a guidelines. BRA-89a Boebert, W.E. Branstad., M„ and J. Landauer "Constructing an Infosec BRA-86 "Assurance for the Trusted System Using the LOCK Branstad, M.A., et al. Mach Op>erating System," Proc. Technology," Postscript, 11th 'Trust Issues of MACH-1," COMPASS-89. Comp.

Natl. Comp. Sec. Conf. , (5: Proc. 9th Natl. Comp. Sec. Assurance , (4. IEE-89), pp.

NCS-88a), 1988, pp. 89-95. Conf. , (5: NCS-86), 1986. pp. 103-108. 209-212. Key Words: TCB, design, Key Words: verification, OS, techniques. Key Words: trusted, OS, case. policy, case. BON-83 BRI-85 Bonyun. D.A. BRA-87 Britton, D.E. 'The Use of Architectural Branstad, M.. et al. "Verlangen: A Verification Principles in the Design of 'Trusted Mach Design," Proc. Language for Designs of

Certifiably Secure Systems." 3d Aerosp. Comp. Sec. Conf. . Secure Systems," Proc. 8th Natl. Computers & Security , June (5: IEE-87b). 1987. pp. 24-29. Comp. Sec. Conf. , (5: 1983, pp. 153-162. NCS-85), 1985, pp. 70-81. Key Words: OS, design, case. Key Words: architecture, Key Words: verification, TCB, design. BRA-88 methods. Branstad, M., and F.L. Mayer BON-84 "Access Mediation in Server- BRO-88 Bonyun, D.A. Oriented Systems: An Brown, G.L. "Formal Verification: Its Examination of Two "Interdependence of Evaluated Purpose and Practice." Proc. Systems," Proc. 11th Natl. Subsystems," Proc. 11th Natl. '84 Sec. (5: mP/Sec. . Toronto, 1984, Comp. Sec. Conf. , (5: NCS- Comp. Conf. , NCS- (2: FIN-85), pp. 217-223. 88). 1988. pp. 309-318. 88), 1988, pp. 330-332.

Key Words: verification, Key Words: control, design, Key Words: trusted, design, general. methods. general.

5-3 BUS-83 CAS-89 COX-81 Bussolati, U. and G. Martella Casey, T., et al. Cox, L.A., and R.R. Schell "The Design of Secure "Secure Automated Document 'The Structure of a Security Distributed Systems," Delivery," Proc. 5th Security Kernel for a Z8000

Proceedings, 1983 IEEE Applicat. Conf. , (4: IEE-89c), Multiprocessor," Proc. 1981

Compcon Spring Conf. , 1983, 1989, pp. 348-355. IEEE Symp. on Sec. &

pp. 492-498. Privacy , (5: IEE-81), pp. 124- Key Words: trusted, methods. 129. Key Words: trusted, design, general. CHE-81 Key Words: kernel, design, Cheheyl, M.H., et al. case, architecture. CAR-86 "Verifying Security," ACM

Carlson, R.A., and T.F. Lunt, Computing Surveys , CRA-84 "The Trusted Domain September 1981, pp. 279-339. Craigen, D., Machine: A Secure "Ottawa Euclid and EVES: A Commimications Device for Key Words: verification, Status Report," Proc. 1984 Security Guard Applications," general. IEEE Symp. on Sec. &

Proc. 1986 IEEE Symp. on Privacy . (5: IEE-84), pp. 114-

Sec. & Privacy . (5: IEE-86), COO-88 124. pp. 182-186. Cook, J., and D.F. Martin "Adding Ada Program Key Words: verification, Key Words: trusted, network, Verification Capability to the design, case. design. State Delta Verification System (SDVS)," Proc. 11th CRA-87

CAR-87 Nad. Comp. Sec. Conf. , (5: Craigen, D. Carson, M.E., et al. NCS-88), 1988, pp. 139-146. "m-EVES," Proc. 10th Natl.

"From B2 to CMU: Building Comp. Sec. Conf. , (5: NCS- a Compartmental Mode Key Words: verification, 87a), 1987, pp. 109-117. Workstation on a Secure methods. Xenix Base," Proc. 3d Key Words: verification,

Aerosp. Comp. Sec. Conf. , COR-84 design, case, methods. (5: IEE-87b), 1987, pp. 35- Comwell, M.R. and 43. R.J.K. Jacob CRO-88 "Structure of a Rapid Crocker, S.D., et al. Key Words: MLS, design, Prototype Secure Military "Reverification of a case. Message System," Proc. 7th Microprocessor," Proc. 1989 Seminar, DoD Comp. Sec. IEEE Symp. on Sec. &

CAR-88 Program , (5: DOD-84), 1984, Privacy . (5: IEE-89b), pp. 166- Carroll, J.M. pp. 48-57. 176. "Implementing Multilevel Security by Violation Key Words: MLS, design, Key Words: verification, Privilege," Computers & case, network. architecture, techniques,

Security , December 1988, pp. methods, case. 563-573. COR-89 Comwell, M.R. CRO-88a Key Words: MLS, design, "A Software Engineering Crow, J.S., et al. methods. Approach to Designing "EHDM Verification Trustworthy Software," Proc. Environment — An Overview," CAS-88 1989 IEEE Symp. on Sec. & Proc. 11th Natl. Comp. Sec.

Casey, T.A., et al. Privacy . (5: IEE-89b). pp. Conf. , (5: NCS-88), 1988, pp. "A Secure Distributed 148-156 147-155. Operating System," Proc. 1988 IEEE Symp. on Sec. & Key Words: trusted, software, Key Words: verification,

Privacy , (5: IEE-88a), pp. 27- design. design, case. 38.

Key Words: MLS, OS, network, design.

5-4 CRO-89 CSC-88a CSC-89a Crocker, S.D., and A Guide to Understanding Rating Maintenance Phase

E.J. Siarkiewics Audit inTrusted Systems, Program Document , NCSC- "Software Methodology for NCSC-TG-001, National TG-013, National Computer Development of a Trusted Computer Security Center, Ft Security Center, Ft. Meade, MBS," Proc. 5th Security Meade, MD, 1 June 1988. MD, 23 June 1989.

ApplicaL Conf. , (4: IEE-89c), 1989, pp. 148-165. Key Words: guidelines, Key Words: gtiidelines, design. auditing. Key Words: trusted, software, CUM-87 methods. CSC-88b Cummings, P.T., et al. Computer Security Subsystem "Compartmented Mode CSC-85 Interpretation of the Trusted Workstation: Results Through Computer Security Computer System Evaluation Prototyping," Proc. 1987 IEEE -- Requirements Guidance for Criteria, NCSC-TG-009, Symp. on Sec. & Privacy , (5: Applying the Department of National Computer Security IEE-87a), pp. 2-12. Defense Trusted Computer Center, Ft Meade, MD. 16

System Evaluation Criteria, September 1988. Key Words: MLS, design, CSC-STD-003-85. National case, methods. Computer Security Center, Ft. Key Words: guidelines, TCB, Meade, MD, 25 June 1985. criteria. CUT-88 Cutler, M. Key Words: guidelines, CSC-88C "Verifying Implementation criteria. A Guide to Understanding Correctness Using the State Design Documentation in Delta Verification System

CSC-85a Trusted Systems , NCSC-TG- (SDVS)," Proc. 11th Natl.

Technical Rationale Behind 007, National Computer Comp. Sec. Conf. , (5: NCS- CSC-STD-(X)3-85: Computer Security Center, Ft. Meade, 88), 1988, pp. 156-161.

Security Requirements , CSC- MD, 2 October 1988. STD-004-85, National Key Words: verification, Computer Security Center, Ft. Key Words: guidelines, design, case. Meade, MD, 25 June 1985. design. DAN-82 Key Words: criteria, CSC-88d Dannenberg, R.B., and guidelines. A Guide to Understanding G.W. Ernst Trusted Distribution in "Formal Program Verification

CSC-87 Trusted Systems , NCSC-TG- Using Symbolic Execution," A Guide to Understanding 008, National Computer IEEE Trans, on Software 43- Discretionary Access Control Security Center, Ft. Meade, Engr. , January 1982, pp.

in Trusted Systems , NCSC- MD, 15 December 1988. 52. TG-003. National Computer Security Center, Ft. Meade, Key Words: guidelines, Key Words: verification, MD, 1 June 1988. design. methods.

Key Words: guidelines, CSC-89 DAV-80 control. Guidelines for Formal Davida, G.I., et al.

Verification Systems , NCSC- "A System Architecture to CSC-88 TG-014, National Computer Support a Verifiably Secure A Guide to Understanding Security Center, Ft. Meade, Multi-Level Security System," Configuration Management in MD, 1 AprU 1989. Proc. 1980 IEEE Symp. on Privacy IEE-80), Trusted Systems , NCSC-TG- Sec. & , (5: 006, National Computer Key Words: guidelines, pp. 137-144. Security Center, Ft. Meade, verification. MD, 28 March 1988. Key Words: MLS, architecture, design. Key Words: guidelines, design.

5-5 DIT-82 DOD-82 Dittrich, K.R., et al. Proceedings. Fifth Seminar on ECK-87 "Protection in the OSKAR the DoD Computer Security Eckman, S.T. Operating System: Goals, Initiative Program , Department "InaFlo: The FDM Flow Concepts, Consequences," of Defense, Washington, DC, Tool," Proc. 10th Natl. Comp. Proc. 1982 IEEE Symp. on May 1982. Sec. Conf. . (5: NCS-87a). IEE-82), Sec. & Privacy , (5: 1987, pp. 175-182. pp. 46-56. Key Words: proceedings, MLS, design. Key Words: verification, Key Words: OS, policy, methods. methods, case. DOD-83 Proceedings, Sixth Seminar on ELO-85 DIV-87 the DoD Computer Security Eloff, J.H.P.

Di Vito, B.L., and Initiative , National Bureau of 'The Development of a L.A. Johnson Standards, November 1983. Specification Language for a "A Gypsy Verifier Assistant," Computer Security System," Proc. 10th Natl. Sec. Key Words: proceedings, Comp. Computers & Security , June design. Conf. . (5: NCS-87a), 1987, MLS, 1985. pp. 143-147. pp. 183-192. DOD-83a Key Words: specification, Key Words: verification, Department of Defense methods. methods. Trusted Computer System Evaluation Criteria, CSC-STD- FAR-86 DOD-80 001-83, DoD Computer Farmer, W.M., DM. Johnson, Proceedings, Second Seminar Security Center, Ft. George G. and F.J. Thayer onthe DoD Computer Meade MD, 15 August 1983. 'Towards A Discipline for

Security Initiative Program , Developing Verified Software," Department of Defense, Key Words: MLS, criteria, Proc. 9th Nad. Comp. Sec. Washington, DC, January policy, verification, TCB, Conf., (5: NCS-86), 1986. pp. 1980. design. 91-98.

Key Words: proceedings, DOD-84 Key Words: verification, MLS, design. Proceedings, Seventh Seminar software. onthe DoD Computer Security

DOD-80a Initiative, DoD Computer FEL-87

Proceedings, Third Seminar Security Center, Ft. Meade, Fellows, J., et al. on the DoD Computer MD, September 1984. "The Architecture of a

Security Initiative Program , Distributed Trusted Computing Department of Defense, Key Words: proceedings, Base," Proc. 10th Natl. Comp.

Washington, DC, November MLS, design. Sec. Conf. , (5: NCS-87a). 1980. 1987, pp. 68-77. DOD-85 Key Words: proceedings, Department of Defense Key Words: architecture. TCB, MLS, design. Trusted Computer System network.

Evaluation Criteria, DoD DOD-81 5200.28-STD, U.S. FET-88 Proceedings, Fourth Seminar Department of Defense, Fetzer, J.H. on the DoD Computer Washington, DC, December "Program Verification: The

Security Initiative Program , 1985. Very Idea," Communications

Department of Defense, of the ACM , September 1988. Washington, DC, August Key Words: MLS, TCB, 1981. criteria. Key Words: verification, general. Key Words: proceedings, DOW-85 MLS, design. Downs, D.D. et al. "Issues in Discretionary Access Control," Proc. 1985 IEEE Symp. on Sec. &

Privacy , (5: IEE-85), pp. 208- 218.

Key Words: discretionary, control.

5-6 FRA-83 GAS -88 GLI-84 Fraim, L.J. Gasser, M. Gligor. V.D. "SCOMP: A Solution to the Building a Secure Computer "A Note on Denial-of-Service

MLS Problem," Proc. System , Van Nostrand Problem in Operating '83 IFIP/Sec. . Stockholm, Reinhold, New York, 1988 Systems," IEEE Trans, on (2: FAK-83), 275- 1983. pp. Software Engr. . May 1984, pp. 286. Key Words: book, general, 320-324. MLS, design. Key Words: MLS, design, Key Words: denial, threats, network, case. GAS-89 design. Gasser, M., et al. FRA-86 'The Digital Distributed GLI-85 Fraim, L.J. System Security Architecture," Gligor. V.D., "The Challenge After Al - Proc. 12th Nad. Comp. Sec. "Analysis of the Hardware

A View of the Security Conf. , (5: NCS-89), 1989, pp. Verification of the Honeywell Market," Proc. 9th Natl. 305-319. SCOMP," Proc. 1985 IEEE Sec. Conf. (5: Comp. , NCS- Symp. on Sec. & Privacy , (5: 86), 1986, pp. 41-46. Key Words: architecture, IEE-85), pp. 32^4. design, case. Key Words: trusted, design, Key Words: verification, case. general. GLA-84 Glasgow, J.L, et al. GLI-86 FRE-88 "Specifying Multilevel Gligor, V.D., et al. Freeman, J., R. Neely, and Security in a Distributed "On the Design and the L. Megalo System," Proc. 7th Seminar, Implementation of Secure

"Developing Secure Systems: DoD Comp. Sec. Program , (5: Xenix Workstations," Proc. Issues and Solutions," Proc. DOD-84). 1984. pp. 319-340. 1986 IEEE Symp. on Sec. &

4th Aerosp. Comp. Sec. Privacy , (5: IEE-86), pp. 102-

Conf. , (4: IEE-88b), 1988, Key Words: MLS, 117. pp. 183-190. specification, design. Key Words: MLS, policy, Key Words: MLS, design, GLI-83 design, case. general. Gligor, V.D. "A Note on the Denial of GLI-86a GAB-86 Service Problem," Proc. IEEE GUgor, V.D., and Gabriele, M. Symposium on Security and C.S. Chandersekaran

"Smart Terminals for Trusted Privacy . AprU 1983, pp. 139- 'Toward the Development of Computer Systems," Proc. 9th 149. Secure Distributed Systems," '86 Natl. Comp. Sec. Conf. , (5: Proc. IFIP/Sec. , Monte NCS-86), 1986, pp. 16-20. Key Words: denial, threats, Carlo, 1986, (2: GRI-89). design. Key Words: trusted, MLS, Key Words: MLS, network, design, network. GLI-83a design. Gligor. V.D. GAM-88 'The Verification of GLI-86b Gambel, D., and S. Walter Protection Mechanisms of Ghgor, V.D., et al. "Retrofitting and Developing High-Level Language "A New Security Testing Applications for a Trusted Machines." International Method and Its Application to Computing Base," Proc. 11th Journal of Computer and the Secure Xenix Kemel,"

Natl. Comp. Sec. Conf. , (5: Information Sciences , August Proc. 9th Natl. Comp. Sec.

NCS-88), 1988, pp. 344-346. 1983, pp. 211-246. Conf. , (5: NCS-86), 1986, pp. 40-59 Key Words: TCB, design, Key Words: verification, techniques. methods. Key Words: verification, design, case.

5-7 GLI-87 GRA-88 HAI-87 Gligor, V.D., et al. Graubart., R.D. Haigh, J.T, et al. "Design and Implementation "Dual Labels Revisited," Proc. "An Experience Using Two of Secure Xenix," IEEE 4th Aerosp. Comp. Sec. Covert Channel Analysis

Trans, on Software Engr. , Conf. , (4: IEE-88b), 1988, pp. Techniques on a Real System February 1987. pp. 208-221. 167-172. Design," IEEE Trans, on Software Engr., February 1987, Key Words: MLS, policy, Key Words: MLS, design, pp. 157-168. design, case. techniques. Key Words: covert channel, GLI-87a GRE-89 case. Gligor, V.D., et al. Grenier, G.-L., R.C. Holt, and "A New Security Testing M. Funkenhauser HAI-87a Method and Its Application "Policy vs. Mechanism in Haigh, J.T. and W.D. Young to Secure Xenix Kernel," Secure TUNIS Operating "Extending the Noninterference IEEE Trans, on Software System," Proc. 1989 IEEE Version of MLS for SAT,"

Engr. , February 1987, pp. Symp. on Sec. & Privacy , (5: IEEE Trans, on Software

169-183. IEE-89b), pp. 84-93. Engr. , February 1987, pp. 141-

Key Words: verification, Key Words: policy, design, caase. case. Key Words: MLS, model, case. GOL-81 GUS-87 Golberg, D.L. Guspari, D., CD. Harper, HAL-85 "The SDC Communications and N. Ramsey Haley, C.J., and F.L. Mayer Kernel," Proc. 4th Seminar, "An ADA Verification "Issues on the Development of

DoD Comp. Sec. Progr. , (5: Environment," Proc. 10th Security Related Functional

DOD-81), 1981, pp. P1-P33. Nati. Comp. Sec. Conf. . (5: Tests," Proc. 8th Natl. Comp.

NCS-87a). 1987. pp. 366-371. Sec. Conf. , (5: NCS-85), 1985, Key Words: kernel, network, pp. 82-85. case. Key Words: verification, case. Key Words: verification, GOL-84 HAD-88 design. Gold, B.D., R.R. Linde, and Hadley. S.. et al. P.F. Cudney "A Secure SDS Software HAL-86 "KVM/370 in Retrospect," Library," Proc. 11th Natl. Halpem, J.D., et al.

Proc. 1984 IEEE Symp. on Comp. Sec. Conf. , (5: NCS- "MUSE - A Computer-

Sec. & Privacy , (5: IEE-84), 88), 1988, pp. 246-249. Assisted Verification System," pp. 13-23. Proc. 1986 IEEE Symp. on

Key Words: trusted, software, Sec. & Privacy , (5: IEE-86), Key Words: kernel, design, case. pp. 25-32 case. HAI-86 Key Words: verification, case. GOO-88 Haigh. J.T., et al., Good, D.I. "An Experience Using Two HAL-87 "Producing Secure Digital Covert Chaimel Analysis Halpem, J.D., et al. Information Systems," Proc. Techniques on a Real System "MUSE ~ A Computer- 4th Aerosp. Comp. Sec. Design." Proc. 1986 IEEE Assisted Verification System,"

Conf. . (4: IEE-88b), 1988, Symp. on Sec. & Privacy . (5: IEEE Trans, on Software

pp. 180-182. IEE-86), pp. 14-24. Engr ., February 1987, pp. 151- 156. Key Words: MLS, design, Key Words: covert chaimel, techniques. case. Key Words: verification, case.

5-8 HAL-87a HAR-89a IEE-81 Halpem, J.D., and S. Owre Harrison, L.J. Proceedings. 1981 IEEE "Specification and "Security Issues and Ada Symposiumon Security and

Verification Tools for Secure Runtime Support," Proc. 5th Privacy , Oakland, CA, April

Distributed Systems," Proc. Security Applicat. Conf. , (4: 27-29, 1981, IEEE Computer

10th Natl. Comp. Sec. Conf. , IEE-89C), 1989, pp. 177-183. Society Press, Washington, (5: NCS-87a), 1987. pp. 78- DC, 1981. 83. Key Words: MLS. methods, case. Key Words: proceedings, Key Words: verification, research. general. HEN-85 Henning. R.R. IEE-82 HAL-87b "Multilevel Application Proceedings. 1982 IEEE Hale, M.W. Development," Proc. 8th Nad. Symposium on Security and

"Using the Computer Security Comp. Sec. Conf. , (5: NCS- Privacy , Oakland, CA, April Subsystem Interpretation," 85), 1985, pp. 137-140. 1982, IEEE Computer Society AIAA No. 87-3097. Proc. 3d Press, Washington, DC. 1982.

Aerosp. Comp. Sec. Conf. , Key Words: MLS, design, (5: IEE-87b). 1987. pp. 128- methods. Key Words: proceedings, 130. research. HEN-88 Key Words: TCB, criteria, Henning, M., and A. Rhode IEE-83 general. "On the Suitability of Z for "Data Security in Computer the Specification of Verifiably Networks, Special Issue," IEEE

HAR-84 Secure Systems," Proc. Computer, February 1983. '88 Hartman. BA. mP/Sec. , Australia, 1989, "A Gypsy-Based Kernel," (2: CAE-89). pp. 197-221. Key Words: MLS, networks, Proc. 1984 IEEE Symp. on methods, design, cryptogr^hy.

Sec. & Privacy , (5: IEE-84), Key Words: specification, pp. 219-226. case. IEE-83a Proceedings. 1983 IEEE Key Words: verification, HIN-89 Symposium on Security and

kernel, case. Hinke. T.H. Privacy . Oakland, CA, April "The Trusted Server Approach 25-27, 1983, IEEE Computer HAR-85 to Multilevel Security." Proc. Society Press, Washington,

Hardy, N. 5th Security Applicat. Conf. . DC, 1983. "KeyKOS Architecture," (4: IEE-89C). 1989. pp. 335- ACM Operating Systems 341. Key Words: proceedings,

Review , October, 1985. research. Key Words: MLS. methods, Key Words: architecture, design. IEE-83b kernel, case. "Computer Security IEE-80 Technology, Special Issue,"

HAR-89 Proceedings, 1980 IEEE IEEE Computer , July 1983. Harrold, C.L. Symposium on Security and

"An Introduction to the Privacy , Oakland, CA, April Key Words: MLS, methods, SMTTE Approach to Secure 14-16, 1980, IEEE Computer design, kernel, research. Computing," Computers & Society Press. Washington,

Security , October 1989, pp. DC, 1980. IEE-84 495-505. Proceedings. 1984 IEEE Key Words: proceedings, Symposium on Security and

Key Words: MLS, methods, research. Privacy , Oakland, CA, April design, case. 29-May 2, 1984, IEEE Computer Society Press, Washington. DC. 1984.

Key Words: proceedings, research.

5-9 IEE-85 IEE-88 JAN-89 Proceedings. 1985 ffiEE Proceedings, 1988 IEEE Janieri, J.VA., J.S. Barlas, Symposiumon Security and Symposiumon Security and and L.L. Chang

Privacy . Oakland, CA. April Privacy , Oakland, CA, April "Adding CASE Technologies 22-24. 1985, IEEE Computer 18-21, 1988, IEEE Computer to Formal Verification"* Proc.

Society Press, Washington, Society Press, Washington, 12th Natl. Comp. Sec. Conf. . DC, 1985. DC, 1988. (5: NCS-89), 1989, pp. 52-64.

Keywords; proceedings, Key Words: proceedings, Key Words: verification, research. research. methods.

IEE-85a IEE-88a JOH-89 Proceedings. 1985 IEEE Proceedings, Fourth Aerospace Johnson, LA. Aerospace Computer Security Computer Security "Formal Specification &

Conference . IEEE Computer Conference , IEEE Computer Verification: Fundamental

Society Press. Washington Society Press, Washington, Concerns," IEEE Cipher , Aixil DC. March 1985. DC, December 1988. 1989. pp. 25-33.

Key Words: proceedings, Key Words: proceedings, Key Words: verification, design, methods, case. design, methods, case. general.

IEE-86 IEE-89 JOS-87 Proceedings, 1986 IEEE Proceedings, 1989 IEEE Joseph, M.K. Symposium on Security and Symposium on Security and 'Toward the Elimination of the 1- Privacy , Oakland, CA, April Privacy , Oakland, CA. May Effects of Malicious Logic: 7-9. 1986, IEEE Computer 3, 1989, IEEE Computer Fault Tolerance Approaches," Society Press, Washington, Society Press, Washington, Proc. 10th Natl. Comp. Sec.

DC, 1986. DC. 1989. Conf. . (5: NCS-87a). 1987. pp. 238-244. Key Words: proceedings, Key Words: proceedings, research. research. Key Words: denial, design, methods. IEE-86a IEE-89a Proceedings, Second Proceedings, Fifth Security KAR-84

Aerospace Computer Security Applications Conference , Karger, PA., and A.J. Herbert

Conference , IEEE Computer IEEE Computer Society Press, "An Augmented Capability Society Press, Washington, Washington, DC, December Architecture to Support Lattice DC. 1986. 1989. Security and Traceability of Access," Proc. 1984 IEEE

Key Words: proceedings, Key Words: proceedings, Symp. on Sec. & Privacy. (5: design, methods, case. design, case. IEE-84), pp. 2-12.

IEE-87 IRV-88 Key Words: architecture, Proceedings, 1987 IEEE Irvine, C.E., et al. capabihty. Symposium on Security and "Genesis of a Secure

Privacy , Oakland, CA, April Application: A Multilevel KAR-87 27-29. 1987. IEEE Computer Secure Message Preparation Karger, PA. Society Press, Washington, Workstation Development," "Limiting the Damage DC, 1987. Proc. 4th Aerosp. Comp. Sec. Potential of Discretionary Trojan Horses," Proc. 1987 Conf. , (4: IEE-88b), 1988, pp. Key Words: proceedings, 16-29. IEEE Symp. on Sec. &

research. Privacy , (5: IEE-87a), pp. 32- Key Words: MLS, policy, 37. IEE-87a design, case. Proceedings, Third Aerospace Key Words: threats, Computer Security vulnerabilities, methods,

Conference , IEEE Computer discretionary. Society Press, Washington, DC, 1987.

Key Words: proceedings, design, methods, case.

5-10 KAU-87 KIN-88 KUH-88 Kaufmann, M., and King, G., and B. Smith Kuhn, D.R. W.D. Young "INFOSEC IRAD at "Static Analysis Tools for "Comparing Specification Magnavox: The Trusted Software Security Paradigms for Secure Military Message Processor Certification," Proc. 11th Natl. Systems: and the Gypsy (TRUMMP) & the MiUtary Comp. Sec. Conf. , (5: NCS- Boyer-Moore Model," Proc. Message Embedded Executive 88), 1988, pp. 290-298.

10th Natl. Comp. Sec. Conf. . (ME2)," Proc. 11th Nad. 122- (5: NCS-87a), 1987, pp. Comp. Sec. Conf. , (5: NCS- Key Words: certification, 128. 88), 1988, pp. 250-256. software.

Key Words: specification, Key Words: design, network, LAM-85 methods, design, case. case. Lampson, B.W. "Protection," ACM Operating

KEM-80 KIN-88a Systems Review , December Kemmerer, R. King, G., and W. Smith 1985, pp. 13-24. "FDM: A Formal "An Alternative Methodology for Software Implementation of the Key Words: policy, models, Development," Proc. 3d Reference Monitor Concept," general. Seminar, DoD Comp. Sec. Proc. 4th Aerosp. Comp. Sec.

Progr. , (5: DOD-80b), 1980, Conf. , (4: IEE-88b), 1988, pp. LAN-81 pp. Ll-19. 159-166. Landwehr, C.E. "Assertions for Verification of Key Words: specification, Key Words: MLS, model, Multi-Level Secure MUitary methods, case. design. Message Systems," ACM

Software Engineering Notes , KEM-82 KOR-84 Vol. 5, No.3, July 1980. Kemmerer, R.A. Korelskiy, T., and "A Practical Approach to D. Sutherland Key Words: verification, Identifying Storage and "Formal Specification of a methods. Timing Chaimels," Proc. Multi-Level Secure Operating 1982 IEEE Symp. on Sec. & System," Proc. 1984 IEEE LAN-82 66- Privacy (5: IEE-82), pp. Symp. on Sec. & Privacy , (5: Landauer, C, and S. Crocker 73. IEE-84). pp. 209-218. "Precise Information Flow Analysis by Program Key Words: covert chaimel, Key Words: MLS, Verification." Proc. 1982 IEEE

methods. specification, case. Symp. on Sec. «fe Privacy , (5: IEE-82), pp. 74-80. KEM-86 KRA-83 Kemmerer, R.A. Kramer, S.M., and D.P. Sidhi Key Words: verification, Verification Assessment "Security Information Flow in methods, flow.

Study Final Report, C3- Multidimensional Arrays,"

CROl-86, National Computer IEEE Trans, on Computers , LAN-83 Security Center, Ft. Meade, December 1983, pp. 1188- Landwehr, C.E. MD, 1986. 1190. "The Best Available Technologies for Computer

Key Words: verification, Key Words: MLS, models, Security," IEEE Computer . general. flow. July 1983. pp. 89-100.

KET-88 KRA-84 Key Words: design, methods, Ketcham, L.R. Kramer, S. general. "Program Containment in a "Linus IV~An Experiment in Software-Based Security Computer Security," Proc. Architecture," Proc. 11th 1984 IEEE Symp. on Sec. & 24- Nad. Comp. Sec. Conf. , (5: Privacy , (5: IEE-84), pp. NCS-88), 1988, pp. 299-308. 32.

Key Words: design, methods, Key Words: MLS, OS, software. design, case.

5-11 LAN-83a LEV-89 LUM-89 Landwehr, C.E. Levin, T, S.J. Padilla, and Lu, M.M. "Requirements for Class Al C.E. Irvine "Guidelines for Formal Systems and Major "A Formal Model for UNIX Verification Systems: Overview Differences between Division Setuid," Proc. 1989 IEEE and Rationale," Proc. 12th

A and Division B Systems," Symp. on Sec. & Privacy , (5: Natl. Comp. Sec. Conf. , (5: Proc. 6th Seminar, DoD IEE-89b), pp. 73-83. NCS-89), 1989, pp. 75-82.

Comp. Sec. Program , (5: DOD-83a), 1983, pp. 27-32 Key Words: models, OS, case. Key Words: verification, guidelines. Key Words: MLS, criteria, LEV-89a general. Levin, T.E., S.J.Padilla, MAC-83 and R.R. Schell MacEwen, G.H. LAN-84 "Engineering Results from the "The Design for A Secure Landwehr, C.E., and Al Formal Verification System Based on Program J.M. CarroU Process," Proc. 12th Natl. Analysis," IEEE Trans, on

"Hardware Requirements for Comp. Sec. Conf. , (5: NCS- Software Engr. , May 1983, pp. Secure Computer Systems: A 89), 1989, pp. 65-74. 289-298. Framework," Proc. IEEE Sympos. on Security and Key Words: verification, Key Words: MLS, design,

Privacy , April 1984, pp. 34- design, case. case. 40. LOE-85 MAC-84 Key Words: architecture, Loeper, K. MacEwen, G.H., and general. "Resolving Covert Charmels D.T. Barnard Within a B2 Class Secure "The Euclid Family and Its LAN-85 System," ACM Operating Relation to Secure Systems,"

Landwehr, C.E., and Systems Review , July 1985. Proc. 7th Seminar, DoD

H.O. Lubbes Comp. Sec. Program , (5: "Determining Security Key Words: covert chaimel, DOD-84), 1984, pp. 79-87. Requirements for Complex case. Systems with the Orange Key Words: specification, case. Book," Proc. 8th Natl. Comp. LOE-89

Sec. Conf. . (5: NCS-85), Loepere, K. MAC-84a 1985, pp. 156-162. "The Covert Charmel Limiter MacEwen, G.H., B. Burwell, Revisted," ACM Operating and Z.J. Lu,

Key Words: requirements, Systems Review , April 1989, "Multi-Level Security Based criteria. pp. 39-44. on Physical Distribution," Proc. 1984 IEEE Symp. on Sec. &

LEE-89 Key Words: covert channel, Privacy , (5: IEE-84), pp. 167- Lee, T.M.P. case. 177. "Statistical Models of Trust: TCBs vs. People," Proc. 1989 LUC-86 Key Words: MLS, nethods, IEEE Symp. on Sec. & Luckenbaugh, G.L., et al. design.

Privacy , (5: IEE-89b), pp. "Interpretation of the Bell- 10-19. LaPadula Model in Secure MAR-83 Xenix," Proc. 9th Natl. Comp. Marick, B.

Key Words: trusted, models, Sec. Conf. , (5: NCS-86), "The VERUS Design general. 1986, pp. 113-125. Verification System," Proc. 1983 IEEE Symp. on Sec. &

LEV-80 Key Words: model, methods, Privacy , (5: IEE-83a), pp. 150- Levitt, K.N., P.G. Neumann, case. 160. and L. Robinson The SRI Hierarchical Key Words: verification, case. Development Methodology and Its Application to Development of Secure

Systems , SP 500-67, NBS, Gaithersburg, MD, 1980.

Key Words: MLS, methods, design, case.

5-12 MAR-84 MAY-89 MEA-87 Margulis, B.I. Mayer, F.L., and Meadows. C. "An Overview of Multics J^i. McAuliffe "The Integrity Lock Security," Proc. MP/Sec. "The Design of the Trusted Architecture and Its ;84. Toronto. (2: FIN-85). Workstation: A True Application to Message 1984. pp. 225-235. •INFOSEC Product," Proc. Systems: Reducing Covert

12th Natl. Comp. Sec. Conf. . Channels." Proc. 1987 IEEE

Key Words: architecture, (5: NCS-89). 1989, pp. 135- Symp. on Sec. & Privacy , (5: design, case. 145. IEE-87a), pp. 212-218.

MAR-88 Key Words: trusted, design, Key Words: covert channel, Marmor-Squires, A3., case, network. methods, architecture, case. and P.A. Rougeau "Issues in Process Modek MCD-88 MIG-87 and Integrated Environments McDermott, J. Migues. S. for Trusted Systems "A Technique for Removing "The Need for Rigorous Development," Proc. 11th an Important Class of Trojan Informal Verification of

Natl. Comp. Sec. Conf. , (5: Horses from Higher Order Specifications-to-Code NCS-88), 1988, pp. 109-113. Languages," Proc. 11th Natl. Correspondence." Proc. '87: Comp. Sec. Conf. . (5: NCS- COMPASS Comp.

Key Words: trusted, models, 88). 1988, pp. 114-117. Assurance . (2: IEE-87). 1987. design, general. pp. 13-25. Key Words: threats, MAR-89 techniques. Key Words: verification, Marceau, C. and methods specification. CD. Harper MCH-85 "An Interactive Approach to McHugh, J. MIL-81 ADA VCTification." Proc. "An EMACS Based MiUer. IS.

12th Natl. Comp. Sec. Conf. . Downgrader for the SAT." "Military Message Systems: (5: NCS-89). 1989, pp. 28- Proc. 8th Natl. Comp. Sec. Applying a Security Model."

51. Conf. . (5: NCS-85). 1985. pp. Proc. 1981 IEEE Symp. on

133-136. Sec. & Privacy . (5: IEE-81), Key Words: verification, 101-111. methods, case. Key Words: MLS, techniques, case. Key Words: models, methods, MAR-89a case. Marmor-Squires, A., et al. MCH-85a "A Risk Driven Process McHugh, J. and D.I. Good MIL-82 Model for the Development "An Information Flow Tool Millen, J.K. of Trusted Systems," Proc. for Gypsy," Proc. 1985 IEEE "Kemel Isolation for the PDP 11/70," 5th Security Applicat. Conf. , Symp. on Sec. & Privacy , (5: Proc. 1982 IEEE

(4: IEE-89C), 1989, pp. 184- IEE-85), pp. 46-48. Symp. on Sec. & Privacy , (5: 192. IEE-82), pp. 57-65. Key Words: verification, Key Words: trusted, model, methods, case. Key Words: kemel, technique, risk, methods, desigiL case. MCM-85 MAY-88 McMahon, E.M. MIZ-87 Mayer. F.L. "Restricted Access Processor - Mizimo, M., and "An Interpretation of a - An Application of Computer A.E. Oldenhoeft Refined Bell-LaPadula Model Security Technology," Proc. "Information Flow Control in a for the T-Mach Kemel." Aerospace Computer Sec. Distributed Object-Oriented Statistically Proc. 4th Aerosp. Comp. Sec. Conf. . (5: IEE-85a). 1985. pp. System with

Conf. . (4: IEE-88b). 1988. 71-73. Bound Object Variables," Proc.

pp. 368-378. 10th Natl. Comp. Sec. Conf. , Key Words: MLS. methods, (5: NCS-87a). 1987. pp. 56-67. Key Words: MLS. model, design, case. kemel, case, methods, design. Key Words: control, slow, techniques.

5-13 MUR-88 NCS-88a NEU-86

Murray, M., R. Berch, ... Computer Security Into the Neumann, P.O. and S. Caperton Future, Postscript, A 11th "On Hierarchical Design of "Use of Automated National Computer Security Computer Systems for Critical

Verification Tools in a Conference . National Institute Applications." IEEE Trans, on Software Development of Standards Secure and Technology/ Software Engr.. September Methodology," Proc. lldi National Computer Security 1986. pp. 905-920. Natl. Comp. Sec. Conf.. (5: Center, October 1988. 284-289. NCS-88), 1988, pp. Key Words: models, methods, Key Words: proceedings, design. Key Words: verification, general. software, methods, design, NEU-88 case. NCS-89 Neugent. W., Information Systems Security: "Security Guards: Issues and NCS-85 Solutions for Today - Approaches." IEEE Proceedings, 8th National Concepts for Tomorrow. Communications Magazine . Computer Security Proceedings. 12th National August 1988. R). 25-29. Conference , National Bureau Computer Security

of Standards/National Conference . National Institute Key Words: MLS, methods, Computer Security Center, of Standards and Technology/ design. September 1985. National Computer Security Center. October 1989. NEU-89 Key Words: proceedings, Neugent, W. general. Key Words: proceedings, "Guidelines for Specifying general. Security Guards," Proc. 12th NCS-86 Natl. Comp. Sec. Conf. . (5: Computer Security - For NEE-85 NCS-89). 1989. pp. 320-338. Today... and for Tomorrow, Neely. R.B. and Proceedings, 9th National J.W. Freeman, Key Words: MLS. methods, Computer Security "Structuring Systems for design.

Conference , National Bureau Formal Verification," Proc. of Standards/National 1985 IEEE Symp. on Sec. &. ONE-86

Computer Security Center. Privacy . (5: IEE-85). pp. 2-13. O'Neil-Dunne. J. September 1986. 'The Access Path," Proc. 9th verification, Key Words: Natl. Comp. Sec. Conf. . (5: Key Words: proceedings, design. NCS-86). 1986. pp. 149-155. general. NEE-89 Key Words: TCB. control, NCS-87 Neely. R.B.. J.W. Freeman, design. Computer Security... From and M.D. Krenzin

Principles to Practice , "Achieving Understandable PAR-88 Proceedings, 10th National Results in a Formal Design Parker. TA. Computer Security Verification," Proc. Comp. "Structuring Trust in a Large

Conference , National Bureau Sec. Foundat. Workshop n . General Purpose Operating of Standards/ National (3: IEE-89a). 1989. pp. 115- System." Proc. 4th Aerosp.

Computer Security Center, 124. Comp. Sec. Conf. . (4: lEE- September 1987. 88b). 1988. pp. 152-158. Key Words: verification, Key Words: proceedings, methods. Key Words: trusted. OS. general. design, case. NEI-84 NCS-88 Neilson. J.O.. and PAR-89

Computer Security ... Into the F.E. Wuebker Partney. T.J. Future, Proceedings, 11th "Design Experiences from the 'The Incorporation of Multi- National Computer Security Multilevel Secure MCF." Level IPC into UNIX." Proc.

Conference , National Institute Proc. 1984 IEEE Symp. on 1989 IEEE Symp. on Sec. &

of Standards and Technology/ Sec. & Privacy . (5: IEE-84). Privacy . (5: IEE-89b). pp. 94- National Computer Security pp. 204-208. 99. Center. October, 1988. Key Words: MLS. design, Key Words: MLS. methods, Key Words: proceedings, case. design, case. general.

5-14 PER-84 POZ-84 ROU-87 Perrine, T., J. Codd, Pozzo, M.M. Rougeau, P.A. and B. Hardy "Life Cycle Assurance for "Integrating Security into a "An Overview of the Trusted Computer Systems: A Total Systems Architecture," Kemelized Secure Operating Configuration Mangement Proc. 3d Aerosp. Comp. Sec. for System (KSOS)," Proc. 7th Strategy Multics," Proc. Conf. . (5: IEE-87b), 1987, pp.

Seminar. DoD Comp. Sec. 7th Seminar, DoD Comp. Sec . 118-121.

Progr. . (5: DOD-84). 1984, Progr. . (5: DOD-84). 1984. pp. 146-160. pp. 169-179. Key Words: TCB, architecture, design. Key Words: OS, kernel, Key Words: trusted, methods, design, case. design, case. RUS-81 Rushby, J.M. PFL-88 PRO-85 'The Design and Verification Pfleeger, CP., and Proctor, N. of Secure Systems," ACM

S.L. Pfleeger "The Restricted Access Operating Systems Review , "A Transaction Flow Processor, an Example of Vol. 15. 5. 1982. pp. 12-21. Approach to Software Formal Verification." Proc. Security Certification for 1985 IEEE Symp. on Sec. & Key Words: verification,

Document Handling Privacy . (5: IEE-85). pp. 49- design. Systems," Computers & 53.

Security , October 1988, pp. RUS-82 495-502. Key Words: verification, case. Rushby, J.M. "Proof of Separability, A Key Words: certification, PRO-89 Verification Technique for A case. Proctor, N., and R. Wong Class of Security Kernels," in "The Security Policy of Proceedings, International

PFL-89 Secure Distributed Operating Symposium on Programming , Pfleeger, CP., S.L. Pfleeger, System Prototype," Proc. 5th Springer, Berlin, 1982, pp.

and M.F. Theofanos Security AppHcat. Conf. , (4: 352-367. "A Methodology for ffiE-89c), 1989, pp. 95-102. Penetration Testing," Key Words: verification,

Computers & Security , Key Words: OS, policy, techniques. November 1989, pp. 613-620. design, case. RUS-83 Key Words: vulnerabilities, RAJ-86 Rushby, J.M., and methods. Rajimas, S.A., et al. B. Randell "Security in KeyKOS," Proc. "A Distributed Secure System." PFL-89a 1986 IEEE Symp. on Sec. & Proc. 1983 IEEE Symp. on

Pfleeger, CP. Privacy , (5: IEE-86), pp. 78- Sec. & Privacy . (5: IEE-83a).

Security in Computing . 85 pp. 127-135. Prentice Hall, Englewood Cliffs. NJ, 1989 Key Words: methods, design, Key Words: architecture, case. design, case. Key Words: book, MLS, cryptography general. ROS-89 RUS-84 Rosenthal. D. Rushby. J.M. PLA-81 "Implementing a Verification "A Trusted Computing Base Platek, R.A. Methodology for McCullough for Embedded Systems." Proc. "The Evaluation of Three Security." Proc. Comp. Sec. 7th Seminar. DoD Comp. Sec.

Specification and Verification Foundat. Workshop 11 . 1989 Progr. . (5: DOD-84). 1984, pp. Methodologies," Proc. 4th (3: IEE-89a). pp. 133-140. 294-311.

Seminar, DoD Comp. Sec . design, Progr. . (5: DOD-81), 1981, Key Words: verification, Key Words: TCB, pp. X1-X17. design, case. case.

Key Words: verification, methods, specification, case.

5-15 RUS-89 SCH-84 SCH-87 Russell, T.T., and M.Schaefer Schaefer, M., and R.R. Schell Schockley, W.R., and 'Toward a High B Level 'Toward an Understanding of R.R. Schell Security Architecture for the Extensible Architectures for 'TCB Subsets for Incremental IBM ES/3090 Processor Evaluated Trusted Computer Evaluation," Proc. 3d Aerosp.

Resource/System Manger," System Products," Proc. 1984 Comp. Sec. Conf. , (5: lEE- Proc. 12th Natl. Comp. Sec. IEEE Symp. on Sec. & 87b), 1987, pp. 131-139.

Conf. , (5: NCS-89), 1989, Privacy , (5: IEE-84), pp. 41- pp. 184-196. 5L Key Words: TCB, methods, design. Key Words: architecture, Key Words: architecture, design, case. general. SCH-88 Schaffer. M.A., and G. Walsh SAY-87 SCH-84a "LCXTK/ix: On Implementing Saydjari, O.S., Schell, R.R., and T.F. Tao Unix on the LOCK TCB," J.M. Beckman, and "Microprocessor-Based Proc. 11th Natl. Comp. Sec.

J.R. Leaman Trusted Systems for Conf. . (5: NCS-88), 1988, pp. "Lxjcking Computers Communication and 319-329. Securely," Proc. 10th Natl. Workstation Application,"

Comp. Sec. Conf. , (5: NCS- Proc. 7th Seminar, DoD Key Words: OS, architecture,

87a), 1987, pp. 129-141. Comp. Sec. Progr. . (5: DOD- design, case. 84), 1984, pp. 277-290. Key Words: TCB. SCH-88a architecture, case. Key Words: architecture, Schockley. W.R., T.F. Tao, design, and M.F. Thompson SAY-89 "An Overview of the Saydjari, O.S.. J.M. SCH-84b GEMSOS Al Technology and Beckman, ScheU, R.R. Applications Experience," Proc.

and J.R. Leaman "Future of Trusted Computer 11th Nad. Comp. Sec. Conf. , '84 "LOCK Track: Navigating Systems," Proc. IFIP/Sec. , (5: NCS-88), 1988, pp. 238- Uncharted Space," Proc. 1989 Toronto, 1984, (2: FIN-85), 245. IEEE Symp. on Sec. & pp. 55-67.

Privacy , (5: IEE-89b), pp. Key Words: MLS, OS, kernel, 167-175. Key Words: trusted, general. methods, design, case.

Key Words: TCB, SCH-85 SCH-89 artchitecture, case. ScheU, R.R., T.F. Tao, and Schaefer, M. M. Heckman "Symbol Security Condition SCH-83 "Designing the GEMSOS Considered Harmful," Proc. ScheU, R.R. Security Kernel for Security 1989 IEEE Symp. on Sec. &

"Evaluating Security and Performance," Proc. 8th Privacy , (5: IEE-89b). pp. 20-

Properties of Computer Nad. Comp. Sec. Conf. , (5: 46. Systems," Proc. 1983 IEEE NCS-85), 1985. pp. 108-120.

Symp. on Sec. & Privacy , (5: Key Words: model, IEE-83a), pp. 89-95. Key Words: kernel, design, requirement, case. case. Key Words: methods, design, SCH-89a general. SCH-86 SchallenmuUer, E., et al. Schultz, A.C. "Development of a MultUevel SCH-83a "Using Software Tools to Data Generation AppUcation Schell. R.R. Analyze the Security for GEMSOS," Proc. 5th

"A Security Kernel for A Characteristics of HOL Security Applicat. Conf. , (4: Multi-Processing Micro- Programs," Proc. 9th Natl. IEE-89C), 1989, pp. 86-90.

Computer," IEEE Computer , Comp. Sec. Conf. , (5: NCS- July 1983, pp. 47-53. 86), 1986, pp. 108-112. Key Words: MLS, design, case. Key Words: kernel, design, Key Words: methods, case. techniques, design.

5-16 SHI-81 SOL-81 VAR-89 Shirley, LJ., and R.R. Schell Solomon. D.J. Varadharajan. V.. and "Mechanism Sufficiency "Processing Multilevel Secure S. Black Validation by Assignment," Objects," Proc. 1981 IEEE "Formal Specifiaction of a

Proc. 1981 IEEE Symp. on Symp. on Sec. & Privacy , (5: Secure Distributed Messaging Sec. & Privacy. (5: IEE-81), IEE-81), pp. 56-61. System," Proc. 12th Natl. 26-32. pp. Comp. Sec. Conf. . (5: NCS- Key Words: MLS, methods, 89). 1989, pp. 146-171. Key Words: requirements, design. methods. Key Words: specification, case. STA-86 SID-84 Stauffer, B.C., and R.U. Fujii VON-88 Sidhu, D.P. "Informal Verification von Henke. F.W., et all. "Executable Logic Analysis." Proc. 9th Natl. "EHDM Verification

Specifications: A New Comp. Sec. Conf. , (5: NCS- Environment: An Overview," Approach to Computer 86), 1986, pp. 126-129. Proc. 11th Nati. Comp. Sec. Security," Proc. 1984 IEEE Conf. , (5: NCS-88). 1988, pp.

Symp. on Sec. & Privacy . (5: Key Words: verification, 147-155. IEE-84), pp. 142-153. methods. Key Words: verification, case. Key Words: specification, SWA-85 methods. Swaminathan, K. WAL-80 "Negotiated Access Control," Walker. S.T. Sffi-87 Proc. 1986 IEEE Symp. on 'The Advent of Trusted

Siebert, W.O.. et al. Sec. & Privacy . (5: IEE-86), Systems." Proceedings, 1980

"Unix and B2: Are They pp. 190-196. Nati. Comp. Conference , Compatible?," Proc. 10th AFIPS Press, Reston, VA,

Nad. Comp. Sec. Conf. , (5: Key Words: control, methods. 1980. pp. 655-666. NCS-87a), 1987, pp. 142- 149. TAY-89 Key Words: trusted, plicy, Taylor, T. methods. Key Words: MLS, criteria, "FTLS-Based Security Testing case. for LOCK," Proc. 12th Nati. WAL-80a

Comp. Sec. Conf. , (5: NCS- Walker, B.J.. R.A. Kemmerer. SIL-83 89), 1989, pp. 136-145. and G.J. Popek Silverman, J. "Specification and Verification "Reflections on the Key Words: verification, case. of the UCLA Unix Security Verification of the Security Kernel." Communications of

of an Operating System TUR-81 the ACM , February 1980, pp. Kernel." Proc., 9th ACM Tum, R. (Ed.) 118-131. Symp. on Operating Syst. Advances in Computer System

Principles . 1983. pp. 143-154. Security . Artech House, Key Words: specification, Dedham, MA, 1981. methods, verification, case. Key Words: OS. verification, case. Key Words: book, general. WEI-82 Weissman. C. SMI-86 TUR-84 "Bizarre Bazaar: An Approach Smith, T.A. Tum, R. (Ed.) to Security Technology "User-Definable Domains as Advances in Computer System Transfer." Proc. 5th Seminar,

a Mechanism for Security . Vol. 2. Artech DoD Comp. Sec. Progr. , (5: Implementing the Least House. Dedham. MA, 1984. DOD-82), 1982, pp. 233-240. Privilege PrirKiple," Proc. 9th

Nad. Comp. Sec. Conf. . (5: Key Words: book, general. Key Words: MLS, methods, NCS-86). 1986, pp. 143-155. techniques. TUR-88 Key Words: design, Tum. R. (Ed.) techniques. Advances in Computer System

Security , Vol. 3, Artech House, Norwood, MA. 1988.

Key Words: book, general.

5-17 WHI-87 WIS-88 WOO-87 White. S.R. Wiseman, S., et al. Woodward, J.P.L "ABYSS: A Trusted "The Trusted Path Between "Exploiting the Dual Nature of Architecture for Software SMITE and the User," Proc. Sensitivity Labels," Proc. 1987 Protection," Proc. 1987 IEEE 1988 IEEE Symp. on Sec. & IEEE Symp. on Sec. &

Symp. on Sec. & Privacy , (5: Privacy . (5: IEE-88a), pp. Privacy . (5: IEE-87a), pp. 23- ffiE-87a), pp. 38-51. 147-155. 30

Key Words: TCB, Key Words: TCB, technique, Key Words: MLS, methods, architecture, case. case. techniques.

WIL-89 WIT-80 YOU-85 Williams. J.C.. and Withington, P.T. Young, W.D., W.E. Boebert. G.W. Dinolt 'The Trusted Function in and R.Y. Kain "Formal Model of a Trusted Secure Decentralized "Proving a Computer System File Server." Proc. 1989 Processing," Proc. 1980 IEEE Secure." Scientific

IEEE Symp. on Sec. & Symp. on Sec. & Privacy , (5: Honeyweller, July 1985, pp. 18-27. Privacy , (5: IEE-89b), pp. IEE-80), pp. 67-79. 157-166. Key Words: trusted, methods, Key Words: verification, Key Words: model, truatsed, design. general. case. WON-89 YOU-86 WIN-86 Wong, R., et al. Young, W.D.. ?A. Telga, and Wing. J.M.. and M.R. Nixon 'The SDOS System: A Secure W.E. Boebert "Extending Ina-Jo with Distributed Operating System "A Verified Labeler for the Temporal Logic." Proc. 1986 Prototype," Proc. 12th Nad. Secure Ada Target," Proc. 9th

Natl. Sec. Conf. , (5: IEEE Symp. on Sec. & Comp. Sec. Conf. , (5: NCS- Comp. 55-61. Privacy . (5: IEE-86), pp. 2- 89), 1989, pp. 172-183. NCS-86), 1986, pp. 13. Key Words: OS. trusted, case. Key Words: MLS, techniques, Key Words: specification, case. methods, techniques, case. WOO-83 Woodie. P.E. YOU-87 WIN-89 "Security Enhancement Young, W.D. Wing, J.M., and M.R. Nixon Through Product Evaluation," "Coding For A Believable "Extending InaJo with Proc. 1983 IEEE Symp. on Specification to Implementation Mapping," Temporal Logic," IEEE Sec. & Privacy , (5: IEE-83a). Proc. 1987 IEEE Symp. on Trans, on Software Engr. , pp. 96-101. Privacy. IEE-87a), February 1989. pp. 181-197. Sec. & (5: Key Words: methods, pp. 140-148. Key Words: specification, techniques. methods, techniques, case. Key Words: specification, WOO-86 methods. WIS-86 Woodie. P. Wiseman. S. "Distributed Processing YOU-89 "A Secure Capability System Security: Young. W.D. Computer System." Proc. Communications. Computer or "Comparing Specification 1986 IEEE Symp. on Sec. & Both," Proc. IEEE Intemat. Paradigms." Proc. 12th Nad.

Comp. Sec. Conf , (5: NCS- Privacy . (5: IEE-86). pp. 86- Conf. on Data Engr. , 1986. 83-97. 94 pp. 630-636. 89), 1989, pp.

Key Words: architecture, Key Words: requirements, Key Words: specification, capability. design. general.

5-18 YUC-88 Yu, C.-F. and V.D. Gligor "A Formal Specification and Verification Method for the Prevention of Denial of Service," Proc. 1988 IEEE

Symp. on Sec. & Privacy , (5: IEE-88a), pp. 187-202.

Key Words: specification, methods, verification, denial.

6. Database Security

The section cites publications on models of database security, specific implementations, statistical database inference problem, and general aspects of database security.

ADA-89 BEC-80 BLA-85 Adam, B.R., and Beck, L.L. Blakley, G.R., and J.C. Wortmaim "A Security Mechanism for C. Meadows "Security Control Methods Statistical Databases," ACM "A Database Encryption

for Statistical Databases: A Trans, on Database Systems , Scheme which Allows the Comparative Survey," ACM September 1980, pp. 316-338. Computation of Statistics

Computing Surveys , Using Encrypted Data," Proc. December 1989, pp. 515-556. Key Words: statistical, 1985 IEEE Symp. on Sec. &

inference. Privacy , (5: IEE-85), pp. 116- Key Words: database, 122. control. BER-87 Berson, T.A., and T.F. Limt Key Words: statistical, AHI-88 "Multilevel Security for encryption Ahituv, N., Y. Lapid, Knowledge-Based Systems," and S. Neumann Proc. 1987 IEEE Symp. on BOE-86

"Protecting Statistical Sec. & Privacy , (5: IEE-87a), Boebert, W.E., B.B. Dillaway, Databases Against Retrieval pp. 235-242. and J.T. Haigh of Private Information," "Mandatory Security and

Computers & Security , Key Words: database, policy, Database Management February 1988, pp. 59-63. methods. Systems," Proc. NCSC Workshop on Database

Key Words: statistical, BIS-87 Security . (6: COA-86), 1986, inference. Biskup, J. pp. A1-A21. "Privacy Respecting AKL-87 Permissions and Rights," Proc. Key Words: DBMS, policy,

Akl, S.G., and D.E. Denning inP WG 11.3 Meeting , (6: requirements. "Checking Classification LAN-88), 1987, pp. 173-185. Constraints for Consistency BON-80 and Completeness," Proc. -Key Words: database, policy, Bonyun, D.A. 1987 IEEE Symp. Sec. & methods. "The Secure Relational

Privacy , (5: IEE-87a), pp. Database Management System 196-201. BIS-88 Kemel — Three Years Alter,"

Biskup, J., and H. Graf Proc. 1980 IEEE Symp. on

Key Words: database, "Analysis of the Privacy Sec. & Privacy . (5: IEE-80), methods. Model for the Information pp. 34-37. System DORIS," Proc. IFIP

BAX-86 WG 11.3 Workshop, (6: Key Words: DBMS, relational, Baxter, V., LAN-89b), 1988, pp. 123-140. kemel. "Improving the Security Posture in Existing Key Words: models, methods, BON-84 Installations," Proc. NCSC case. Bonyun, D.A. Workshop on Database "Rules as the Basis of Accesss

Security , (6:COA-86), 1986, Control in Database pp. Hl-Hll. Mangement Systems," Proc.

7th Seminar, DoD Comp. Sec .

Key Words: database, Progr. . (5: DOD-84), 1984, pp. methods. 38-47.

Key Words: DBMS, control, methods.

6-1 BON-86 BUR-86 CAR-87 Bonyun, D. Bums, R.K. Carson, et al. "A New Look at Integrity 'Towards Practical MLS 'Toward a Multilevel Policy for Database Database Management Document System," No. 87- Management Systems," Proc. Systems Using the Integrity 3064, Proc. 3d Aerospace

NCSC Workshop on Lock Technology," Proc. 9th Comp. Sec. Conf. , (5: lEE-

Database Security , (6: COA- Natl. Comp. Sec. Conf., (5: 87b), 1987, pp. 1-6. 86), 1986, pp. B1-B18. NCS-86), 1986, pp. 25-29. Key Words: MLS, database. Key Words: DBMS, polcy, Key Words: MLS, DBMS, integrity. techniques. CHI-80 Chin. F.Y., and G. Ozsoyoglu BON-87 BUR-87 "Security of Statistical Data Bonyun, DA. Bums. R.K. Bases," in Rullo. T.A. (Ed.). "Logging and Accountability "Operational Assurances for a Advances in Computer

in Database Mangement Tmsted DBMS," Proc. inP Security Management. Vol. 1 .

Systems," Proc. IFIP WG WG 11.3 Meeting , (6: LAN- Heyden & Son. Philadelphia,

11.3 Meeting , (6: LAN-88), 88), 1987, pp. 241-251. PA. 1980. pp. 57-76. 1987, pp. 223-227. Key Words: DBMS, trusted, Key Words: statistical, Key Words: DBMS, auditing, neAods. methods. methods. BUR-89 CHI-81 BON-89 Bums, R.K. Chin, F.Y., and G. Ozsoyoglu Bonyim, D.A. 'The Homework Problem," in "Statistical Data Base Design." "Using MAPLESS as a Lunt, T.F., Research ACM Trans, on Database

Framework for Secure Directions in Database Systems . March 1981. pp. 113-

Database Mangement," Proc. Security , (6: LUN-90), May 139. MP WG 11.3 (Data Base) 1989, pp. 84-86.

Workshop , (6: IFI-89). 1989. Key Words: statistical, design. Key Words: MLS, database, Key Words: DBMS, methods, design. CHI-82 case. Chin. F.Y., and G. Ozsoyoglu BUS-83 "Auditing and Inference BOU-84 BussoUati, U., and Control in Statistical Boukaert, A. G. Martella Databases," IEEE Trans, on

"Security of Transportable 'Toward A New Approach to Software Engr. , November Computerized FUes," Proc. Secure Data Base Design," 1982, pp. 574-582 '84, Eurocrypt Paris, 1984, Computers & Security , (9: BET-85). pp. 416-425. January 1983, pp. 49-62. Key Words: statistical, auditing. Key Words: database, Key Words: database, techniques. methods. CHI-86 Chin, F.Y. BUC-89 CAR-85 "Security Problems on Buczkowski, L.J. Carroll, J.M., and Inference Control for SUM, "Database Inference H. Jurgensen MAX and MIN Queries,"

Controller," Proc. MP WG "Design of a Secure Journal of the ACM , July

11.3 (Data Base) Workshop , Relational Data Base," Proc. 1986, pp. 451-464. (6: in-89), 1989. mP/Sec. '85. Dublin, 1985. (2: GRI-85). pp. 1-16. Key Words: statistical, Key Words: control, inference. inference. Key Words: database, design, methods, relational.

6-2 CLA-83 COX-88 DEN-80 Claybrook, B.G. Cox, L.H. Denning, D.E., and J. Schlorer "An Approach to Developing "Inference Controls for "A Fast Procedure for Finding Multilevel Secure Data Base Frequency Count Tables: An a Tracker in a Statistical Management Systems," Proc. Update," Proc. 4th Aerospace Database," ACM Trans, on 1983 IEEE Symp. on Sec. & Comp. Sec. Conf. . (4: lEE- Database Systems . March 4- Privacy . (5: IEE-83a), pp. 88b), 1988. 112-117. pp. 1980. pp. 88-102. 17.

statistical, Key Words: Key Words: statistical, Key Words: DBMS, design, inference. inference. methods. CRO-89 DEN-80a COA-86 Crocker, S., and Denning, D.E. E. Coates, C. and Siarkiewicz "Secure Statistical Databases M. Hale (Eds.) "Software Methodology for Under Random Sample Proceedings of the NCSC Development of a Trusted Queries." ACM Trans, on Invitational Workshop on DBMS: Identification of Database Systems , September

Security , National Critical Database Problems." Proc. 5th 1980, pp. 291-315.

Computer Security Center, Ft. Security Applicat. Conf. . (4:

Meade. MD, June 1986. IEE-89c). 1989. pp. 148-165. Key Words: statistical, techniques. Key Words: proceedings, Key Words: DBMS, methods, database. software. DEN-81 Denning. D.E. COX-80 DAV-81 "Restricting Queries that Might Cox, L.H. Davida, G.I.. D.L. Wells, Lead to Compromise." Proc. "Suppression Methodology and J.B. Kam 1981 IEEE Svmp. on Sec. & and Statistical EHsclosure "A Database System with Privacy . (5: IEE-81), pp. 33- Control," Journal of Subkeys." ACM Trans, on 40.

American Statistical Database Systems . June 1981.

Association , June 1980, pp. pp. 312-328. Key Words: statistical, 377-385. inference, techniques. Key Words: database, Key Words: statistical, encryption. DEN-82

methods. Denning. D.E.. J. Schlorer, DAV-88 and E. Wehrle COX-86 Davidson. J.W. "Memoryless Inference Cox, L.H. "Implementation Design for a Controls for Statistical "Inference Control for Kemelized Trusted DBMS," Databases," Proc. 1982 IEEE Proc. Sec. Frequency Count Tables," 4th Aerosp. Comp. Symp. on Sec. & Privacy , (5:

IEEE Cipher , June 1986, pp. Conf.. (4: IEE-88b), 1988, pp. IEE-82), pp. 38-43. 4-14. 91-98. Key Words: statistical, Key Words: statistical, Key Words: DBMS, kernel, inference. inference. design. DEN-83 COX-87 DEJ-83 Denning, D.E. Cox, L.H. DeJonge, W. 'The Many-Time Pad: Theme "Modelling and Controlling "Compromising Statistical and Variations," Proc. 1983 User Inference," Proc. IhlP Data Bases Responding to IEEE Symp. on Sec. &

Privacy , 23- WG 11.3 Meeting . (6: LAN- Queries About Means," ACM (5: IEE-83a), pp.

88), 1987, pp. 167-171. Trans, on Database Systems , 30. March 1983, pp. 60-80. Key Words: database, Key Words: database, inference. Key Words: statistical, encryption. inference.

6-3 DEN-83a DEN-86a DEN-88a Denning, D.E., and Denning, D.E. Denning, D.E. J. Schlorer "A Preliminary Note on the "Database Security," in Traub, "Inference Controls for Inference Problem in J.F., et al., (Eds.), Annual

Statistical Data Bases," IEEE Multilevel Database Systems," Review of Computer Science ,

Computer, July 1983, pp. 69- Proc. NCSC Workshop on Volume 3, Aimual Reviews,

82. Database Security , (6: COA- Inc., Palo Alto, CA, 1988, pp. 86), 1986, pp. 11-114. 1-22. Key Words: statistical, inference. Key Words: MLS, database, Key Words: database, general. inference. DEN-83b DEN-88b Denning, D.E. DEN-87 Denning, D.E. "Field Encryption and Denning, D.E., et al. "An Evolution of Views," Authentication," Proc. "Views for Multilevel Proc. RADC Data Base

, Crypto-83 Santa Barbara, Database Security," IEEE Security Invitational Workshop ,

1983, (9: CHA-84b), pp. Trans, on Software Engr. , Menlo Park, CA, May 1988 231-247. February 1987, pp. 129-140. (6: LUN-90), pp. 74-77.

Key Words: statistical, Key Words: MLS, database, Key Words: MLS, database, encryption. views. views.

DEN-84 DEN-87a DEN-89 Denning, D.E. Denning, D.E., et al. Denning, D.E. "Cryptographic Checksums "A Multilevel Relational Data 'Toward a General Multi-Level

for Multilevel Database Model," Proc. 1987 IEEE Data Model," IEEE Cipher,

Security," Proc. 1984 IEEE Symp. on Sec. & Privacy , April 1989, pp. 34-40.

Symp. on Sec. & Privacy , (5: IEE-87a), pp. 220-234. (5: IEE-84), pp. 52-61. Key Words: MLS, database, Key Words: MLS, database, models. Key Words: MLS, database, models. encryption. DI1^86 DEN-87b Dillaway, B.B., and DEN-85 Denning, D.E. J.T. Haigh Denning, D.E. "Database System Lessons "A Practical Design for Multi- "Commutative Filters for Learned from Modeling a Level Security in Secure Reducing Inference Threats Secure Multilevel Relational Database Management in Multilevel Database Database System," Proc. IHP Systems," Proc. 2nd Aerosp.

Systems," Proc. 1985 IEEE WG 11.3 Meeting , (6: LAN- Comp. Sec. Conf. , (5: lEE-

Symp. on Sec. & Privacy , 88), 1987, pp. 35-43. 86a), 1986. (5: IEE-85), pp. 134-146. Key Words: MLS, database, Key Words: MLS, database, Key Words: MLS, database, models, relational, case. design, case. inference. DEN-88 Drr-88 DEN-86 Denning, D.E., et al. Dittrich, K.R., et al. Denning, D.E., et al. "The SeaView Security "Analysis of the Privacy "Views for Multilevel Model," Proc. 1988 IEEE Model for the Information

Database Security," Proc. Symp. on Sec. & Privacy , System DORIS," Proc. IFIP

1986 IEEE Symp. on Sec. & (5: IEE-88a), pp. 218-233. WG 11.3 Workshop, (6: LAN-

Privacy , (5: IEE-86), pp. 89b), 1988, pp. 105-121. 156-172. Key Words: stabase, model, views. Key Words: database, model, Key Words: MLS, database, case. views.

6-4 DOB-87 DUC-85 FEE-86 Dobson, J. du Croix. A.J. Feeney, T. "Sec. & Databases: A "Data Sharing and Access "Security Issues and Features Personal View," Proc. Protection in Business System of Database Management 12." WG 11.3 Meeting . (6: LAN- Computers & Security . Systems." Information Age. 88), 1987. pp. 11-22. December 1985. pp. 317-323. (U.K.), April 1986, pp. 85-94.

Key Words: database, Key Words: database, control, Key Words: DBMS, policy, general. case. methods.

DOB-88 DUN-86 FER-81 Dobson, J.E., and Duncan, G., and D. Lambert Fernandez, E.B.. R.C. JJi. McDermid "Disclosure-Limited Data Summers, and C. Wood

"Security Models and Dissemination." Journal of the Database Sec. & Integrity . Enterprise Models." Proc. American Statistics Addison-Wesley. Reading,

MP WG 11.3 Workshop. (6: Association . Vol. 81, No. 393, MA. 1981. LAN-89b). 1988, pp. 1-39. pp. 10-18. Key Words: book, database, Key Words: databse, models, Key Words: statistical, general. general. methods. FER-89 DOW-86 DWY-87 Fernandez. E.B.. E.Gudes. Downs, D.D. Dwyer. P.A., G.D. Jelatis, and and H.Song "Applicability of the TCSEC B.M. Thuraisingham "A Security Model of Object- to DBMS," Proc. NCSC "Multi-Level Security in Oriented Databases." Proc.

Workshop on Database Sec. , Database Management 1989 IEEE Symp. on Sec. &

(6: COA-86). 1986, pp. Jl- Systems," Computers & Privacy . (5: IEE-89b), pp. 110-

Jll. Security , June 1987, pp. 252- 115. 260. Key Words: MLS, DBMS, Key Words: database, models. criteria. Key Words: MLS. DBMS, methods. FRA-85 DOW-86a Fraga, J., and D. Powell Downs. D.D. DWY-88 "A Fault and Intrusion-Tolerant

"Discretionary Security in Dwyer. P.. et al. File System," Proc. IFIP/Sec . Database Management "Query Processing in LDV: A Dublin. 1985. (2: GRI-85). pp. Systems." Proc. NCSC Secure Database System." 203-218.

Workshop on Database Sec. . Proc. 4th Aerosp. Comp. Sec. methods, (6: COA-86). 1986. pp. Kl- Conf. , (4: IEE-88b), 1988, pp. Key Words: database, KIO. 118-124. case.

Key Words: DBMS, policy, Key Words: database, FRI-80 discretionary. techniques. Friedman. A.D.. and L.J. Hoffman DOW-89 ERI-83 'Towards a Fail-Safe Approach Downing, A.R., I.B. Eriksson, R., and K. Beckman to Secure Databases." Proc. Greenburg, and T.F. Lunt "Protecting of Data Bases 1980 IEEE Symp. on Sec. & 18- 'Issues in Distributed Using File Encryption," Proc. Privacy . (5: IEE-80), pp. '83 Database Security," Proc. 5th IFIP/Sec. . Stockhohn, 21. 217- Security Applicat. Conf. , (4: 1983. (2: FAK-83), pp. IEE-89c). 1989, pp. 196-203. 221. Key Words: statistical, methods. Key Words: database, Key Words: database, network, general. encryption.

6-5 FRO-88 GAL-85 GAR-89 Froscher, J.N., and Gal. G.. and W.E. McCarthy Garvey, C, et al. C. Meadows "Specification of Internal "A Layered TCB "Achieving a Trusted Accounting Controls in a Implementation Versus the Database Mangement System Database Environment." Hinke-Schaefer Approach,"

Using Prallelism," Proc. MP Computers & Security , March Proc. IFIP WG 11.3 (Data 23-32. WG 11.3 Workshop. (6: 1985. pp. Base) Workshop . (6: IFI-89), LAN-89b), 1988, pp. 151- 1989. 160. Key Words: database, auditing. Key Words: DBMS, design, Key Words: DBMS, trusted, case. methods. GAR-86 Garvey, C. GIL-80 FUG-85 "Architecture Issues in Secure Gilhooley. I.A. Fugini. M. Database Mangement "Data Security, in RuUo, T.A. "Design of a Relational Systems," Proc. NCSC (Ed.). Advances in Computer

Schema for Database Workshop on Database Sec., Security Management. Vol. 1 . Dynamic Authorization (6: COA-86), 1986, pp. Dl- Heyden & Son. Philadelphia, Management." Proc. IhlP/Sec. D19. PA. 1980. pp. 33-56. :85, Dublin. 1985. (2: GRI- 85), pp. 17-25. Key Words: DBMS, design, Key Words: database, methods, methods. general. Key Words: database, control, methods. GAR-88 GLA-88 Garvey, C, and A. Wu Glasgow, J., G. MacEwen, FUG-88 "ASD-Views," Proc. 1988 and P. Panangaden Fugini. M.G. IEEE Symp. on Sec. & "Security by Permission in 85- "Secure Database Privacy , (5: IEE-88a), pp. Databases." Proc. MP WG

Development Methodologies," 95. 11.3 Workshop. (6: LAN-89b). 197-205. Proc. MP WG 11.3 Meeting . 1988, pp. (6: LAN-88). 1987. pp. 103- Key Words: MLS. DBMS, 129. views. Key Words: database, control, methods. Key Words: database, GAR-88a methods. Garvey. C. N. Jensen, GRA-82 and J. Wilson Graubart, R.. and GAJ-88 "The Advanced Secure J.P.L. Woodward Gajnak, G.E. DBMS: Making Secure "A Preliminary Naval "Some Results from Entity- DBMSs Usable," Proc. IFIP Surveillance DBMS Security

Relationship Multilevel WG 11.3 Workshop , (6: Model." Proc. 1982 IEEE

Secure DBMS Project," Proc. LAN-89b), 1988, pp. 187-195. Symp. on Sec. & Privacy . 4th Aerosp. Comp. Sec. (5: IEE-82), pp. 21-37.

Conf. , (4: IEE-88b), 1988, Key Words: MLS, DBMS, pp. 66-71. case. Key Words: DBMS, models, case. Key Words: MLS, DBMS, GAR-88b case. Garvey, C.E., and GRA-84 P.N. Papaccio Graubart, R. GAJ-88a "Multilevel Data Store 'The Integrity Lock Approach Gajnak, G.E. Design." Proc. 2nd Aerosp. to Secure Database

"Some Results from Comp. Sec. Conf. . (5: lEE- Management," Proc. 1984 Entity/Relationship Multilevel 86a). 1986, pp. 58-64. IEEE Symp. on Security

Secure DBMS Project." Proc. Privacy . (5: IEE-84), pp. 62- RADC Data Base Security Key Words: MLS, database, 74.

Invitational Workshop , Menlo design. Park. CA, May 1988, (6: Key Words: DBMS, design, LUN-90), pp. 144-156. methods.

Key Words: MLS, DBMS, case.

6-6 GRA-84a HAI-87 HEN-88 Graubart, R.D., and Haigh, J.T. Henning. R.R.. R.P. Simonian S. Kramer "Modeling Database Security "Security Analysis of Database "The Integrity Lock Support Requirements," Proc. IFIP Schema Information," Proc.

Environment," Proc. IMP/Sec. . WG 11.3 Meeting (6: LAN- mP WG 11.3 Workshop. (6: J4. Toronto. 1984, (2: FIN- 88), 1987, pp. 45-56. LAN-89b). 1988. pp. 233-245. 85). pp. 249-268. Key Words: database, Key Words: database, methods. Key Words: database, design, requirements. methods. HEN-88a HAI-89 Henning. R.R. GRA-89 Haigh, J.T., et al. "Industry and Government Graubart. R. 'The LDV Approach to DBMS Security & Privacy "Comparing DBMS and Database Security." Proc. IFIP Needs-A Comparison." Proc.

Operating System Security WG 11.3 (Data Base) 4th Aerosp. Comp. Sec. Conf. .

Requirements - The Need Workshop . (6: IFI-89). 1989. (4: IEE-88b). 1988. pp. 99- for Separate DBMS Security 105. Criteria," Proc. IFIP WG Key Words: MLS. database,

11.3 (Data Base) Workshop . methods. Key Words: DBMS, (6: in-89). 1989. requirements. HAL-87 Key Words: DBMS, Hale. M.W. HEN-89 requirements, critCTia. "Status of Trusted Database Henning. R.R. System Interpretations." Proc. "DAC Mechanisms in Trusted

GRA-89a IFIP WG 11.3 Meeting . (6: Database Management Graubart, R. LAN-88), 1987, pp. 263-268. Systems." Proc. 2nd RADC

"A Comparison of Three Data Base Security Workshop, Secure DBMS Architectures," Key Words: database, criteria. (6:RAD-90). May 1989. Proc. IFIP WG 11.3 (Data Base) Workshop. (6: IFI-89), HAR-81 Key Words: DBMS, 1989. Hartson. H.R. discretionary. "Data Base Security System Key Words: DBMS, design, Architectures." Information HIN-86

case. Systems . Vol. 6. No. 1. 1981. Hinke, T.H. pp. 1-22. "Secure Database Management GUD-80 System Architectural Analysis," Gudes. E. Key Words: database, design. Proc. NCSC Workshop on

"The Design of a Database Sec. . (6: COA-86). Cryptography Based Secure HEN-86 1986. pp. E1-E15. File System," IEEE Trans, on Helming, R.R., and Key Words: DBMS, design, Software Eng. . September S.A. Walker 1980. pp. 411-420. "Computer Architectures and methods. Database Security," Proc. 9th HIN-87 Key Words: database, Natl. Comp. Sec. Conf. , (5: cryptography. NCS-86), 1986. pp. 216-230. Hinke, T.H. "DBMS Technology vs. GUY-89 Key Words: database, design. Threats," Proc. IFIP WG 11.3 LAN-88). 1987. Guynes. C.S. Meeting . (6: 57-87. "Protecting Statistical HEN-87 pp. Databases: A Matter of Henning. R.R. Privacy," Computers & 'The Allocation of Database Key Words: DBMS, threats, Security general. Society . March 1989, pp. 15- Management System 20. Responsibilities." Proc. IFIP (6: WG 11.3 Meeting . LAN- Key Words: statistical, 88). 1987. pp. 131-148. requirements. Key Words: database, management.

6-7 HIN-88 HON-82 HUB-86 Hinke. T.H. Hong, Y.-C., and S.Y.W. Su Hubbard, B.S., S.A. Walker, "Inference Aggregation "A Mechanism for Database and R.R. Henning Detection in Database Protection in Cellular-Logic "Database Systems and The Management Systems," Proc. Devices," IEEE Trans, on Criteria: Do They Relate?,"

1988 IEEE Symp. on Sec. & Software Engr. , November Proc. 9th Natl. Comp. Sec.

. 96- 583-596. Privacy (5: IEE-88a), pp. 1982, pp. Conf. , (5: NCS-86), 1986. pp. 106. 21-24. Key Words: database, Key Words: database, techniques. Key Words: database, criteria. inference. HOP-88 IEO-88 HIN-88a Hoppenstand, G.S., and leong, I.T., and T.C. Ting Hinke, T.H. D.K. Hsiao "An Analysis of Database "Database Inference Engine "Secure Access Control with Security with Queries to Design Approach," Proc. IFIP High Access Precision: An Higher Order Statistical

WG 11.3 Workshop. (6: Efficient Approach to Information," Proc. IFIP WG

LAN-89b), Oct. 1988. pp. Multilevel Security," Proc. 11.3 Workshop . (6: LAN-89b),

247-262. MP WG 11.3 Workshop . (6: 1988, pp. 207-223. LAN-89b). 1988. pp. 167-176. Key Words: database, Key Words: statistical, inference, design. Key Words: MLS. database, methods. control. HIN-88b m-89 Hinke, T.H., et al. HOS-88 Proceedings, Workshop on "A Secure DBMS Design," Hosmer. H.H.. and Database Security, IFIP WG

Postscript, 11th Natl. Comp. B.K. Bums 11.3 (Data Base) , Monterey,

Sec. Conf. , (5: NCS-88a), "Designing Multilevel Secure CA, September 5-7, 1989. 1988, pp. 1-13. Distributed Databases." Proc.

inP WG 11.3 Workshop. (6: Key Words: proceedings, Key Words: database, design, LAN-89b). 1988. pp. 161-165. database, MLS, methods, methods. general. Key Words: MLS. database, HIN-89 design. JAJ-89 Hinke. T.H. Jajodia, S., et al. "DBMS Trusted Computing HOS-89 "Audit Trail Organization in Data Taxonony." Proc. IFIP Hosmer, H.H. Relational Databases." Proc. WG 11.3 (Data Base) "Handling Integrity Lock IFIP WG 11.3 (Data Base)

Workshop . (6: IFI-89). 1989. Violations," Proc. IFIP WG Workshop . (6: IFI-89), 1989.

11.3 (Data Base) Workshop , Key Words: DBMS, methods, (6: in-89). 1989. Key Words: database, auditing. design. Key Words: database, JAJ-89a HIN-89a techniques. Jajodia, S., et al. Hinke, T.H. "Auditing in Secure Database "Database Design with Row HSI-87 Management Systems." Proc. Level MAC and Table Level Hsiao. D.K. 2nd RADC Data Base Security

DAC," Proc. 2nd RADC "Database Security Course Workshop . (6: RAD-90). May Data Base Security Module." Proc. IFIP WG 11.3 1989.

Workshop . (6: RAD-90), Meeting . (6: LAN-88). 1987, May 1989. pp. 269-301. Key Words: DBMS, auditing, methods. Key Words: MLS, database, Key Words: database, design. awareness, general.

6-8 JEN-88 KEE-89C LAN-87a Jensen, N.R. Keefe, T.F., and W.T. Tsai Landwehr, C.E. (Ed.) "System Security Officer "Prototyping the SODA Database Security: Status and Functions in the A 1 Secure Security Models," Proc. IFIP Prospects, Proceedings, IFIP DBMS," Proc. inP WG 11.3 WG 11.3 (Data Base) WG 11.3 (Data Base) Initial

Workshop . (6: LAN-89b), Workshop . (6: IFI-89), 1989. Meeting , Aimapolis, MD, Oct 1988. pp. 53-62. October 1987, North-Holland, Key Words: database, Amsterdam, 1988. Key Words: MSL. DBMS, methods, case. management. Key Words: proceedings, KEM-87 database, general, methods.. JEN-88a Kemmerer, R.A. Jensen, N.R. "Formal Specification and LAN-89 "Implications of Multilevel Verification Techniques for a Landwehr, C.E., (Ed.) Security on the Data Trusted DBMS," Proc. IFIP Database Security, 11: Status

Dictionary of a Secure WG 11.3 Meeting . (6: LAN- and Prospects , Proceedings. Relational DBMS," Proc. 4th 88), 1987, pp. 229-240. IFIP WG 11.3 (Data Base)

Aerosp. Comp. Sec. Conf. , Workshop, Kingston, Ontario, (4: IEE-88b), 1988, pp. 58- Key Words: DBMS, October 1988, North-Holland, 59. verification. Amsterdam, 1989.

Key Words: MLS, DBMS, KNO-87 Key Words: proceedings, design. Knode, R.B. database. 'Trudata: The Road to a KEE-89 Trusted DBMS," Proc. 10th LAV-84

Keefe, T.F., Natl. Comp. Sec. Conf. , (5: Lavrence, D.I. M.B. Thuraisingham, NCS-87a), 1987, pp. 201-210. "Some Security Aspects of and W.T. Tsai Decision Support Systems," '84 "Secure Query Processing Key Words: DBMS, methods, Proc. IFIP/Sec. , Toronto,

Strategies," IEEE Computer , case. 1984, (2: FIN-85), pp. 239- March 1989, pp. 63-70. 248. KNO-88 Key Words: database, Knode, R.B. and R.A. Hunt Key Words: database, methods, general. "Making Databases Secure requirements. with Trudata Technology," KEE-89a Proc. 4th Aerosp. Comp. Sec. LEI-82

Keefe, T., et al. Conf. , (4: IEE-88b), 1988, pp. Leiss, E.L. "Multi-Party Update Conflict: 82-90. Principles of Database

The Problem and Its Security , Plenum Press, New Solution," Proc. 5th Aerosp. Key Words: database, design, York, 1982.

Comp. Sec. Conf. , (4: lEE- case. 89c), 1989, pp. 222-231. Key Words: book, database, KUO-83 general. Key Words: database, Kuong, J.J. techniques. Controls for AdvancedA3n- LEI-86

Line, Database Systems , Leiss, F.L. KEE-89b Management Advisory 'The Inaccessible Set: A Keefe, T.F., et al. Publications, Wellesley Hills, Classification by Query Type "SODA: A Secure Object- MA. 1983. of Security Risk in Statistical Oriented Database System," Databases," Information

Processing Letters , December Computers & Security , October 1989, pp. 517-533. Key Words: book, databse, 1986, pp. 275-279. controls. Key Words: database, case. Key Words: statistical, LAN-87 methods. Landwehr, C.E. (Chm.) "Database Security: Where Are We," Proc. IFIP WG 11.3

Meeting , (6: LAN-88), October 1987, pp. 1-9.

Key Words: database, general.

6-9 LIE-85 LUN-88 LUN-89 Liew. C.K., W.J. Choi, Lunt, T.F., et al. Lunt, T.F. and C.J. Liew "A Near-Term Design for the "Aggregation and Inference: "A Data Distortion by Sea View Multilevel Database Facts and Fallacies," Proc. Probability Distribution," System," Proc. 1988 IEEE 1989 IEEE Symp. on Sec. &

ACM Trans, on Database Symp. on Sec. & Privacy , (5: Privacy . (5: IEE-89b), pp. 102-

Systems , September 1985, pp. IEE-88a), pp. 234-244. 109. 395-411. Key Words: MLS, database, Key Words: database, Key Words: statistical, design. inference. methods. LUN-88a LUN-89a LIN-89 Lunt, T.F. Lunt, T.F. Lin, T.Y. "Access Control Policies for "Report from the Second "Some Remarks on Inference Database Systems," Proc. IFIP RADC Database Security

Controllers," Proc. 2nd WG 11.3 Workshop. (6: Workshop," Proc. 5th Aerosp.

RAEXr Data Base Security LAN-89b). 1988, pp. 41-52. Comp. Sec. Conf. , (4: lEE-

Workshop , (6: RAD-89), 89c). 1989. pp. 310-313. May 1989. Key Words: database, control, policy. Key Words: database, general. Key Words: database, inference. LUN-88b LUN-89b Lunt, T.F. Lunt, T.F. LIN-89a "Multilevel Database Systems: "Multilevel Security for Lin, T.Y. Meeting Al," Proc. IFIP WG Object-Oriented Database

"Commutative Security 11.3 Workshop. (6: LAN- System," Proc. IFIP WG 11.3

Algebra and Aggregation," 89b), 1988. pp. 177-186. (Data Base) Workshop . (6: Proc. 2nd RADC Data Base IFI-89). 1989.

Security Workshop , (6: RAD- Key Words: MLS, database, 89), May 1989. methods. Key Words: MLS. database, methods. Key Words: database, LUN-88C methods, theory. Lunt, T.F. LUN-90 "A Summary of the RADC Lunt. T.F. LOC-87 Database Security Workshop," Research Directions in Lochovsky, F.H., and Proc. Urh Natl. Comp. Sec. Database Security, Proceedings,

C.C. Woo Conf. . (5: NCS-88), 1988, pp. 1st RADC Data Base Security

"Role-Based Security in 188-193. Invitational Workshop , Menlo Database Management Park, CA, May 1988, Springer Systems," Proc. IFIP WG Key Words: database, general. Veriag, New York, 1990.

11.3 Meeting . (6: LAN-88), 1987, pp. 209-222. LUN-88d Key Words: proceedings, Lunt, T.F. general. Key Words: DBMS, methods. 'Toward a Multilevel Relational Data Language," MAC-87 LUN-87 Proc. 4th Aerosp. Comp. Sec. MacEwen, G.H.

Lunt, T.F., and T.A. Berson Conf. . (4: IEE-88b), 1988. pp. "Effects of Distributed System "An Expert System to 72-79. Technology on Database Classify and Sanitize Text," Security: A Survey," Proc.

Proc. 3d Aerosp. Comp. Sec. Key Words: MLS. relational, MP WG 11.3 Meeting , (6:

Conf. , (5: IEE-87b), 1987, design. LAN-88), 1987. pp. 253-261. pp. 30-34. LUN-88e Key Words: database, Key Words: database, Lunt, T.F.. et al. networks. techniques. "Element-Level Classification with A-1 Assurance."

Computers & Security , February 1988, pp. 73-82.

Key Words: MLS. database, methods.

6-10 MAN-87 MCL-85 MEA-88b Manola, F.A. McLeish, M. Meadows, C. "A Personal View of DBMS "Inference Controls for "New Approaches to Database Security," Proc. IFIP Intelligent WG Databases." Security: Report on

11.3 Meeting . LAN-88). Proceedings. (6: 1985 Conference Discussion," Proc. RADC Dau Oct 1987, 23-34. on InteUigent pp. Systems and Base Security Invitational

Machines . Oakland University Workshop . Menlo Park, CA, Key Words: MLS, DBMS, Press, Oakland, MI, April May 1988, (6: LUN-90). pp. general. 1985, pp. 71-75. 193-200.

MAT-86 Key Words: database, Key Words: database, design, Matloff. N.S. methods, control, inference. methods, general. "Another Look at the Use of Noise Addition for Database MCL-89 MEA-89 Security." Proc. 1986 IEEE McLeish, M. Meadows. C. Symp. on Sec. & Privacy , (5: "Further Results on the "Constructing Containers Using IEE-86), pp. 173-180. Security of Partitioned a Multilevel Relational Data Dynamic Statistical Model." Proc. IHP WG 11.3 Key Words: statistical, Databases," ACM Trans, on (Data Base) Workshop . (6: techniques. Database Systems . March in-89), 1989. 1989, pp. 98-113. MAT-87 Key Words: database, model, Matloff, N.S. Key Words: statistical, design, relational. "Inference Control via Query methods. Restriction vs. Data MEA-89a Modification," Proc. IMP MEA-87 Meadows, C, and J. Forscher

WG 11.3 Meeting . (6: LAN- Meadows, C, and S. Jajodia "Operating System Support of 88), 1987. pp. 159-166. "Integrity vs. Security in Multilevel Applications," Proc. Multi-Level Secure 2nd RADC Data Base Security statistical, Databases," Proc. Key Words: IFIP WG Workshop . (6: RAD-90), May

techniques. 11.3 Meeting . (6: LAN-88), 1989. 1987, pp. 89-101 MAT-88 Key Words: OS, database, Matloff. N.S.. and P. Tendick Key Words: MLS, databases, methods. "The 'Curse of methods, integrity. Dimensionality' in Database MIN-81 Security." Proc. IFIP WG MEA-88 Minsky, N.

11.3 Workshop. (6:LAN-89b), Meadows, C, and S. Jajodia "Synergistic Authorization in 1988, pp. 225-232. "Maintaining Correctness, Database Systems," Proc., 7th Availability, and Unabiguity Intemat. Conference on Very

Key Words: database, theory, in Trusted Data Base Large Database Systems , methods. Management Systems." Proc. September 1981. 4th Aerosp. Comp. Sec.

MCH-88 Conf. . (4: IEE-88b). 1988. pp. Key Words: databases, control, McHugh, J., and 106-110. methods, techniques. B.M. Thuraisingham "Multilevel Security Issues in Key Words: trusted. DBMS, MIR-80 Distributed Database methods, techniques. Miranda, S. Management Systems," "Aspects of Data Security in

Computers & Security , MEA-88a GeneralPurpose Data Base August 1988. pp. 387-396. Meadows, C. Mangement Systems," Proc. "Designing a Trusted 1980 IEEE Symp. on Sec. &

Key Words: MLS, DBMS, Application Using an Object- Privacy . (5: IEE-80), pp. 46- network. Oriented Data Model," Proc. 58. RADC Data Base Security

Invitational Workshop , Menlo Key Words: DBMS, Park, CA. May 1988 (6: requirements, methods. LUN-90), pp. 157-163.

Key Words: database, models, design.

6-11 MOR-87 NOT-86 OMA-83 Morgenstem, M. Notargiacomo, L., and Omar. K.A., and D.L. WeUs "Sec. & Inference in J.P. O'Connor "Modified Structure for the Multilevel Database and "Report on Secure Distributed Subkeys Model." Proc. 1983 Knowledge-Base Systems," Data Management System IEEE Symp. on Sec. &

Proc, ACM Intemat. Conf. Research," Proc. NCSC Privacy , (5: IEE-83a), pp. 79- on Management of Data Workshop on Database 86.

(SIGMOD-87) . May 1987. Sec.,(6: COA-86), 1986, pp. G1-G9. Key Words: database, Key Words: MLS, database, encryption. inference. Key Words: database, methods, network. OZS-82 MOR-88 Ozsoyoglu, G., and F.Y. Chin Morgenstem, M. NOT-88 "Enhancing the Security of "Controlling Logical Notargiacomo, L. Statistical Databases with a Inference in Multilevel "Secure Distributed DBMS - Question-Answering System Database Systems," Proc. Architecture Definition," Proc. and a Kernel Design," IEEE

1988 IEEE Symp. on Sec. & RADC Data Base Security Trans, on Software Engr. , May

Privacy . (5: IEE-88b), pp. Invitational Workshop , Menlo 1982, pp. 223-234. 245-255. Park, CA, May 1988 (6: LUN-90), pp. 23-48. Key Words: statistical, Key Words: MLS, database, methods, inference, design. inference. Key Words: MLS, DBMS, design. OZS-85 MOR-88a Ozsoyoglu, G., and T.A. Su Morgenstem, M. NOT-88a "Rounding and Inference "Inference and Aggregation," Notargiacomo, L. Control in Conceptual Models Proc. RADC Data Base "Metadata and View for Statistical Databases," Proc. Security Invitational Classification," Proc. RADC 1985 IEEE Symp. on Sec. &

Workshop , Menlo Park, CA, Data Base Security Privacy , (5: IEE-85), pp. 160-

May 1988, (6: LUN-90), pp. Invitational Workshop , Menlo 173. 118-133. Park. CA. May 1988 (6: LUN-90). pp. 201-205. Key Words: statistical, Key Words: database, inference, techniques. inference. Key Words: database, methods, views. PAA-86 NAS-83 Paass, G. Multilevel Data Management OCO-88 "Disclosure Risk and Security, Report on 1982 Air O'Connor, J.P. and Disclosure Avoidance for

Force Summer Study , Air J.W. Gray HI Microdata," Proc. IFIP/Sec. '86 Force Studies Board, National "A Distributed Architecture , Monte Carlo, 1986, (2: Academy of Sciences, for Multilevel Database GRI-89). Washington, DC. 1983. Security," Proc. 11th Natl.

Comp. Sec. Conf. , (5: NCS- Key Words: statistical, threats, Key Words: proceedings, 88), 1988, pp. 179-187. techniques. general. Key Words: MLS, database, PAL-87 NBS-81 network. Palley, M.A., and Guidelines on Integrity J.S. Simonoff Assurance and Control in OLD-84 "The Use of Regression

Data Base Administration . Oldehoeft, A.E., and Methodology for Compromise FTPS PUB 88, National R. McDonald of Confidential Information in Bureau of Standards, "A Software Scheme for User Statistical Database," ACM

Gaithersburg, MD, August Controlled File Encryption," Trans, on Database Systems ,

1981. Computers & Security , December 1987, pp. 593-608. February 1984, pp. 35-42. Key Words: database, Key Words: statistical, threats. guidelines integrity, methods. Key Words: database, encryption.

6-12 PAT-85 REI-84 SAD-89 Patkau. B.H., and Reiss, S.P. Sadhu, R. D.L. Tennenhouse "Practical Data Swapping: The "Mandatory Controls for "The Implementation of First Steps," ACM Trans, on Database Integrity," Proc. IFIP

Secure Entity-Relationship Database Systems , March WG 11.3 (Data Base)

Databases," Proc. 1986 IEEE 1984. pp. 20-37. Workshop , (6: in-89), 1989.

Symp. on Sec. & Privacy , (5: IEE-86). pp. 230-236. Key Words: database, Key Words: database, integrity. techniques. Key Words: databse, design, SCH-80 methods. ROD-80 Schell, R.R., and L.A. Cox Rodriguez, J.J., and "A Secure Archival Storage PET-89 P.S. Fisher System," Conference Record,

Petrie, M.L., E. Gudes, and "Security Problems in a Data 1980 IEEE Fall Comcon , E£. Fernandez Base Enviroiunent," in Rullo, Washington, DC, 1980. "Security Policies in Object- T.A. (Ed.), Advances Oriented Databases," Proc. inComputer Security Key Words: database, case.

JFIP WG 11.3 (Data Base) Management, Vol. 1, Heyden

Workshop . (6: in-89), 1989. & Son, Philadelphia, PA, SCH-80a 1980, pp. 122-139. Schlorer, J. Key Words: database, policy, "Disclosure from Statistical methods. Key Words: database, threats. Databases: Quantitative Aspects of Trackers." ACM

PLU-88 ROU-87 Trans, on Database Systems . Pluimakers, G.M.J. Rougeau, P.A. and December 1980, pp. 467-492. "Some Notes on E.D. Sturms Authorization and Transaction "The Sybase Secure Key Words: statistical, Management in Distributed Dataserver: A Solution to the inference. Database Systems," Multilevel Secure DBMS

Computers & Security , June Problem." Proc. 10th Natl. SCH-81

1988, pp. 287-298. Comp. Sec, Conf. . (5: NCS- Schlorer, J. 87a), 1987. pp. 211-215. "Security in Statistical Key Words: databse, control, Databases: Multidimensional network. Key Words: MLS, DBMS, Transformations," ACM Trans.

case. on Database Systems , March RAD-89 1981, pp. 95-112. "Research Directions in RUD-85 Database Security, 11," Rudell, M.E. Key Words: statistical, Proceedings. 2nd RADC Data "Labeling Screen Output," techniques.

Base Security Workshop , Proc. 1986 IEEE Symp. on

Bethlehem. NH, May 1989, Sec. & Privacy , (5: IEE-86), SCH-83 SRI International. Menlo pp. 237-240. Schloerer, J., and Park. CA, December 22, D.E. Denning 1989. Key Words: database, "Protecting Query Based techniques. Statistical Output," Proc. '83 Key Words: proceedings, mP/Sec. , Stockholm, general, policy, methods. RUS-89 1983, (2: FAK-83), pp. 37-46. Russell, L. REI-80 "Semantic Overloading of the Key Words: statistical, Reiss. S.P. Relational Model for techniques. "Practical Data Swapping," Multilevel Security," Proc. Proc. 1980 IEEE Symp. on 2nd RADC Data Base SCH-83a

, (6: Schloerer, J. Sec. & Privacy . (5: IEE-80), Security Workshop RAD- pp. 38-45. 89), May 1989. "Information Loss in Partitioned Statistical

Key Words: database, Key Words: MLS, database, Databases," Computer Joumal , techniques. methods. No. 3, 1983, pp. 218-223.

Key Words: statistical, inference.

6-13 SCH-85 SIC-83 SMI-89b Schaefer, M. Sicherman, G.L., W. deJonge Smith, G.W. "On the Logical Extension of and R. van de Ried "Solving Multilevel Database the Criteria Principles to "Answering Questions Without Security Problems: Technology Design of Multi-level Revealing Secrets." ACM Is Not Enough," Proc. IFIP Database Management Trans, on Database Systems. WG 11.3 (Data Base)

Systems," Proc. 8th Natl. March 1983. pp. 41-59. Workshop . (6: IFI-89), 1989.

Comp. Sec. Conf. . (5: NCS-

85) . 1985. pp. 28-30. Key Words: database, Key Words: MLS, database, methods. methods. Key Words: MLS, DBMS, criteria, design. SMI-88 SMI-89C Smith, G.W. Smith, G.W. SCH-86 "Identifying and Representing "MAC, DAC and the Need-to- Schell, R.R.. and the Security Semantics of an Know," Proc. 2nd RADC Data

D.E. Denning Application," Proc. 4th Base Security Workshop . (6:

"Integrity in Trusted Database Aerosp. Comp. Sec. Conf. , (4: RAD-89), May 1989. Systems," Proc. 9th Natl. IEE-88b). 1988, pp. 125-130.

Comp. Sec. Conf. , (5: NCS- Key Words: MLS, database,

86) , 1986, pp. 30-36. Key Words: database, models, policy. methods. Key Words: database, SMI-89d integrity. SMI-88a Smith, G.W. Smidi. G.W. "Homework Problem #2: MLS SCH-86a "Classifying and Database Design," Proc. 2nd Schell, R.R., and Downgrading: Is a Human RADC Data Base Security

D.E. Denning Needed in the Loop?." Proc. Workshop . (6: RAD-89). May "Integrity in Trusted Database RAIX: Data Base Security 1989.

Systems," Proc. NCSC Invitational Workshop . Menlo Workshop on Database Sec., Park, CA, May 1988. (6: Key Words: MLS. database, (6: COA-86), 1986, pp. Cl- LUN-90). pp. 164-185. design. C14. Key Words: MLS, database, SMI-89e Key Words: database, methods. Smith. W.G. integrity. "Report on the Homework SMI-89 Problem." Proc. 2nd RADC

SCH-88 Smidi, G.W. Data Base Security Workshop, Schaeffer, M. "Going Beyond Technology to (6: RAD-89). May 1989. "Dynamic Classification and Meet the Challenge of Automatic Sanitization," Proc. Multilevel Deitabase Security," Key Words: MLS, database, RADC Data Base Security Proc. 12th Natl. Comp. Sec. design.

Invitational Workshop , Menlo Conf. , (5: NCS-89). 1989, pp. Park. CA, May 1988 (6: 1-10. SPO-84 LUN-90), pp. 134-139. Spooner. D.L.. and E. Gudes Key Words: MLS, database, "A Unifying Approach to the Key Words: database, methods. Design of Secure Database techniques. Operating Systems," IEEE SMI-89a Trans, on Software Engr., May SHO-88 Smith, G.W. 1984. pp. 310-319. Shockley. W.R. and "Multilevel Secure Database D.F. Warren Design: A Practical Key Words: MLS, database, "Description of Multilevel Applications," Proc. 5th OS, design.

Secure Entity-Relationship Security Applicat. Conf. . (4: DBMS Demonstration." Proc. IEE-89C), 1989. pp. 314-321.

11th Natl. Comp. Sec. Conf. . (5: NCS-88), 1988, pp. 171- Key Words: MLS, database, 178. design.

Key Words: MLS, DBMS, design, case.

6-14 SPO-86 STA-88a THO-88 Spooner, A^., et al. Stachour, P. Thompsen, D., W.T. Tsai. and "Framework for the Seciirity "LOCK Data Views," Proc. M.B. Thuraisingham Component of an ADA RADC Data Base Security "Prototyping as a Research

DBMS," Proceedings. 12th Invitational Workshop, Menlo Tool for MLS/DBMS," Proc. International Conference on Park, CA, May 1988 (6: MP WG 11.3 Workshop, (6:

Very Large Data Bases . LUN-90), pp. 65-73. LAN-89b), Oct 1988, pp. 63- 1986, pp. 347-354. 84. Key Words: MLS. database, Key Words: DBMS, methods, views. Key Words: MLS, DBMS, case. design. SUM-81 SPO-86a Summers. R.C.. THO-89 Spooner, A.M., et al. E.B. Fernandez, and C. Wood Thomsen. D.. W.T. Tsai, and "Framework for the Security "Auditing and Control in a M.B. Thuraisingham Component of an ADA Database Environment," "Prototyping to Explore DBMS," Proc. NCSC Computer Security Journal. MLS/DBMS Design,"

Workshop on Database Sec. , Spring 1981, pp. 99-121. Computers & Security . May (6: COA-86), 1986. pp. Fl- 1989, pp. 229-245. F15. Key Words: database, auditing, case. Key Words: MLS, DBMS, Key Words: DBMS, methods, design. case. SUT-87 Su, T.-A, and G. Ozsoyoglu THU-87 SPO-87 "Data Dependencies and Thuraisingham, M.B. Spooner, D.L. Inference Control in "Security Checking in "Relationaships Between Multilevel Relational Database Relational Database Database System and Systems," Proc. 1987 IEEE Management Systems with Inference Operating System Security," Symp. on Sec. & Privacy , (5: Augmented Engines," Computers Proc. IFIP WG 11.3 Meeting . IEE-87a), pp. 202-211. & (6: LAN-88), Oct. 1987, pp. Security , December 1987, pp. 149-158. Key Words: MLS, DBMS, 479-492. inference, control, design. Key Words: database, OS, Key Words: DBMS, inference, design. SUT-89 methods. Su, T.-A., J. Chung, and SPO-88 G. Ozsoyoglu THU-88 Spooner, D.L. "On the Cell Suppression by Thuraisingham, M.B., "The Impact of Inheritance Merging Technique in the W.T. Tsai, and T.F. Keefe on Security in Object- Lattice Model of Sununary "Secure Query processing Oriented Database System." Tables," Proc. 1989 IEEE Using Al Techniques," Privacy Proceedings, 21st Hawaii Proc. IFIP WG 11.3 Symp. on Sec. & , (5: Intemat. Conference on Workshop . (6: LAN-89b). IEE-89b), pp. 126-135.

Sciences , January Oct 1988, pp. 141-150. Systems Key Words: statistical, model, 1988. Key Words: database, model, method, techniques. methods. Key Words: database, SUT-89a techniques. STA-88 Su. T.-A. and G. Ozsoyoglu Stachour, P., B. "Multivalued Dependency THU-88a Thuraisingham, M.B. Thuraisingham, and P. Dwyer Inferences Relational Database "Foundations of Multilevel "Update Processing in LDV: Systems," Proc. fflP WG 11.3 Databases," Proc. RADC Data A Secure Database System," (Data Base) Workshop, (6: Security Invitational Postscript, 11th Natl. Comp. DFI-89), 1989. Base Workshop , Menlo Park, CA, Sec. Conf. , (5: NCS-88a). May 1988 (6: LUN-90). 1988, pp. 96-115. Key Words: database, inference. Words: MLS, database, Key Words: MLS. database, Key theory. method, case.

6-15 THU-89 THU-89e VAN-80 Thuraisingham. M.B. Thuraisingham, M.B. van de Riet, R.P., and "A Multilevel Secure Data "Secure Query Processing in A. Wasserman Model," Proc. 12th Natl. Intelligent Database "A Module Definition Facility

Comp. Sec. Conf. , (5: NCS- Management Systems," Proc. for Access Control in

89). 1989, pp. 579-590. 5th Security Applicat. Conf. , Distributed Data Base (4: IEE-89C), 1989, pp. 204- Systems." Proc. 1980 IEEE

Key Words: MLS, database, 214. Symp. on Sec. & Privacy . (5: models. IEE-80). pp. 59-66. Key Words: DBMS, methods, THU-89a techniques. Key Words: database, network, Thuraisingham, M.B. control. "Mandatory Security in TIN-87 Object-Oriented Database Ting, T.C. VAN-86 Systems," Proceedings, ACM "A User-Role Based Data van der Lans. R.F. Conference on Object- Security Approach," Proc. "Data Security in a Relational

Oriented Progarmming , mP WG 11.3 Meeting . (6: Database Enviromnent."

October 1989. LAN-88). Oct. 1987. pp. 187- Computers «fe Security , June 208. 1986, pp. 128-134. Key Words: MLS, database, policy. Key Words: database, Key Words: database, methods. relational. THU-89b Thiffaisingham, M.B. TRA-84 VET-89 "Recent Developments in Traub. J.F.. Y. Yemeni, and Vetter, L., and G. Smith Database Security," Proc, H. Wozniakowski 'TCB Subsets: The Next

IEEE Comp. Applicat. Conf. , 'The Statistical Security of a Step," Proc. 5th Security

September 1988. Statistical Database." ACM Applicat. Conf. , (4: IEE-89c),

Trans, on Database Systems , 1989. pp. 216-221. Key Words: database, December 1984. pp. 672-679. general, methods. Key Words: database, design. Key Words: statistical, THU-89C methods. WAG-82 Thuraisingham, M.B. Wagner. N.R. "Security Checking with TRO-86 "Shared Database Access Prolog Extensions," Troxell, P.J. Using Composed Encryption Proceedings, 2nd RADC Data 'Trusted Database Design," Functions." Proc. 1982 IEEE Base Security Invitational Proc. 9th Natl. Comp. Sec. Symp. on Security and

Workshop , Franconia, NH, Conf. , (5: NCS-86), 1986. pp. Privacy . (5: IEE-82). pp. 104- May 1989 (6: RAD-90). 37-40 110.

Key Words: database, Key Words: database, trusted, Key Words: database, techniques. design. encryption, control.

THU-89d TRU-84 WAG-83 Thuraisingham, M.B. Trueblood, R.P. Wagner, N.R. "A Functional View of "Security Issues in Knowledge "Fingerprinting," Proc. 1983 Multilevel Databases," Systems," Proceedings, 1st IEEE Symp. on Sec. & 18- Computers & Security , International Workshop on Privacy . (5: IEE-83a), pp.

December 1989, pp. 721-729. Expert Database Systems , 22. October 1984, pp. 834-840. Key Words: MLS, database, Key Words: database, methods. Key Words: database, general, techniques, control, methods. authentication.

6-16 WAG-86 WIL-89 WOO-80 Wagner, N.R., P.S. Putter Wilson, J. Wood, C, E.B. Fernandez, and and M.R. Cain "A Security Policy for an R.C. Summers "Encrypted Database Design: AIDBMS (a Trusted "Data Base Security: Specialized Approaches," Subject)," Proc. 1989 IEEE Requirements. Policies, and

Proc. 1986 IEEE Symp. on Symp. on Sec. & Privacy . (5: Models." IBM Systems

Sec. & Privacy , (5: IEE-86), IEE-89b). pp. 116-125. Journal . Vol. 19. No. 2. 2980. pp. 148-153. pp. 229-252. Key Words: MLS. DBMS, Key Words: database, design, policy, case. Key Words: database, encryption, techniques. requirements. WIN-88 WHI-89 Winkler, H. WOO-89 Whitehurst, RA., and "Sybase Secure SQL Server," Wood, T. T.F. Lunt Proc. RADC Data Base "A Trusted Database Machine "The SeaView Verification," Security Invitational Kernel for Nonproprietary

Proc. Comp. Sec. Workshop , Menlo Park, CA, Hardware," Proc. 12th Nad.

Foundations Workshop . 1989 May 1988. (6: LUN-90). pp. Comp. Sec. Conf. , (5: NCS- (3: IEE-89a), pp. 125-132. 65-73. 89), 1989, pp. 11-17.

Key Words: verification, Key Words: database, Key Words: database, kernel, views, case. methods, case. design.

WHI-89a WIS -89 WUA-88 Whitehurst, R.A., and Wiseman. S. Wu. A. T.F. Lunt "On the Problem of Security "Al Secure DBMS "The Seaview Verification in Databases." Proc. IFIP WG Architecture." Proc. RADC

Effort," Proc. 12th Natl. 11.3 (Data Base) Workshop , Data Base Security Invitational

Comp. Sec. Conf. , (5: NCS- (6: IFI-89). 1989. Workshop . Menlo Park. CA. 89), 1989, pp. 18-27. May 1988. (6: LUN-90). pp. Key Words: database, 15-22. Key Words: verificatio, requirements. views, case. Key Words: MLS. DBMS, design, case. WIL-88 Wilson, J. "Views as the Security Objects in a Multilevel Secure Relational Database Management System," Proc. 1988 IEEE Symp. on Sec. & 70- Privacy . (5: IEE-88a). pp. 84.

Key Words: MLS, DBMS, views.

6-17

7. Communication and Network Security

This section cites publications on physical security in networks, applied cryptographic techniques, secure communications protocols, and trusted network development.

ABB-84 ABR-88 ALB-84 Abbruscato, C.R. Abrams, M.D., S.I. Schaen, Albert, D.J., et al. "Data Encryption and M.W. Schwartz "Combatting Software Piracy Equipment", IEEE "Strawman Trusted Network by Encryption and Key

Communications Magazine , Interpretation Guideline," Management," IEEE Computer , September 1984, pp. 15-21. Proc. Uth Natl. Comp. Sec. April 1984, pp. 68-72.

Conf. , (5: NCS-88), 1988, pp. Key Words: crypto, 194-200. Key Words: threats, crypto, hardware. keys, management. Key Words: guidelines, ABB -86 trusted, network, criteria. ALV-89 Abbruscato, C.R. Alvarez, D.L. "Choosing a Key ADD-88 "Site Preparedness for the Next Management Style That Suits Addison, K.P. Network Emergency," Proc.

the Application," Data "Secure Networking at Sim 11th Natl. Comp. Sec. Conf. ,

Communications , April 1986, Microsystems, Inc.," Proc. (5: NCS-89), 1989, pp. 601-

pp. 146-160. 11th Nad. Comp. Sec. Conf. , 604. (5: NCS-88), 1988, pp. 212- Key Words: crypto, keys. 218. Key Words: contingency, network. ABR-85 Key Words: methods, Abrams, M.D. network, case. AMS-88 "Observations on Local Area Amsel, E. Network Security," Proc. 5th AGN-84 "Network Security and Access

Sec. AppUcat. Conf. , (5: lEE- Agnew, G.B. Control," Computers &

89c), 1989, pp. 77-82. "Secrecy and Privacy in a Security , February 1988, pp. Local Area Network 53-57. Key Words: LAN, methods, Environment," Proc. Eurocrypt general. J4, Paris, 1984, (8: BET-85), Key Words: control, network. pp. 349-363. ABR-87 AND-85 Abrams, M.D. Key Words: LAN, methods, Anderson, J.P. "Evaluating Security Services general. "Unification of Computer and Under Part 11 of the Trusted Network Security Concepts," Network Interpretation," Proc. AGN-85 Proc. 1985 IEEE Symp. on

3d Aerosp. Comp. Sec. Agnew, G.B. Sec. & Privacy , (5: IEE-85). 77-87. Conf. , (5: IEE-87b), 1987, "Modeling of Encryption pp. pp. 44-51. Techniques for Secrecy and Privacy in Multi-User Key Words: models, network. Key Words: trusted, network, Networks," Proc. Eurocrypt criteria. :85, Linz, 1985, (8: PIC-86), AND-87 pp. 221-230. Anderson, D.P., and P.V. Ragan Key Words: crypto, "A Basis for Secure techniques, models, network. Commimication in Large Distributed Systems," Proc. 1987 IEEE Symp. on Sec. &

Privacy . (5: IEE-87a), pp. 167- 172.

Key Words: policy, distributed, models, network.

7-1 AND-87a ARS-87 BAL-85 Anderson, D.P., and Arsenault, A.W. Balenson, D.M. P.V. "Develoiwnent in Ragan Guidance for "Automated Distribution of "High-Performance Interface Trusted Networks," Proc. 10th Cryptographic Keys Using the Architectures for Natl. Comp. Sec. Conf.. (5: Financial Institution Key Cryptographic Hardware," NCS-87a). 1987, pp. 1-8. Management Standard," IEEE '87 Proc. Crypto , Santa Communications Magazine . Barbara, CA, 1987. (8: POM- Key Words: guidelines, September 1985. pp. 4146. 88), pp. 301-309. trusted, network, criteria. Key Words: crypto, keys, Key Words: crypto, ARS-87a standards. hardware. Aresnault, A.W. "Developments in Guidance BAN-82 ANS-82 for Trusted Networks: The Banerjee, S.K. American National Standard Trusted Network "High-Speed Implementation of for PIN Management and Interpretation." AIAA No. 87- the DES." Computers &

Security, X9.8-1988 , 3074, Proc. 3d Aerosp. Comp. Security . November 1982, pp. American Bankers Sec. Conf. . (5: IEE-87b), 261-267. Association, Washington, DC, 1987, pp. 52-59. January 1982. Key Words: crypto, DES, Key Words: guidelines, hardware. Key Words: control, trusted, network, criteria. standards. BAR-83 BAC-89 Barnes, D. ANS-82a Bacon, M. "The Provision of Security for American National Standard "Assessing Public Network User Data on Packet Switched for Financial Institution Security," Networks," Proc. 1983 IEEE

Message Authentication . Telecommunications . Symp. on Sec. & Privacy , (5: X9.9-1982 American Bankers December 1989. pp. 19-20. IEE-83a), pp. 121-126. Association. Washington. DC, April 1982. Key Words: requirments, Key Words: methods, network. network, general. Key Words: control, BAR-86 standards. BAK-84 Barrett, P. Baker, P.C. "Implementing the Rivest ARB-89 "Communications System Shamir and Adleman Public Arbo, R.S., E.M. Johnson, Security Evaluation Criteria," Key Encryption Algorithm on and R.L. Sharp Proc. 7th Seminar, DoD a Standard Digital Signal '86 "Extending Mandatory Access Comp. Sec. Progr. , (5: DOD- Processor," Proc. Crypto , Controls to a Networked 84), 1984, pp. 58-71. Santa Barbara, CA. 1986. (8: MLS Environment," Proc. ODL-87). pp. 311-323.

12th Natl. Comp. Sec. Conf. , Key Words: criteria, general. (5: NCS-89). 1989, pp. 286- Key Words: RSA, hardware, 295. BAK-85 case. Baker, P.C, et al. Key Words: MLS, network, "Al Assiu'ance for an Internet BAR-89 control. System: Doing the Job," Proc. Barker, L.K.

9th Natl. Comp. Sec. Conf. . •The SILS Model for LAN ARS-84 (5: NCS-86). 1986. pp. 130- Security," Proc. 12th Natl.

Arsenault, A. 137. Comp. Sec. Conf. , (5: NCS- "Security Issues Involved in 89), 1989, pp. 267-276. Networking Personal Key Words: verification, Computers," Proc. 7th network, methods, case. Key Words: LAN, models, Seminar, DoD Comp. Sec. case.

Progr. . (5: DOD-84), 1984, pp. 72-78.

Key Words: policy, PC. network, requirements.

7-2 BAR-89a BEK-84 BER-82a Barrett, P. Beker, H., and M. Walker Berson,T.A, and R.K. Bauer "The Smart Diskette--A "Key Management for Secure "Local Network Cryptosystem Universal Cryptoengine," Electronic Transfer in Retail Architecture," Proceedings, '89. Santa Proc. Crypto Environment". Proc. Crypto IEEE Comcon , Spring, 1982, •84 Barbara, CA, (8: BRA-89) , Santa Barbara, CA. 1984. pp. 138-143. 1989. (8: BLA-84a). pp. 401-410. Key Words: LAN, crypto, Key Words: crypto, Key Words: crypto, keys, methods. techniques. case. BER-83 BAR-89b BEK-85 Berman, A. Bartlett, W. Beker. H. and F. Piper "Evaluating On-Line Computer "Security for Packet-Switched Secure Speech Security," Data

Networks," Communications . Academic Communications , July 1983,

Telecommunications , Press, New York, 1985. pp. 145-152. September 1989, pp. 47^9. Key Words: book, techniques. Key Words: management, Key Words: networks, nethods. general. BEK-87 Beker, H.J., and G.M. Cole BON-89 BAU-83 "Message Authentication and Bong, D., and C. Ruland Bauer, R.K., T.A. Berson, Dynamic Passwords," Proc. "Optimized Software '87 and R.J. Feiertag Eurocrypt , Amsterdam, Implementations of the "A Key Distribution Protocol 1987, (8: CHA-88a), pp. 171- Modular Exponentiation on Using Event Markers," ACM 175. General Purpose

Trans, on Computer Systems , Microprocessors," Computers

August 1983, pp. 249-255. Key Words: network, & Security , December 1989, methods, authentication. pp. 621-630. Key Words: crypto, keys, method. BEL-86 Key Words: RSA, methods, BeU, D.E. PC. BAY-88 "Secure Computer Systems: A Bayle, A.J. Network Interpretation," Proc. BOS-88 "Security in Open System 2nd Aerosp. Comp. Sec. Bosen. R. Networks: A Tutorial Conf.. (5: IEE-86a). 1986, pp. "Seciu-ing the Micro-

Survey," Information Age , 2-4. Mainframe Link." Proc. '88 (U.K.), July 1988, pp. 131- MP/Sec. , Austraha, 1989. 145. Key Words: trusted, network, (2: CAE-89), pp. 351-355. criteria, methods. Key Words: networks, Key Words: control, general. BEL-89 techniques, PC. Bellovin, C. BEC-80 "Security Problems in TCP/IP BOY-88 Becker. H.B. Protocol Suite," ACM Boyd, C. "Data Network Security: Computer Communications "Some Apphcations of

Everyone'a Problem," Data Rev. . April 1989. pp. 32-48. Multiple Key Ciphers," Proc. '88 Communications , September Eurocrypt , Davos, 1988 (9: 1980, pp. 72-90. Key Words: threats, protocols, GUN-89), pp. 455-467. requirements, case. Key Words: networks, Key Words: crypto, methods, general. BER-82 case. Berson, T.A. "Local Network Cryptosystem Architecture: Access Control,"

Proc. Crvpto-82 , Santa Barbara, CA, 1982, (9: CHA- 83b). pp. 251-258.

Key Words: LAN. crypto, methods.

7-3 BRA-82 BRA-87b BRO-84 Branstad, D.K., and Branstad, D., et al. Browne, P.S. M.E. Smid "SP4: A Transport "How to Manage the Network "Integrity and Security Encapsulation Security Security Problem," Computer

Standards Based on Protocol," Proc. 10th Nad. Security Joumal , Summer

Cryptography," Computers & Comp. Sec. Conf. , (5: NCS- 1984, pp. 75-88.

Security , November 1982, pp. 87a), 1987, pp. 158-161. 255-260. Key Words: management, Key Words: protocols, case. network. Key Words: crypto, methods, standards. BRA-87C BUR-87 Branstad, M., et al. Burger. W. BRA-85 "SP4: A Transport "Networking of Secure Xenix Brand, S. Encapsulation Security Systems," Proc. 10th Nad.

"A Status Report on the protocol," AIAA No. 87-3060, Computer Sec. Conf. , (5: Development of Network Proc. 3d Aerosp. Comp. Sec. NCS-87a), 1987, pp. 254-256.

Criteria," Proc. 8th Natl. Conf. , (5: IEE-87b), 1987, pp.

Comp. Sec. Conf. , (5: BCS- 143-145. Key Words: network, methods, 85), 1985, pp. 145-151. case. Key Words: protocols, case. Key Words: network, criteria. BUS-83 BRA-89 Busse, J.G. BRA-85a Branstad, M., et al. "Developing a Cryptographic Bradey, R.L., and "Key Management and Access System for Electronic Mail,"

I.G. Graham Control for an Electronic Mail The Office , November 1983, "Full Encryption in a System," Proc. 12th Natl. pp. 122-128.

Personal Computer System," Comp. Sec. Conf. , (5: NCS- '85 Proc. Eurocrypt , Linz, 89), 1989, pp. 230-231. Key Words: crypto, methods, 1985, (8: PIC-86), pp. 231- case. 240. Key Words: EM, crypto, keys. CAC-84 Key Words: crypto, methods, BRI-84 Caccetta, L. PC. Britton, D.E. "Vulnerability of "Formal Verification of a Communications Networks,"

BRA-87 Secure Network with End-to- Networks , Vol. 14, No. 1, Branstad, D.K. End Encryption," Proc. 1984 1984, pp. 117-140. "Considerations for Security IEEE Symp. on Sec. &

in the OSI Architecture," Privacy , (5: IEE-84), pp. 154- Key Words: vulnerabiUties, Proc. 10th Natl. Comp. Sec. 166. network.

Conf. , (5: NCS-87a), 1987, pp. 9-14. Key Words: crypto, network, CAL-83 methods. Callaghan, D.R. Key Words: OSI, network, "Securing the Distributed Word methods. BRI-89 Processing Network,"

Brickell, E.F. Computers & Security , January BRA-87a "A Survey of Hardware 1983, pp. 78-81. Branstad, D.K. Implementations of RSA" '89 "Considerations for Security Proc. Crypto , Santa Key Words: methods, network. in the OSI Architecture," Barbara, CA, (8: BRA-90),

IEEE Network Magazine , 1989. CAP-88 April 1987. Capel, A.C., C. Laterriere, Key Words: RSA, hardware, and K.C. Toth Key Words: OSI, network, general. "Protecting the Security of methods. X.25 Communications," Data

Communications , November 1988, pp. 123-139.

Key Words: methods, protocols. CAR-86 CHI-89a COH-87a Carroll, JM., and S. Martin Chiou, G.-H., and W.-T. Chen Cohen, F. "Cryptographic Requirements "Secure Broadcasting Using "Design and Administration of for Secure Data the Secure Lock," IEEE E)istributed and Hierarchical

Communications," Proc. Trans, on Software Engr. , Information Networks Under '86 IFIP/Sec. , Monte Carlo, August 1989, pp. 929-934. Partial Ordering," Computers

1986, (2: GRI-89). & Sectirity , June 1987, pp. Key Words: network, 219-228. Key Words: crypto, techniques, case. requirements. Key Words: network, CHR-88 management, methods, control. CAR-87 Christoffersson, P. Carroll J^. "Message Authentication and COH-87b "Strategies for Extending the Encryption Combined," Cohen, F.

Useful Lifetime of DES," Computers & Security , "Design and Protection of

Computers & Security , February 1988, pp. 65-71. Information Networks Under a August 1987, pp. 300-313. Partial Ordering," Computers crypto, control. Key Words: & Security , August 1987, pp. Key Words: DES, 332-338. management. CIM-85 Cimimiera, L., and Key Words: network, design, CAS-88 A. Valenzano methods. Casey, T.J., and S.R. Wilbur "Authentication Mechanisms "Privacy Enhanced Electronic in Microprocessor-Based COH-87C Mail," Proc. 4th Aerosp. Local Area Networks," IEEE Cohen, F.

Comp. Sec. Conf. , (4: lEE- Trans, on Software Engr., "A Cryptographic Checksum 88b), 1988, pp. 16-21. May 1989, pp. 654-958. for Integrity Protection,"

Computers & Security , Key Words: EM, policy, Key Words: LAN, December 1987, pp. 505-510. methods. au^entication. Key Words: crypto, technique. CER-83 CLA-87 Cerullo, M.J. Clark, A.J. COH-88 "Data Communication "Physical Protection of Cohen F. Controls," Computers & Cryptographic Devices," Proc. 'Two Secure File Servers," '87 Security , January 1983, pp. Eurocrypt , Amsterdam, Computers & Security , August 67-72. 1987, (8: CHA-88a), pp. 83- 1988, pp. 409-414. 93 Key Words: controls, general. Key Words: network, methods, Key Words: crypto, physical, case. CHE-89 hardware, techniques. Chess, D.M. COO-89 "Computer Viruses and COH-85 Cooper, J.A. Related Threats to Computer Cohen, F. Computer and Communications and Network Integrity," "A Secure Computer Network Security: Strategies for the

Computer Networks and Design," Computers & 1990s . McGraw-Hill, New

ISDN Systems . July 1989, Security , September 1985, pp. York, 1989 pp. 141-148. 189-206. Key Words: book, techniques, Key Words: threats, network. Key Words: network, design. methods, general.

CHI-89 COH-87 CRA-88 Chick, G.C., and Cohen, F. Cramer, R., B. Ridridge, and F.E. Tavares "Protection and Administration E. SchallenmuUer "Flexible Access Control with of Information Networks with "Design and Implementation of Master Keys" Proc. Crypto Partial Ordering," Computers a Secure Terminal Gateway," •89 , Santa Barbara, CA, (8: & Security , April 1987, pp. Proc. 4th Aerosp. Comp. Sec.

BRA-90), 1989. 118-128. Conf. . (5: IEE-88b), 1988, pp. 262-268. Key Words: crypto, control, Key Words: network, keys. management, methods, Key Words: network, design, control. case.

7-5 CSC-87 DAV-84 DAV-88 Trusted Network Davies, D.W., and Davida, G.I., and Y. Desmedt Interpretation of the Trusted W.L. Price "Passports and Visas Versus '88 Computer System Evaluation Security for Computer IDs," Proc. Eurocrypt ,

Criteria, NCSC-TG-005, Networks , J. Wiley & Sons, Davos, 1988 (9: GUN-89), pp. Version 1, National Computer New York, 1984. 183-188. Security Center, Ft. Meade, MD, 31 July 1987. Key Words: book, networks, Key Words: authentication, general. crypto, methods. Key Words: trusted, network, criteria, guidelines. DAV-84a DAV-89 Davio, M., et al. Davis, R. DAN-89 "Efficient Hardware and "Network Authentication Danner, B.P. Software Implementations for Tokens," Proc. 5th Security '84 "Initial Approach for a TRW the DES," Proc. Crypto , AppUcat. Conf. . (5: IEE-89c), Secure Communications Santa Barbara, CA, 1984, (8: 1989, pp. 234-238. Processor," Proc. 12th Natl. BLA-84a), pp. 144-173.

Comp. Sec. Conf. , (5: NCS- Key Words: authentication, 89). 1989. pp. 197-214. Key Words: DES, crypto, methods. hardware. Key Words: design, policy, DAV-89a case, hardware. DAV-84b Davies. D.W.. and W. L Price Davies, D.W. Security for Computer

DAV-80 "A Message Authentication Networks . 2nd Edition. J. Davida, G.I., R.A. DeMillo. Algorithm Suitable for a Wiley & Sons. New York, and R.J. Lipton Mainframe Computer," Proc. 1989 '84 "Protecting Shared Crypto , Santa Barbara, Cryptographic Keys," Proc. CA, 1984, (8: BLA-84a), pp. Key Words: book, network, 1980 IEEE Symp. on Sec. & 393-400. crypto, techniques, general.

Privacy . (5: IEE-80). pp. 100-102. Key Words: crypto, DAV-89b authentication, signatures, Davids. R. Key Words: crypto, keys, methods. "Australian EFTPOS Security methods, management. Standards," Proc. IHP/Sec. DAV-84C ^88, Austiaha, 1989, (2: CAE- DAV-81 Davies, D.W. 89), pp. 357-365. Davies. D.W. 'The Use of Digital Tutorial: The Security of Signatures in Banks," Proc. Key Words: standards, case. '84 Data in Networks . IEEE mP/Sec. , Toronto, 1984, Computer Society Press. Los (2: FIN-85), pp. 13-21 DEL-89 Angeles, CA, 1981. Del Re, E., R. Fantacci, and Key Words: crypto, D. Maffucci Key Words: book, network, authentication, signatures, "A New Speech Signal general, methods, techniques. methods. Scrambling Method for Secure Communications." IEEE DAV-83 DAV-85 Journal on Selected Areas Davies, D.W. Davies, D.W. Communication. May 1989. "Applying the RSA Digital "Engineering Secure pp. 474-480. Signature to Electronic Mail," Infromation Systems," Proc. '85 Key Words: methods, IEEE Computer , February Eurocrvpt . Linz, 1985, (9: 1983, pp. 55-62. PIC-86). pp. 191-199. techniques.

Key Words: RSA. crypto, Key Words: design, methods. DEN-80 methods. EM, authentication. Denning, D.E., and F.B. Schneider "The Master Key Problem," Proc. 1980 IEEE Symp. on

Security & Privacy , (5: IEE- 80), pp. 103-107.

Key Words: crypto, keys, management.

7-6 DEN-83 DON-84 Denning, D.E. Donaldson, A. EST-87 "Protecting Public Keys and "A Multilevel Secure Local Estrin, D., and G. Tsudik

Signanires," IEEE Computer, Area Network," Proc. 7th "Visa Scheme for Inter-

February 1983, pp. 27-35. Seminar, DoD Comp. Sec . Organization Network

Progr. . (5: DOD-84), 1984, Security," Proc. 1987 IEEE

Key Words: crypto, keys, pp. 341-350. Symp. on Sec. & Privacy , (5: methods. IEE-87a), pp. 174-183. Key Words: MLS. LAN, DES-83 deasign, case. Key Words: network, methods, Desmedt, Y., J. P. case. Vandewalle, and R.J.M. DON-88 Govaerts, Donaldson, A.L., J. McHugh, EST-89 "Does Public-Key and KA. Nyberg Estrin, D., J. Mogul, and Cryptography Provide a "Covert Channels in Trusted G. Tsudik Practical and Secure LANs," Proc. 11th Natl. "Visa Protocols for Controlling

Protection of Data Storage Comp. Sec.Conf. , (5: NCS- Interorganizational Datagram and Transmission?," Proc, 88), 1988, pp. 226-232. Flow," IEEE Journal, on Intemat. Camahan Conf. on Selected Areas

Sec. Technology , 1983, pp. Key Words: trusted, LAN, Communication , May 1989. 133-139. threats. pp. 486-498.

Key Words: threats, crypto, DUF-86 Key Words: network, methods. Duffy, K.J., and J. SulUvan protocols, control, methods. "Integrity Lock Prototype," '86 DIF-85 Proc. MP/Sec. , Monte FAI-84 Diffie. W. Carlo, 1986, (2: GRI-89). Fairfield, R.C., A. Matusevich, "Security for the DoD and J.Plany Transmission Control Key Words: techniques, "An LSI Digital Encryption Protocol," Proc. Eurocrypt design, case. Processor (DEP)," Proc. Crypto •84 '85, Linz, Austria, 1985, (9: , Santa Barbara, CA, 1984, PIC-86). pp. 108-127. EGG-88 (8: BLA-84a), pp. 115-143. Eggers, K.W., and Key Words: network, P.W. Mallett Key Words: crypto, hardware, protocols, case. "Characterizing Network case. Covert Storage Channels," DOD-85 Proc. 4th Aerosp. Comp. Sec. FAK-86

Proceedings, DoD Computer Conf. . (4: IEE-88b), 1988, pp. Fak, V. Security Center Invitational 275-279. "How to Choose Good Workshop on Network Cryptographic Protection," '86 Security , Ft. Meade, MD, Key Words: network, threat, Proc. IFIP/Sec. , Monte March 1985. models. Carlo, 1986, (2: GRI-89).

Key Words: proceedings, ERD-86 Key Words: crypto, guidelines. network. Erdem, H. "Host Cryptographic FAK-87 DOL-82 Operations: A Software Fak, V. Dolev, D., and A. Wigderson Implementation," Computers "Crypto Management Made

"On the Security of Multi- & Security , December 1986, Manageable: Demands on Party Protocols in Distributed pp. 344-346. Crypto Equipment Design,"

Computers & Security , Systems," Proc. Crvpto-82 , Sanu Barbara, CA, 1982, (9: Key Words: crypto, design. February 1987, pp. 36-40. CHA-83b), pp. 167-175. EST-85 Key Words: crypto, design. Key Words: distributed, Estrin, D. protocols. "Non-Discretionary Controls for Inter-Organization Networks," Proc. 1985 IEEE

Symp. on Sec. & Privacy , (5: IEE-85), pp. 56-61

Key Words: networks, control, methods.

7-7 FAM-83 FIC-84 GAI-80 Fam, B.W.. and J.K. MiUen Fick, G.P. Gait, J. "The Channel Asssignment "Implementation Issues for Maintenance Testing for the

Problem," Proc. 1983 IEEE Master Key Distribution and Data Encryption Standard , SP

Symp. on Sec. & Privacy , (5: Protected Keyload 500-61, National Bureau of EE-83a), pp. 107-112. Procedures," Proc. IFIP/Sec. Standards, Gaithersburg, MD, •84, Toronto, 1984. (2: FIN- August 1980. Key Words: model, methods. 85), pp. 571-580. Key Words: DES, FAU-86 Key Words: crypto, keys, management. Faurer, L. design. "Security Issues in Open GAL-87 System Context," Computer FID-85 Galil, Z., S. Haber, and Security Joumal. Vol. 4, No. Fidlow, D. M. Yimg 1, 1986, pp. 55-62. "A Comprehensive Approach "Cryptographic Computation: to Network Security," Data Secure Fault-Tolerant Protocols

Key Words: OSI, design, Communication , April 1985. and the Public-Key Model," '87 methods. pp. 195-213. Proc. Crypto , Santa Barbara, CA, 1987, (8: POM- FEL-89 Key Words: networks, 88), pp. 135-155. Feldmeier, D.C, and general. P.R. Kam Key Words: crypto, protocols. "Cracking Passwords for Fun ns-84 '89 and Profit," Proc. Crypto , Fisher, W.W. GAS-82 Santa Barbara, CA, (8: BRA- "Cryptography for Computer Gasser, M., and D.P. Sindhu 90), 1989. Security: Making the "A Multilevel Secure Local Decision," Computers & Area Network," Proc. 1982

Key Words: threats, control. Security , October 1984, pp. IEEE Symp. on Sec. &

229-233. Privacy , (5: EEE-82), pp. 137- FEN-85 143. Fenna, E. Key Words: crypto, design. "Data Encryption Protocols Key Words: MLS, LAN. for Electronic Mail," ACM FIT-80 design.

Sec., Audit & Control Rev. . Fitzgerald, J. Winter 1985, pp. 43-47. "Data Communications GIR-87 Conliol Matrix," Assets Girling, C.G.

Key Words: EM, crypto, Protection , Sept./Oct. 1980, "Covert Channels in LANs," protocols. pp.24-31. IEEE Trans, on Software

Engr. , February 1987. pp. 292- FER-87 Key Words: control, methods. 296. Fernandez, C, et al. "Automating the Computation FIT-89 Key Words: LAN, threats. of Authenticators for Fitzgerald, K. Interbank Telex Messages," 'The Quest for Intruder-Proof GOY-88

Computers & Security , Computer Systems," IEEE Goyal, P.K., and

October 1987, pp. 396-402. Spectrum , August 1989, pp. E.B. Fernandez 22-26. "Encryption Using Random Key Words: authentication, Keys: A Scheme for Secure case. Key Words: threats, methods. Communication," Proc. 4th

Aerosp. Comp. Sec. Conf. , (4: FIA-89 FRI-88 IEE-88b), 1988, pp. 410^12. Fiat, A. Friedberg, A.H., et al. "Batch RSA," Proc. Crypto "Reliance on Optical Fibres to Key Words: crypto, techniques.

'89 , Santa Barbara, CA, (8: Increase Telecommunications

BRA-90), 1989. Security," Information Age , (U.K.) AprU 1988, pp. 73-78. Key Words: RSA, design, case. Key Words: physical, methods.

7-8 GRA-87 GSA-82 GUI-88 Grant, L. Telecommunications: General Guinier, D. "DES Key Crunching for Security Requirements for "DSPP: A Data Security Pipe Safer Cipher Keys," ACM Equipment Using the Data Protocol for PCs, Large Scale

Sec.. Audit & Control Rev. . Encryption Standard. Federal Systems, or Networks," ACM

Spring 1987, pp. 9-16. Standard 1027, U.S. General Sec., Audit & Control Rev. , Services Administation Fall 1988, pp. 4-9. Key Words: DES. keys, Washington, DC, April 1982. techniques. Key Words: PC, network, Key Words: DES, crypto, protocol. GRA-88 standards. Graham, I., and S. Wieten GUI-88a "The PC as a Secure GSA-83 Guinier, D. Network Woricstation," Proc. Teleconununications: "SPKS: Sharing Partial Key '88 MP/Sec. . Australia, Interoperability and Security System," ACM Sec., Audit &

1989. (2: CAE-89). pp. 425- Requirements for Use of the Control Rev. , Fall 1988, pp. 437. Data Encryption Standard in 10-13. the Physical and Data Link Key Words: PC. methods, Layers of Data Key Words: crypto, key, case.

case. Commimication, Federal Standard 1026, U.S. General HAR-89 GRE-85 Services Administration Ham, L. and T. Keisler Greenlee, M.B. Washington, DC, January "Authenticated Group Key "Requirements for Key 1983. Distribution Scheme for a Management Protocols in the Large Network," Proc. 1989

Wholesale Financial Services Key Words: DES, crypto, IEEE Symp. on Sec.& Privacy . Industry," IEEE standards. (5: IEE-89b), pp. 300-309.

Communications Magazine , September 1985, pp. 22-28. GSA-85 Key Words: crypto, keys, Interoperability and Security methods. Key Words: requirements, Requirements for Using the crypto, keys, management, Data Encryption Standard with HAR-89a

case. CCi l 1 Group 3 Facsimile Ham, L., Y. Chien, and

Equipment . Federal Standard T. Keisler GRI-89 1027, U.S. General Services "An Extended Cryptographic Grimm,P. Administration Washington, Key Generation Scheme for "Security on Networks: Do DC, April 1985. Multilevel Data Security," We Really Need It?," Comp. Proc. 5th Security Applicat.

Networks and ISDN Systems , Key Words: DES, crypto, Conf. , (4: IEE-89c), 1989, pp. October 1989, pp. 315. standards. 254-262.

Key Words: requirements, GUI-82 Key Words: crypto, keys, networks. GuUlou, L.C.. and B. Lorig methods. "Cryptography and GRO-82 Teleinformatics," Computers HAS-85 J. Grossman, G. & Security , January 1982, pp. Hastad, "A Practical Executive for 27-33. "On Using RSA with Low Secure Communications," Exponent in a Public Key '85 Proc. 1982 IEEE Symp. on Key Words: crypto, general. Network," Proc. Crypto , Santa Barbara, CA, 1985, (8: Sec. & Privacy , (5: IEE-82). pp. 144-155. GUI-86 WIL-86), pp. 403-408. Guillou, L.C. Key Words: OS, networks, "Smart Card - A Highly Key Words: RSA, crypto, case. Reliable and Portable Security design. '86 Device," Proc. Crypto , Santa Barbara, CA, 1986. (8: ODL-87). pp. 464-487.

Key Words: authenication.

7-9 HER-85 HOO-84 JAC-89 Herzberger, A., and Hoomaert, F., et al. Jacobs, J. and T. Kibalo S.S. Pinter "Efficient Hardware "Secure Data Network System "Public Protection of Implementation of the DES," Suj^rt Using Embedded '85 Software," Proc. Crypto . Proc. Crypto '84. Santa Cryptography," Proc., 2nd Barbara, 1985, Barbara, Santa CA, CA, 1984, (8: BLA- Annual AFCEA Intelligence 159-179. 84a), (8: WIL-86), pp. pp. 147-173. Symposium. September 1987.

Key Words: crypto, methods, Key Words: DES, crypto, Key Words: crypto, methods. software. hardware. JAM-88 HER-87 HOO-88 Jamieson, R., and G. Low Herlihy, M.P., and J.D. Tygar Hoomaert, F., et al. "A Framework for the "How to Make Replicated "Fast RSA-Hardware: Dream Security, Control and Audit of Data Secure," Proc. Crypto or Reality," Proc. Eurocrypt a Local Area Network '87 '88 , Santa Barbara, CA, , Davos, 1988, (8: GUN- Operations," Proc. IFIP/Sec. 379- 455-467. 1987, (9: POM-88), pp. 89), pp. ^88, AustraUa, 1989, (2: CAE- 391. 89), pp. 439-469. Key Words: RSA, crypto, Key Words: crypto, methods. hardware. Key Words: LAN, auditing, case. HER-88 HOU-89 Herbison, B.J. Housley, R. JAM-89 "Security on an Ethernet," "Authentication, Jamieson, R., and G. Low Proc. 11th Natl. Comp. Sec. Confidentiality, and Integrity "Security and Control Issues in Conf., (5: NCS-88), 1988, Extensions to the XNS Local Area Network Design," 219-225. Protocol Suite," Sec., pp. ACM Computers & Security . June Audit & Control Rev.. Fall 1989. pp. 305-316. Key Words: LAN, methods, 1989. pp. 17-24. case. Key Words: LAN, design, Key Words: authentication, control. fflG-88 case, methods, protocols. Highland, H.J. JAN-86 "How Secure Are Fiber HUM-80 Jansen, C.JA. Optics Communications," Humprey, T., and F.L. Toth "On the Key Storage

Computers & Security , 'Two-Chip Data Encryption Requirements for Secure February 1988, pp. 25-26. Unit Supports Multi-Key Termiiuils," Computers &

Systems," Electronics , January Security , June 1986, pp. 145- Key Words: threats, 17, 1980, pp. 136-139. 149. hardware, techniques. Key Words: crypto, hardware. Key Words: PC, crypto, keys. HIG-88a Highland, H.J. ING-83 JAY-82 "Secret Disk II — Transparent Ingemarsson, I. Jayant, N.S. Automatic Encryption," "A Comparison Between "Analog Scramblers for Speech

Computers & Security , Public-Key and Conventional Privacy," Computers &

February 1988, pp. 27-34. Encryption Methods," Proc. Security , November 1982, pp. IFIP/Sec. '83. Stockholm, 275-289. Key Words: PC, crypto, 1983, (2: FAK-83). pp. 229- methods. 232. Key Words: methods, hardware. HIN-83 Key Words: crypto,

Hinke, T., J. Althouse, and techniques. JEN-87 R.A. Kemmerer Jeng, A.B., and M.D. Abrams "SDC Secure Release ING-84 "On Network Covert Channel Terminal Project," Proc. 1983 Ingemarsson, I. Analysis," ADA No. 87-3081, IEEE Symp. on Sec. & "Encryption for Data Proc. 3d Aerosp. Comp. Sec.

Privacy . (5: IEE-83a), pp. Protection," Information Conf. . (5: IEE-87b), 1987, pp.

113-119. Resource Management, (UK), 95-103. March 1984, pp. 29-32. Key Words: hardware, Key Words: threats, network. design, case. Key Words: crypto, general.

7-10 JOH-87 JUN-87 KEM-87a Johnson, H.L., and Jung. A. Kemmerer, R.A. J.D. Layne "Implementing the RSA "Analyzing Encryption "A Mission-Critical Approach Cryptosystem." Computers & Protocols Using Formal

to Network Security," Proc. Security . August 1987. pp. Verification Techniques," Proc. '87 10th Natl. Comp. Sec. Conf. , 342-350. Crypto . Santa Barbara, (5: NCS-87a), 1987. pp. 15- CA. 1987. (9: POM-88). pp. 24. Key Words: RSA. crypto, 289-305. methods. Key Words: requirements, Key Words: verification, network. KAK-83 crypto, protocols, techniques. Kak. S.C. JOH-87a "Data Security in Computer KEM-89

Johnson, RJ. Networks." IEEE Computer . Kemmerer. R.A. "Key Updating Flags in EFT- February 1983. pp. 8-10. "Analyzing Encryption POS Security Systems," Protocols Using Formal

Computers & Security . June Key Words: network, general. Verification Techniques." IEEE 1987. pp. 245-251. Journal on Selected Areas

KAR-86 Communication . May 1989, Key Words: crypto, keys, Karger. PA. pp. 448-457. case. "Authentication and Access Control in Computer Key Words: verification, JON-84 Networks." Computers & crypto, protocols, techniques.

Jones, R.W. Security . December 1986. pp. "User Functions for the 314-324. KEN-81 Generation and Distribution Kent, S.T. of Encipherment Keys," Proc. Key Words: network, control. "Security Requirements and '84 Eurocrypt . Paris. 1984. Protocols for Broadcast (8: BET-85). pp. 317-334. KAR-88 Scenario." IEEE Trans, on

Karp. B.C.. L.C. Baker, Conununications . June 1981. Key Words: crypto, keys, and L.D. Nelson pp. 778-786. methods. "The Secure Data Network."

AT&T Technical Journal . Key Words: requirements, JON-89 May/June 1988. network, protocols. Jonckheer. K.. and M. Scarbrough Key Words: network, general. KEN-89 "Sectjrity of Data Transmitted Kent, S.T. Via Telephone, Fibre Optics, KAT-88 "Comments on Security and Microwaves." Katzer. M.A. Problems in the TCP/IP

Information Age . (U.K.). "Secured Communications for Protocol Suite." ACM March 1989. pp. 99-105. PC Workstations." Proc. 11th Computer Communications

Natl. Comp. Sec. Conf. . (5: Review . July 1989. pp. 10-19. Key Words: physical, NCS-88). 1988. pp. 233-237. techniques. Key Words: threats, protocols. Key Words: PC. methods, JUE-85 design. KHA-89 Jueneman. R.R.. C.H. Meyer, Khashnabish. B. and S.M. Matyas KEM-87 "A Bound of Deception "Message Authentication." Kemmerer. R.A. Capability in Multiuser IEEE Communications "Using Formal Verification Computer Networks," IEEE J.

Magazine . September 1985, Techniques To Analyze on Selected Areas Comm. , pp. 29-40. Encryption Protocols" Proc. May 1989, pp. 4590-594.

1987 IEEE Svmp. Sec. & .

Key Words: authentication, Privacy . (5:IEE-87a). pp. 134- Key Words: threats, network. methods. 139.

Key Words: verification, crypto, protocols, techniques.

7-11 KIL-88 KOC-85 KRU-89 Kilpatrick, K.E. Kochanski, M. Kruys. J.P. "Standards for Network "Developing an RSA Chip," "Security in Open Systems," '85 Security," Proc. Uth Natl. Proc. Crypto . Santa Computers & Security . April

Comp. Sec. Conf. . (5: NCS- Barbara, CA, 1985. (8: WIL- 1989. pp. 139-147. 88), 1988. pp. 201-211. 86). pp. 350-357. Key Words: OSI. network, Key Words: network, Key Words: RSA, crypto, general. standards. hardware. LAM-88 KIN-89 KOC-87 Lambert, P.A. King, G. Kochanski. M.. "Architectural Model of the "A Survey of Commercially "A Survey of Data Insecurity SDNS Key Management

Available Secure LAN Packages." Cryptologia, Protocol." Proc. 11th Natl.

Products," Proc. 5th Security January 1987, pp. 1-15. Comp. Sec. Conf. . (5: NCS- Applicat. Conf.. (5: IEE-89c), 88). 1988. pp. 126-128. 1989, pp. 239-247. Key Words: crypto, software, case. Key Words: crypto, protocol, Key Words: LAN. hardware, keys. software. KOC-88 Kochanski, M. LEM-86 KNA-88 "Another Data Insecurity Lemire, J.R.

Knapskog. S.J. Package," Cryptologia, July "A New Key Management "Privacy Protected 1988, pp. 165-173. Approach for Open Payments — Realization of a Communication Environments," '86 Protocol that Guarantees Key Words: crypto, software, Proc. IFIP/Sec. , Monte Payer Anonymity," Proc. case. Carlo, 1986, (2: GRI-89). '88 Eurocrypt . Davos, 1988 (8: GUN-89). pp. 107-122. KOH-89 Key Words: crypto, keys, Kohl. J.T. management. Key Words: protocols, case. "Cryptographic Protocols in '89 Cerberus," Proc. Crypto , LER-84 KNO-88 Santa Barbara, CA, (8: BRA- Le Roux, Y. Knobloch, H.-J. 90), 1989. "Controlling Access to "A Smart Card Computer Networks," Implementation of the Fiat- Key Words: crypto, protocols, Information Resource

Shamir Identification case. Management, (UK), March Scheme," Proc. Eurocrypt 1984, 26-28. '88, Davos, 1988 (8: GUN- KRA-84 89), pp. 87-95. Krauss, L. Key Words: control, network. "Data Encryption in ISO, the Key Words: authentication, International Standards LIN-83 case. Organization," Computers & Linden, C.

Security , October 1984. pp. "The Transaction-Seal ~ The KNO-88a 234-236. New Comer-Stone in Secured Knowles, T. Terminal Systems," Proc. '83 "Security, OSI and Key Words: crypto, standards, IFIP/Sec. , Stockholm. Distributed Systems," case. 1983. (2: FAK-83), pp. 223- Information Age (U.K.), 227. April 1988, pp. 79-84. KRI-85 Krivachy, T. Key Words: authenticatiorL Key Words: OSI, network, "The Ciphercard — an methods. Identification Card with LIN-87 Cryptographic Protection," Linn, J. '85 Proc. Eurocrypt , Linz, "SDNS Products in the Type 1985, (8: PIC-86), pp. 200- n Environment," Proc. 10th

207. Natl. Comp. Sec. Conf. , (5: NCS-87a), 1987, pp. 162-164. Key Words: crypto, control, case. Key Words: network, techniques.

7-12 LIN-88 LON-86 MAC-84 Linn, J. Longley. D.. and S. Rigby MacEwen, G.H., et al. "COMSEC Integration "Use of Expert Systems in the "Multi-Level Secudty Based Alternatives," Proc. 11th Analysis of Key Management on Physical Distribution" Proc. '86 Natl. Comp. Sec. Conf. , (5: Systems." Proc. IFIP/Sec. , 1984 IEEE Symp. Sec. &

NCS-88), 1988, pp. 122-125. Monte Carlo, 1986. (2: GRI- Privacy . (5:IEE-84). pp. 167- 89). 179. Key Words: methods, techniques. Key Words: crypto, keys, Key Words: MLS, physical, methods. methods. LIN-89 Linn, J. and S.T. Kent LON-87 MAR-89 "Privacy for DARPA-Intemet Longley, D. Marino, J. and P. Lambert Mail." Proc. 12th Natl. "Expert Systems Applied to "An INFOSEC Platform,"

Comp. Sec. Conf. . (5: NCS- the Analysis of Key Proc. 12th Natl. Comp. Sec.

89). 1989. pp. 215-229. Mangement Schemes," Conf. . (5: NCS-89). 1989. pp. Computers & Security. 571-578. Key Words: EM. network, February 1987, pp. 54-67. methods. Key Words: hardware, case. Key Words: crypto, keys, LIP-88 methods. MAR-89a Lipper. E.H.. et al. Marella, A., Jr. "A Multilevel Secure LOS-89 'Telecommunications: A

Message Switch with Loscocco, P. Control Strategy," EDPACS . Minimal TCB: Architectural "A Dynamic Network May 1989. pp. 1-5. Outline and Security Labeling Scheme for a MLS Analysis." Proc. 4th Aerosp. LAN," Proc. 12th Natl. Comp. Key Words: control, methods.

Comp. Sec. Conf. . (5: lEE- Sec. Conf. . (5: NCS-89). 88b), 1988, pp. 242-249. 1989. pp. 277-285. MAS-84 Masrani, R.. and T.P. Keenan Key Words: MLS, methods, Key Words: MLS. LAN. "Security and Privacy in design. methods. Cellular Telephone System." '84 Proc. IFIP/Sec. . Toronto. LOC-87 LUB-89 1984. (2: FIN-85). pp. 457- Loscocco. P. Luby. M.. and C. Rackoff 470. "A Security Model and "A Study of Password PoUcy for a MLS LAN." Security," Journal of Key Words: methods, case.

Proc. 10th Nad. Comp. Sec. Cryptology , Vol. 1. No. 3,

Conf. . (5: NCS-87a). 1987. 1989, pp. 151-158. MAS-86 pp. 25-37. Massey, J.L. Key Words: control, methods. "Cryptography-A Selective Key Words: MLS. LAN. Survey," EHgital

models. MAC-81 Communications . January MacMillan. D. 1986. pp. 3-21. LOM-89 "Single Chip Encrypts Data at

Lomas. T.. et al. 14 MB/S." Electronics . June Key Words: crypto, general. "Reducing Risks from Poorly 16, 1981, pp. 161-166. Chosen Keys." ACM MAT-87

Operating System Review . Key Words: DES, hardware. Matsumoto, T., and H. Imai Vol. 23. No. 5. 1989. pp. 14- "On the Key Predistribution 18. MAC-83 System: A Practical Solution MacKinnon, S., and S.G. Akl to the Key Distribution '87 Key Words: threats, methods, "New Key Generation Problem," Proc. Crypto , keys. Algorithms for Multilevel Santa Barbara, CA, 1987, (8: Security," Proc. 1983 IEEE POM-88), pp. 185-193.

LON-83 Symp. Sec. & Privacy . Longo, G. (Ed.) (5:IEE-83a). pp. 72-78. Key Words: crypto, keys,

Secure Digital Systems , methods. Springer- Verlag, Wien, 1983. Key Words: MLS, crypto, keys. Key Words: book, general, methods.

7-13 MAT-87a MER-81 MIL-84 Madas, Y., and A. Shamir Merkle, R.C., and MiUen, J.K. "A Video Scrambling M.E. Hellman "The Interrogator A Tool for Technique Based On Space "On the Security of Multiple Cryptographic Protocol FilUng Curves," Proc. Crypto Encryption," Communications Security," Proc. 1984 IEEE '87 . Santa Barbara, CA, of the ACM . July 1981, pp. Symp. Sec. & Privacy . (5:IEE- 1987, (8: POM-88), pp. 398- 465-467. 84). pp. 134-141. 417. Key Words: crypto, methods. Key Words: crypto, protocols. Key Words: techniques, physical. MER-82 MIL-87 Merritt, M. MiUen, J.K., S.C. Clark, and MAY-89 "Key Reconstruction," Proc. S.B. Freedman Mayer, F. et al. Crypto-82, Santa Barbara, CA, "The Interrogator Protocol "Evaluation Issues for an 1982, (8: CHA-83b), pp. 321- Security Analysis," IEEE

Integrated 'INFOSEC 375. Trans, of Software Engr. , Product," Proc. 5th Security February 1987, pp. 274-288.

Applicat. Conf. . (4: IEE-89c), Key Words: crypto, keys, 1989, pp. 271-275. methods. Key Words: protocol, design.

Key Words: methods, case. MEY-81 MIL-87a Meyer, C.H., S.M. Matyas, MiUen, J.K. MCC-89 and R.E. Lennon "Interconnection of Accredited McCullough. D. "Required Cryptogr^hic Systems," Proc. 3d Aerosp.

"Security Analysis of a Authentication Criteria for Comp. Sec. Conf. , (5:IEE-87b), Token Ring Using Ulysses," Electronic Fxmds Transfer 1987, pp. 60-65. Proc. COMPASS '89: Comp. Systems," Proc. 1981 IEEE design. Assurance, (2: IEE-89), 1989, Symp. on Sec. & Privacy , (5: Key Words: network, pp. 113-118. IEE-81), pp. 89-98. MIL-88 Key Words: LAN, threat, Key Words: crypto, MiUen, J.K., and methods. athentication. M.W. Schwartz "The Cascading Problem for MEA-89 MIG-89 Interconnected Networks." Meadows, C. Migues, S., and R. Housely Proc. 4th Aerosp. Comp. Sec.

"Using Narrowing in the "Designin a Trusted Client- Conf. . (4: IEE-88b). 1988. pp. Analysis of Key Management Server Distributed Network," 269-274. Protocols," Proc. 1989 IEEE Proc. 5th Sec. AppHcat. Conf., 91-94. Key Words: network, design. Symp. Sec. & Privacy , (5: IEE-89C), 1989, pp. (5:IEE-89b), pp. 138-147. Key Words: trusted, network. MIT-87 Key Words: crypto, Mitchell, C, and F. Piper protocols, keys. MIL-81 "The Cost of Reducing Key- Miller. J.S., and Storage Requirements in MEN-83 R.G. Resnick Secure Networks," Computers

Menkus, B. "Military Message Systems: & Security . August 1987. pp. "Long-Haul Data Security: Applying a Security Model." 339-341. Whose Responsibility Is It Proc. 1981 IEEE Symp. Sec. Key Words: crypto, keys, Today?," Data & Privacy . (5:IEE-81), pp. network. Communications . March 101-111. 1983, pp. 137+ Key Words: EM, models, MIT-88 Key Words: network, methods. Mitchell, C, and M. Walker management. "Solutions to the Multidestinational Secure Electronic MaU Problem,"

Computers & Security . October 1988. pp. 483-488.

Key Words: EM. design, methods.

7-14 MIT-89 MUE-82 MUR-87 Mitchell, C, D. Rush, MueUer-Schloer, C, and Good Security Practices for

and M. Walker N.R. Wagner Information Networks . G320- "A Remark on Hash "Cryptogrqjhic Protection of 9279-2. IBM Corporation, Functions for Message Personal Data Cards," Proc. White Plains, NY, 1987.

Authentication," Computers & Crypto-82 . Santa Barbara, CA.

Security , February 1989, pp. 1982, (8: CHA-83b), pp. 219- Key Words: network, methods 55-58. 229. guidelines.

Key Words: EM, Key Words: crypto, methods. NAK-89 authenticatioiL Nakao, K., and K. Suzuki MUF-88 "Proposal on a Secure MIT-89a Muftic, S., et al. Communications Service Mitchell, C, M. Walker, Security Mechanisms for Element (SCSE) in the OSI

and D. Rush Computer Networks , ElUs- Application Layer," IEEE "CCnr/ISO standards for Horwood, Chichester, U.K., Journal on Selected Areas

Secure Message Handling," 1988. Communication . May 1989, IEEE J. on Selected Areas pp. 505-516.

Comm. . May 1989, pp. 517- Key Words: book, network, 524. methods. Key Words: OSI, network, methods. Key Words: EM, standards, MUF-89 case. Muftic, S. NBS-80 Security Mechanisms for Guidelines on the User

MOO-88 Computer Networks , J. Wiley Authentication for Computer

Moore, J.H. & Sons, Somerset, NJ, 1989. Network Access Control , FIPS "Protocol Failures in Crypto- PUB 83. National Bureau of systems," Proceedings of the Key Words: book, network, Standards, Gaithersburg, MD.

IEEE , May 1988, pp. 594- methods. September 1980. 602. MUF-89a Key Words: guidelines, Key Words: crypto, Muftic. S. network. protocols. "Extended OSI Security Architecture." Computer NBS-80a

MOO-88a Networks and ISDN Systems . DES Modes of Operation , Moore, A. September 1989. pp. 223-227. HPS PUB 81, National Bureau "Investigating Formal of Standards, Gaithersburg, Specification and Verification Key Words: OSI, network, MD, September 1980. for COMSEC Software methods. Security," Proc. 11th Natl. Key Words: DES, methods.

Comp. Sec. Conf. , (5: NCS- MUL-83 88), 1988. pp. 129-138. Muller-Scloer. C. NBS-81 "A Microprocessor-Based Guidelines for Implementing Key Words: verification, Cryptoprocessor," IEEE and Using the NBS Data 5- software. Micro , October 1983. pp. Encryption Standard, FIPS- 15. PUB 74, National Bureau of MOU-83 Standards, Gaithersburg, MD. Moulton, R.T. Key Words: PC. crypto, April 1981. 'T^etwork Security," hardware. Key Words: DES. guidelines. Datamation, July 1983. pp. 121+ MUN-87 Mundy, G.R.. and NCS-87 Key Words: network, general. R.W. Shirey Trusted Network Interpretation "Defense Data Network of the Trusted Computer Security Architecture," System Evaluation Criteria, '87 Proceedings. MILCOM , NCSC-TG-005, Natl. Computer October 1987. Security Center, Ft. Meade. MD. July 1987. Key Words: network, design, case. Key Words: trusted, network, criteria, guidelines.

7-15 NEL-87 NES-89 NYE-82 Nelson, R. Nesset, D.M. Nye, J.M. "SDNS Services and "Layering Central "The CryptogrE^hic Equipment Architecture," Proc. 10th Authentication on Existing Market Trends and Issues,"

Natl. Comp. Sec. Conf. , (5: Distributed System Terminal Assets Protection , Jan./Feb. NCS-87a). 1987, pp. 153- Services," Proc. 1989 IEEE 1982, pp. 21-24.

157. Symp. Sec. & Privacy , (5:IEE-89b), pp. 290-299. Key Words: crypto, hardware, Key Words: network, case. methods, case. Key Words: authentication, design. NYE-82a NEL-89 Nye, J.M. Nelson, R. NES-89a "Satellite Communications and

"SDNS Architecture and End- Nesset, D.M. Vulnerability," Computerworld. to-End Encryption," Proc. "Issues in Secure Distributed May 3, 1982, pp. ID7-ID13. '89 Crypto , Santa Barbara, Operating System Design," CA, (8: BRA-90), 1989. Digest of Papers, IEEE Key Words: vulnerabilities, '89 Compcon , 1989, pp. 342- case. Key Words: crypto, network. 347. NYE-83 NES-83 Key Words: OS, methods, Nye. J.M. Nesset, D.M. design. "Network Security and "A Systematic Methodology Vulnerability." Proc. 1983

for Analyzing Security NEW-86 Nad. Computer Conf. . AFIPS Threats to Interprocessor Newman, D.B., and Press. Reston VA. May 1983, Communications in a R.L. Pickholtz pp. 647-653. Distributed System," IEEE "Cryptography in the Private

Trans, on Communications , Sector," IEEE Key Words: vulnerabilities.

September 1983. Communications Magzine , August 1986, pp. 7-10. OBE-83 Key Words: threats, network. Oberman. M.R. Key Words: crypto, general. "Some Security Aspects of a NES-84 Computer Communications Nestman, C.H., J. Windsor, NEW-87 Network Environment." Proc. '83 and M.C. Hinson Newman, D.B., Jr., J.K. IFIP/Sec. . Stockholm. 'Tutorial on Omura, and R.L. Pickholz 1983, (2: FAK-83), pp. 233- Telecommunications and "Public Key Management for 238. Security," Computers & Network Security," IEEE

Security , October 1984, pp. Networks Magazine , April Key Words: network, methods. 215-224. 1987, pp. 11-16. ODE-85 Key Words: techniques, Key Words: crypto, keys, O'Dell, L.L. general. network. "An Approach to Multi-Level Secure Networks, Revision 1," NES-87 NIE-89 Proc. 8th Natl. Comp. Sec.

Nesset, D.M. Niemeyer, R. Conf. , (5: NCS-85). 1985, pp. "Factors Affecting Distributed "Applying the TNI to System 152-155. System Security," IEEE Certification and

Trans, on Software Engr. , Accreditation," Proc. 5th Key Words: MLS, network,

February 1987, pp. 233-248. Security Applicat. Conf. , (5: design. IEE-89c), 1989, pp. 248-252. Key Words: design, network. OKA-89 Key Words: network, criteria, Okamoto. E.. and K. Tanaka case. "Key Distribution System Based on Identification Information." IEEE Journal on Selected Areas

Communication . May 1989, pp. 481-485.

Key Words: crypto, keys, design.

7-16 OMA-83 PIE-85 PRE-89 Omar, K.A.. and D.L. Wells, Pieprzyk, J.P., and Press, I. "Modified Architecture for DA. Rutkowski "Software Dase Encryption for the Sub-Key Model," Proc. "Modular Design of Local Area Networks," 1983 IEEE Svmp. Sec. & Information Encipherment for Computer Networks and ISDN

Privacy . (5:IEE-83a), pp. 79- Computer Systems," Systems , September 1989, pp.

86. Computers & Security . 187-192. September 1985. pp. 211-218. Key Words: architecture, Key Words: Local Area keys. Key Words: crypto, design, Networks. methods. ORT-86 PRI-83 Orton, G.A., et al. POL-84 Price, W.L. "VLSI Implementation of PoUak, R. "Key Management for Data Public-Key Algorithms," "Micro-Mainframe Encipherment," Proc. IFIP/Sec. '86 Proc. Crypto , Santa Communications Security in _;83, Stockholm, 1983, (2: Barbara, CA, 1986, (8: ODL- Distributed Network FAK-83), pp. 205-215. 87), pp. 277-301. Environment," ACM Sec.,

Audit. & Control Rev. . Key Words: Key Words: public-key, October 1984, pp. A1-A6. hardware. RAM-89 Key Words: PC, network, Ramaswamy, R. OZA-84 methods. "A Scheme for Providing Ozarow, L.H., and Security Ser/ices on Transport A.D. Wyner POW-85 Layer in Open System "Wire-Tap Channel 11," Proc. Power, J.M., and S.R. Wilbur Intercormection Architectures," '84 Eurocrypt , Paris, 1984, "Authentication in an Proc. Intemat. Conf. on Comp.

(8: BET-85), pp. 33-50. Heterogenous Environment," & Information. ICCr89 , May '85 Proc. IFIP/Sec. . Dublin, 1989.

Key Words: threats, methods. 1985, (2: GRI-85), pp. 117- 127. Key Words: OSI, methods, PAI-86 design. Pailles. J.-C., and M. Girault Key Words: authentication. "The Security Processor RAM-89a CRIPT," Proc. inP/Sec. '86. POW-88 Ramaswamy, R. Monte Carlo. 1986. (2: GRI- Powanda, E.J.. and "Placement of Data Integrity 89), pp. 127-139. J.W. Genovese Security Services in Open "Configuring a Trusted Systems Interconnection Key Words: techniques, System Using the TNI," Proc. Architecture," Computers &

hardware. 4th Aerosp. Comp. Sec. Security , October 1989, pp.

Conf. . (4: IEE-88b), 1988, pp. 507-516. PAR-87 256-261. Parker, TA. Key Words: OSI, methods, "Seoirity in Open Systems: Key Words: trusted, network, design. A Report on the Standards criteria. Work of ECMA's RAM-89b TC32/rG9," Proc. 10th Natl. PRE-87 Ramaswamy, R. Architecture for Comp. Sec. Conf. . (5: NCS- Presttun, K. "Security Data 87a), 1987, pp. 38-50. "Integrating Cryptography in Transfer Through TCPAP '87 ISDN," Proc. Crypto , Protocols," Computers &

Key Words: OSI, network, Santa Barbara, 1987, (8: Security , December 1989, pp. standards. POM-88). pp. 9-18, 1988 709-719.

Key Words: crypto, network. Key Words: network, protocols, case.

7-17 RAS-85 RUT-86 SCH-82b Rasmussen, O.S. Rutiedge, L.S., and Schwartz, M. "Communications and L.J. Hoffman "DES: Putting It to Work," Network Protection: Practical "A Survey of Issues in Computerworld. June 21, 1982, Experience," Proc. IFIP/Sec. Computer Network Security," pp. ID1-ID16.

;85, Dublin. 1985. (2: GRI- Computers & Security . 107-115. 85), pp. December 1986, pp. 296-308. Key Words: DES, crypto, methods. Key Words: network, Key Words: network, general. methods, case. SCH-84 SAT-88 Schaumueller-Bichl. I., RIH-83 Satya, V. and E. Filler Rihaczek. H.. and L. Krause "Secure Computer Network "A Method of Software "Data Encipherment Requirements," Information Protection Based on the Use Requirements Federal Age (U.K.), October 1988. pp. of Smart Cards and Republic of Germany." 211-222. Cryptographic Techniques." Information Age (UK). April '84 Proc. Eurocrypt . Paris. 91-96. 1983. pp. Key Words: requirements, 1984. (8: BET-85). pp. 446- network. 454. Key Words: requirements, crypto. SCA-87 Key Words: crypto, software, Schaumuller-Bici. I. methods, techniques. RIH-87 'IC-Cards in High-Security Rihaczek, K. AppUcations." Proc. Eurocrypt SCH-85 '87 'TeleTrusT-OSIS and . Amsterdam. 1987, (8: Schaefer. M.. and D.E. Bell Communication Security," CHA-88a). pp. 177-189. "Network Security Assurance," Computers & Security , Jime Proc. 8th Nad. Comp. Sec. 1987, 206-218. Key Words: crypto, hardware. pp. Conf. , (5: NCS-85). 1985, pp. 64-69. Key Words: OSI, methods, SCH-80 case. Scharf. J.D., C.V. Wallentine. Key Words: verification, and P.S. Fisher network. RrV-80 "Department of Defense Rivest, R.L. Network Security SCH-85a "A Description of Single- Considerations," in Rullo, Schnackenberg. D.D. Chip Implementation of RSA T.A. (Ed.), Advances in "Development of a Multilevel Cipher." Lambda, Fourth Computer Sec. Management. Secure Local Area Network,"

Quarter, 1980, pp. 14-18. Vol. 1 , Heyden, Philadelphia, Proc. 8th Nad. Comp. Sec.

PA. 1980, pp. 202-230. Conf. . (5: NCS-85), 1985, pp. Key Words: RSA, crypto, 97-104. hardware. Key Words: network, design, case. Key Words: MLS, LAN. RIV-84 design, case. Rivest, R.L. SCH-82 "RSA Chips Schanning, B.P. SCH-87 (Past/Present/Future)," Proc. "Applying PubUc Key Schnackenberg. D. Eurocrypt '84, Paris, 1984, Distribution to Local Area "Applying the Orange Book to (8: BET-85). pp. 159-165. Networks," Computers & an MLS LAN," Proc. 10th

Security , November 1982, pp. Nad. Comp. Sec. Conf.. (5: Key Words: ESA. crypto, 268-274. NCS-87a), 1987, pp. 51-55. hardware. Key Words: LAN, crypto, Key Words: MLS, LAN, ROG-87 keys. criteria. Rogers, H.L. "An Overview of the SCH-82a SCH-87a Caneware Program," Proc. Schwartz. M. Schweitzer, J.A.

10th Natl. Comp. Sec. Conf. . "Making Sense of DES," "Securing Information on a (5: NCS-87a), 1987, pp. 172- Computerworld, June 7. 1982, Network of Computers,"

174. pp. ID15-ID34. EDPACS . July 1987, pp. 1-8.

Key Words: crypto, design, Key Words: DES, crypto, Key Words: network, methods. case. general.

7-18 "

SCH-87b SER-84 SHA-89 Schockley. W.R.. R.R. Serpell, S.C., C.B. Brookson, Shain, M. Schell, and M.F. Thompson and B.L. Clark "Security in Electronic Funds "A Network of Trusted "A Prototype System Using Transfer," Computers & Systems," No. 87- Public AIAA Key," Proc. Crypto Security , May 1989, pp. 209- 3100, Proc. 3d Aerosp. '84, Santa Barbara, CA, 1984. 221.

Comp. Sec. Conf. , (5:IEE- (8: BLA-84a), pp. 3-9. 87b), 1987. pp. 140-142. Key Words: methods, network, Key Words: crypto, public- case. Key Words: network, trusted, key, case. case. SHE-87 SER-84a Sheehan, E.R. SCH-89 Serpell, S.C., and "Access Control within SchnoiT, CP. C.B. Brookson SDNS," Proc. 10th Natl. "Efficient Identification and "Encryption and Key Comp. Sec. Conf. . (5: NCS- Signatures for Smart Cards," Management for the ECS 87a). 1987, pp. 165-171. '89 Proc. Crypto , Santa Satellite Service," Proc. '84 Barbara, CA, (8: BRA-90), Eurocrypt , Paris, 1984, (8: Key Words: network, control, 1989. BET-85), pp. 426-436. case.

Key Words: authentication, Key Words: crypto, network, SIM-82 case. keys. Simmons, G.J. (Ed.) Secure Communications and

SCO-85 SER-85 Asymmetric Cryptosystems , Scott, R. Serpell, S,C, Westview Press, Boulder, CO, "Wide-Open Encryption "Cryptographic Equipment 1982. Design Offers Flexible Security: A Code of Practice." , Implementations Computers & Security . March Key Words: book, crypto, Cryptologia, January 1985, 1985, pp. 47-64. methods, public-key. pp. 75-90. Key Words: crypto, hardware. SIM-83 Key Words: encryption, Simmons, G.J. design. SHA-86 "A 'Weak' Privacy Protocol Sharma, R.S. Using the RSA SEA-85 "Data Communications and Cryptoalgorithm." Cryptologia, Seaman, J. Security," ACM Sec.. Audit 1983, pp. 180-182.

"Halting Network Intruders," & Control Rev. . Winter 1986.

Computer Decisions , January pp. 28-38. Key Words: RSA, crypto, 29, 1985, pp. 82ff. protocol. Key Words: methods, general. Key Words: threats, network, SIM-84 techniques. SHA-88 Simmons, G.J. Shain, M. "A System for Verifying User SED-87 "Security in Electronic Funds Identity and Authorization at '88 Sedlak, H. Transfer." Proc. mP/Sec. . the Point-of-Sale or Access,"

"The RSA Cryptography AustraUa, 1989, (2: CAE-89), Cryptologia, January 1984, pp. Processor," Proc. Eurocrypt pp. 367-380. 1-21. '87 , Amsterdam, 1987, (8: CHA-88a), pp. 95-105. Key Words: methods, Key Words: authentication, network, case. case. Key Words: RSA, crypto, hardware. SIM-85 Simmons, G.J. "The Practice of Authentication," Proc. '85 Eurocrypt . Linz. 1985. (8: PIC-86). pp. 261-272.

Key Words: authentication, methods.

7-19 SIM-87 SMI-88a SOR-84 Simmons, G.J. Smid, M., et al. Sorkin.A., and J.C. Buchanan "Message Authentication with Message Authentication Code "Measurment of Cryptographic Arbitration of Transmitter/ (MAC) Validation System: Capability Protection

Receiver Disputes," Proc. Requirements and Procedures . Algorithms," Computers & '87 EurocTVpt , Amsterdam, SP 500-156, National Institute Security . May 1984. pp. 101- 1987. (8: CHA-88a), pp. 151- of Standards and Technology, 116. 165. Gaithersburg, MD, May 1988. Key Words: crypto, design, Key Words: authentication. Key Words: authentication, methods. design, methods, requirements. SIM -88 STO-89 Simmons, G.J. SMI-89 Stonebumer, G.R., and "A Survey of Information Smid, M., J. Dray, D.A. Snow Authentication," Proceedings and R. Wamar "The Boeing MLS LAN:

of the IEEE , May 1988, pp. "A Token Based Access Headed Towards an INFOSEC 603-620. Control System for Computer Security Solution," Proc. 12th Networks," Proc. 12th Natl. Natl. Comp. Sec. Conf.. (5:

Key Words: authentication. Comp. Sec. Conf. . (5: NCS- NCS-89), 1989. pp. 254-266.

89) , 1989. pp. 232-253. SIM-88a Key Words: MLS, LAN, Simmons, G.J. Key Words: network, control, design, case. "How to Insure that Data case. Acquired to Verify Treaty TAT-87 Compliance Are SMI-89a Tater, G.L. Trustworthy," Proceedings of Smith, J.M. 'The Secure Data Network

the IEEE , May 1988, pp. "Practical Problems with a System: An Overview:, Proc.

621-627. Cryptographic Protection 10th Natl. Comp. Sec. Conf. , '89 Scheme," Proc. Crypto , (5: NCS-87a), 1987, pp. 150- Key Words: verification, Santa Barbara, CA, (8: BRA- 152.

crypto. 90) , 1989. Key Words: network, design, SMI-81 Key Words: crypto, design, case. Smid, M.E. methods. "Integrating the Data TAT-89 Encryption Standard into SNA-88 Tatebayashi, M., N.Matsuzaki. Computer Networks," IEEE Snare, J. and D.B. Newman

Trans, on Communications , "Secure Electronic Data "Key Distribution Protocol for June 1981, pp. 762-772. Exchange," Proc. iHF/Sec. Digital Mobile Communication Australia, (2: System," Proc. '89 J8, 1989, CAE- Crypto , Key Words: DES, network, 89), pp. 331-342. Santa Barbara, CA, (8: BRA- design. 90). 1989. Key Words: network, case. SMI-87 Key Words: crypto, protocols, Smidi, M.K. SOR-83 key. "A Verified Encrypted Packet Sorkin, A. Interface," ACM Software "Requirements for A Secure TEN-86

Engr. Notes , July 1987. Terminal Switch," Computers Tener, w.T.

& Security , November 1983, "Discovery: An Expert System Key Words: crypto, design, pp. 268-274. in the Communications Data case. Security Environment," Proc. '86 Key Words: requirements, mP/Sec. . Monte Carlo, SMI-88 case. 1986, (2: GRI-89). Smid, M.E., and D.K. Branstad Key Words: general, network, "The Data Encryption case. Standard: Past and Future,"

Proceedings of the IEEE , May 1988, pp. 550-559.

Key Words: DES, crypto, general.

7-20 TOP-84 TUR-80 VOY-83 Toppen, R. Tum, R. Voydock, V.. and S.T. Kent "IrLBnite Confidence: The "AppUcations of "Security for Computer Audit of Communication Cryptography," in Rullo, T.A. Communication Networks," (Ed.), Networks," Computers & Advances in Computer ACM Computing Surveys .

Security . November 1984, pp. Security Management, Vol. 1 , June 1983. pp. 135-171. 303-313. Heyden & Son, Philadelphia, PA, 1980, pp. 170-200. Key Words: methods, general. Key Words: auditing, network. Key Words: crypto, general. VOY-85 Voydock, V.L.. and TOR-85 VAN-85 S.T. Kent Torrieri, D.J. Vandewalle, J. et al. "Security Mechanisms in a Principles of Sectire "Implemerttation Study of Transport Layer Protocol,"

Communication Systems , Public Key Cryptographic Computers & Security . Artech House, Norwood, Protection in an Existing December 1985. pp. 325-341. MA, 1985. Electronic Mail and Document Handling System," Proc. Key Words: methods, '85 Key Words: book, methods, EurocTVpt . Linz. 1985, (8: protocols. general. PIC-86), pp. 4349. VOY-85a TRO-85 Key Words: EM. cerypto, Voydock, V.L.. and Troy, E.F. public key. 5.T. Kent "Dial-Up Security Update," "Security in Kigh-Level Proc. 8lJi Natl. Comp. Sec. VAN-87 Network Protocols." IEEE

Conf. , (5: NCS-85), 1985, van Heurck, P. Communications Magazine , pp. 124-132. 'TRASEC: Belgian Security July 1985, pp. 12-24. System for Electronic Funds Key Words: PC, methods, Transfers," Computers & Key Words: network,

hardware. Security , June 1987, pp. 261- protocols. 268. TRO-86 WAL-85 Troy, E.F. Key Words: network, Walker, S.T.

Security for Dial-Up Lines , methods, case. "Network Security Overview," SP 500-137, National Bureau Proc. 1985 IEEE Symp. Sec.

of Standards, Gaithersburg, VAN-88 6. Privacy . (5:IEE-85), pp. 62- MD, May 1986. van der Bank. D.. and 76. E. Anderssen Key Words: PC, methods, "Cryptographic Figiire of Key Words: network, general.

hardware. Merit," Computers & Security , June 1988. pp. 299-303. WAL-89 TSU-89 Walker, S.T. Tsudik, G. Key Words: crypto, design, "Network Security: The Parts "Datagaram Authentication in methods. of the Sum," Proc. 1989 IEEE

Internet Gateways: Symp. Sec. & Privacy , (5:IEE- Implications of Fragmentation VAR-89 89b), pp. 2-9. and Dynamic Routing," IEEE Varadharajan, V. Journal on Selected Areas "Verification of Network Key Words: network, general.

Communication , May 1989, Security Protocols."

pp. 499-504. Computers & Security . WIL-80 December 1989. pp. 693-708. WiUiams, H.C. Key Words: authentication, "A Modification of the RSA case. Key Words: verification, Public -Key Cryptosystem," protocols. IEEE Trans, on Inform.

Theory , November 1980, pp. 726-729.

Key Words: RSA, crypto, design.

7-21 WIT-88 WOO-81 WOO-89 Witten. I.H. and J.G. Cleary Wood, C.C. Wood, C.C. "On the Privacy Afforded by "Future Applications of "Planning: A Means to Ad^tive Text Compression," Cryptography," Proc. 1981 Achieve Data Communications

Computers & Security , IEEE Symp. Sec. & Privacy. Security." Computers &

August 1988, pp. 397-408. (5:IEE-81), pp. 70-74. Security . May 1989. pp. 189- 199. Key Words: methods, case, Key Words: crypto, general. techniques. Key Words: methods, design. WOO-82 WON-85 Wood, C.C. WOO-89a Wong, R.M., T.A.Berson, "Future Applications of Woodfield, N.K. and R.J. Feiertag Cryptography." Computers & "An Approach for Evaluating

"Polonius: An Identity Security . January 1982, pp. the Security of an Air Force Authentication System," Proc. 65-71. Type Network." Proc. 5th Sec.

1985 IEEE Svmp. Sec. & . Applicat Conf.. (5:IEE-89c).

Privacy . (5:IEE-85). pp. 101- Key Words: crypto, general. 1989. pp. 53-62. 107. WOO-83 Key Words: network, methods, Key Words: authentication, Wood, H.M., and case. case. I.W. Cotton "Security in Computer WON-89 Commtmications," in W. Chou Wong, R.M. (Ed.), Computer "Logon in Distributed Communications, Vol. 1, Systems," Digest of Papers, Prentice-Hall, Englewood '89 IEEE Compcon . 1989, CUffs, NJ. 1983, pp. 369-409. pp. 338-341. Key Words: methods, general. Key Words: methods, network.

7-22 8. Cryptography

This section cites publications on the theoretical and practical aspects of cryptography, cryptanalysis, and cryptographic protocols.

ACE-81 ADL-83 AKL-82 "American Council of Adleman, L.M. Akl. S.G. Education Report on the "On Breaking Generalized "Digital Signatures with Public Cryptography Study Knap-sack Public-key Blindfolded Arbitrators Who Group," Communications of Cryptosystems," Proceedings. Cannot Form Alliances." Proc.

the ACM . July 1981, pp, 15th ACM Symposium on 1982 IEEE Svmp. Sec, and

435-450. Theory of Computing , 1983, Privacy . (5: IEE-82). pp. 129- pp. 402-412. 135. Key Words: policy, research. Key Words: analysis, Key Words: signatures. ADA-87 kiiapsack. methods. Adams, CM. "Seairity-Related Comments AGN-87 AKL-83 Regarding McEUece's Agnew, G.B. Akl, S.G. Public Key Cryptosystem," "Random Sources for "On the Security of '87 Proc. Crypto , Santa Cryptographic Systems," Proc. Compressed Encodings," Proc. '87 '83 Barbara, CA, 1987. (8: POM- Etirocrypt , Amsterdam, Crypto . Santa Barbara. 88), pp. 224-228. 1987. (8: CHA-88a), pp. 77- CA, 1983. (8: CHA-84b). pp. 81. 209-230. Key Words: evaluation, public-key. Key Words: random, Key Words: analysis, codes. techniques. ADL-82 AKL-83a Adleman, L.M., AGN-88 Akl, S.G. "On Breaking the Iterated Agnew. G.B.. R.C. Mullin, "Digital Signatures: Tutorial

Merkle-Hellman Pubhc-Key and S.A. Vanstone Survey," IEEE Computer , Cryptosystem," Proc. Crypto "An Interacrtive Data February 1983, pp. 14-24. '82 . Santa Barbara, CA, Exchange Protocol Based on 1982, (8: CHA-83b), pp. Discrete Exponentionation." Key Words: signatures. '88 303-313. Proc. Eurocrypt . Davos, general. 1988. (8: GUN-89). pp. 159- Key Words: analysis, 176. AKL-84 knapsack. Akl, S.G., and H. Meijer Key Words: methods, "A Fast Pseudo Random ADL-82a protocols. Permu-tation Generator with Adleman, L.M. Applica-tions to "Implementing an Electronic AHI-87 Cryptography," Proc. Crypto '84 Notary Public," Proc. Crypto Ahituv, N., Y. Lapid, , Santa Barbara, CA, 1984, '82 BLA-84a), 269-275. , Santa Barbara, CA, and S. Neumann (8: pp. 1982, (8: CHA-83b), pp. "Processing Encrypted Data," 259-265. Communications of the ACM. Key Words: random, September 1987. pp. 777-780. techniques. Key Words: signatures, design. Key Words: techniques. ALP-83 Alpem, B., and B. Schneider "Key Exchange Using 'Keyless Cryptography'," Information

Processing Letters , 1983, pp. 79-81.

Key Words: keys, techniques.

8-1 AMI-81 BAL-85 BEN-84 Amirazizi, H.R., E.D. Kamin, Baldwin, R.W.. and Bennet, C.H., and G. Brassard and J.M. Reyneri W.C. Gramlich "Update on Quantum "Compact Knapsacks are "Cryptographic Protocol for Cryptography," Proc. Crypto '84 Polyno-mially Solvable," Trustable Match Making," , Santa Barbara, CA, 1984. Proc. Crypto '81, Santa Proc. 1985 IEEE Symp. Sec, (8: BLA-84a). pp. 475-480.

Barbara, CA, 1981, (8: GER- and Privacy , (5: IEE-85), pp. 82). pp. 17-24. 92-100. Key Words: techniques, methods. Key Words: analysis, Key Words: protocols, knapsack. methods. BEN-85 Bennet, C.H.. G. Brassard, AND-82 BAN-83 and J.-M. Robert Andelman, D., and J. Reeds Banary, I., and Z. Furedi "How to Reduce Your "On the Cryptanalysis of "Mental Poker with Three or Enemy's Information," Proc. '85 Rotor Machines and More Players." Information Crypto , Santa Barbara, 84-93. Substitution-Permutation and Control . 1983. pp. CA, 1985, (8: WIL-86), pp. Networks," IEEE Trans, on 468-476.

Inform. Theory , No. 4, 1982, Key Words: protocols, pp. 578-584. methods. Key Words: methods, theory.

Key Words: analysis, BEK-82 BEN-86 hardware. Beker, H., and F. Piper Benaloh, J.C. Cipher Systems: The "Cryptographic Capsules: A

ASM-83 Protection of Communications , Disjunctive Primitive for Asmuth, C, and J. Blum J. Wiley & Sons, New York, Interactive Protocols," Proc. '86 "A Modular Approach to Key 1982. Crypto , Santa Barbara, Safeguarding," IEEE Trans, CA. 1986. (8: ODL-87). pp. on Inform. Theory, March Key Words: book, techniques, 213-222. 1983. pp. 208-210. methods, general. Key Words: methods, Key Words: methods, keys. BEL-89 protocols. Bellare, M., and AVA-88 S. Goldwasser BEN-86a Avame, S. "New Paradigms for Digital Benaloh. J.C. "Cryptography — Combatting Signatures for Smart Cards," "Secret Sharing '89 Data Compromise." Security Proc. Crypto , Santa Homomorphisms: Keeping

Management , October 1988. Barbara, CA, (8: BRA-90), Shares of a Secret Secret," '86 pp. 38-43. 1989. Proc. Crypto . Santa Barbara. CA, 1986. (8: ODL- Key Words: threats, methods. Key Words: signatures, 87). pp. 251-260. methods. AYO-83 Key Words: methods, Ayoub, F. BEN-82 protocols. 'The Design of Complete Bennett, C.H., et al. Encryption Packages Using "Quantum Cryptography, or BEN-87 Cryptographically Equivalent Unforgeable Subway Tokens." Bennett. J. '82 Permutations," Computers & Proc. Crypto . Santa "Analysis of the Encryption

Security , November 1983, pp. Barbara, CA, 1982, (8: CHA- Algorithm Used in the 261-267. 83b), pp. 267-275. WordPerfect Word Processing Program." Cryptologia, October Key Words: methods, design. Key Words: authentication, 1987. pp. 206-210. case. Key Words: methods, case.

8-2 BEN-89 BET-86 BLA-84 Bender, A., and Beth, T., et al. (Eds.) Blakely. G.R.. and

G. Castagnoli Advances in Cryptology . D.L. Chaum (Eds.) '85 "On the Implementation of Proceedings. Eurocrypt . Advances in Cryptology: '84 Elliptic Curve Linz, Austria, April 1985, Crypto , Santa Barbara. Cryptosystems," Proc. Crypto Lecture Notes in Computer CA. August 1984. Lect. Notes •89 . SanU Barbara, CA, (8: Science, Vol. 209 Springer- in Comp. Sci., No. 196, BRA-90). 1989. Veriag, New York, 1986 Springer-Veriag. Berlin, 1984.

Key Words: methods, theory. Key Words: proceedings, Key Words: proceedings, general. general. BER-84 Berger, R., et al. BET-88 BLA-84a "A Provjdjly Secure Beth, T. Blakely, G.R., and Oblivious Transfer Protocol," "Efficient Zero-Knowledge C. Meadows '84 Proc. Eurocrypt , Paris, Identication Scheme for Smart "Security of Ramp Schemes," '88 '84 1984. (8: BET-85). pp. 379- Cards," Proc. Eurocrypt . Proc. Crypto , Santa 386. Davos. 1988. (8: GUN-89). Barbara, CA, 1984, (8: BLA- pp. 77-84. 84a), pp. 242-268. Key Words: oblivious, protocols. Key Words: authentication, Key Words: analysis, methods. zeto. BER-85 BLA-84b Berger, R.. et al. BEU-87 Blakely, G.R. "A Framework for the Study Beutelspacher. A. "Information Theory Without of Cryptographic Protocols." "Perfect and Essentially the Finiteness Assumption, I: '85 Proc. Crypto , Santa Perfect Authentication Cryptosystems as Group- Barbara, CA, 1985, (8: WIL- Schemes." Proc. Eurocrypt Theoretic Objects," Proc. '87 '84 86), pp. 87-103. . Amsterdam. 1987. (8: Crypto , Santa Barbara, CHA-88a). pp. 167-170. CA, 1984, (8: BLA-84a), pp. Key Words: model, protocols. 314-338. Key Words: authentication, BET-82 methods. Key Words: analysis, theory. Beth, T., and T. loth "Algorithm Engineering for BLA-80 BLA-85 Public Key Algorithms," Blakely, G.R. Blakely. G.R. Proc. 1982 IEEE Symp. Sec. "One Time Pads Are Key "Information Theory Without the Finiteness Assumption. 11: & Priv. . (5: IEE-82), pp. Safeguarding Schemes. Not 458-466. Cryptosystems." Proc. 1980 Unfolding the DES." Proc. '85 IEEE Symp. Sec. & Priv. . (5: Crypto , Santa Barbara, Key Words: algorithms, IEE-80). pp. 108-113. CA, 1985, (8: WIL-86). pp. design. 282-337. Key Words: methods, keys. BET-83 Key Words: DES. analysis, Beth, T. (Ed.) BLA-80a theory. Cryptography, Proceedings, Blakely, G.R. Burg Feuerstein Conference "Safeguarding Cryptographic BLA-85a

1982 , Lecture Notes in Keys," Proc. 1980 IEEE Blakely. G.R.. C. Meadows,

Computer Science, Springer Symp. Sec. & Priv. . (5: IEE- and G.B. Purdy Veriag, Berlin, 1983. 80), pp. 108-113. "Fingerprinting Long Forgiving '85 Messages," Proc. Crypto , Key Words: proceedings, Key Words: methods, keys, Santa Barbara, CA, 1985, (8: general. WIL-86). pp. 180-189.

Key Words: methods, theory.

8-3 BLA-86 BLU-83 BRA-83 Blakely, G.R., and Blum. M. Brassard, G. R.D. Dixon "How to Exchange (Secret) "A Note on the Complexity of "Smallest Possible Message Keys." ACM Trans, on Cryptography," IEEE Trans, on

in Threshold Computer Systems . Expansion May 1983. Informat. Theory . November '86 175-193. Schemes," Proc. Crypto . pp. 1983. pp. 232-233. Santa Barbara, CA, 1986. (8: ODL-87), pp. 266-274. Key Words: protocols, keys. Key Words: complexity, theory. Key Words: methods, theory. BLU-84 Blum. M.. and S. Micali BRA-83a BLA-87 "How to Gen^ate Brassard, G. Blakely, G.R., and Cryptographically Strong "Relativized Cryptography," W. Rundell Sequences of Pseudo-Random IEEE Trans, on Inform. Bits." "Cryptosystems Based on an SIAM Joumal of Theory . 1983, pp. 877-894. Analog of Heat Flow," Proc. Computation. November 1984. '87 Crypto , Santa Barbara, Key Words: methods, general. CA, 1987, (8: POM-88), pp. Key Words: mathods. random. 306-329 BRA-86 BLU-84a Brassard, G., and C. Crepeau Key Words: models, Blum. M.. and S. Goldwasser "Non-Transitive Transfer of methods. "An Efficient Probabiliastic Confidence: A Perfect Zero- Public-Key Encryption Knowledge Interactive Protocol BLO-82 Scheme which Hides All for SAT and Beyond," Blom, R. Partial Infromation," Proc. Proceedings, 27th IEEE '84 "Non-Public-key Crypto . Santa Barbara, Annual Symposium on the Distribution," Fhroc. Crypto CA. 1984. (8: BLA-84a). pp. Fotmdations of Computer '82 . Santa Barbara, CA, 289-299. Science . 1986. pp. 188-195. 1982, (8: CHA-83b). pp. 231-236. Key Words: algorithm, zero. Key Words: protocols, zero.

Key Words: keys, BOO-85 BRA-86a management. Book. R.V., and F. Otto Brassard. G., C. Crepeau, 'The Verifiability of Two-Part and J.-M. Robert BLO-84 Protocols," Proc. Eurocrypt "All-Or-Nothing Disclosure of PIC-86). Secrets," Proc. '86 Blom. R. J5, Linz, 1985. (8: Crypto , "An Upper Bound on the pp. 254-260. Santa Barbara, CA, 1986, (8: Key Equivocation for Piffe ODL-87). pp. 234-238. Ciphers." IEEE Trans, on Key Words: verification, protocols. Words: methods, theory. Inform. Theory . 1984, pp. Key 82-84. BRA-81 BRA-88 Key Words: methods, theory. Brassard. G. Brandt, J., I.B. Damgard, "A Time-Luck Tradeoff in and P. Landrock BLO-84a Relativized Cryptography." "Anonymous and Verifiable Blom, R. Joumal of Computer and Registration in Databases." '88 Proc. Eurocrypt . Davos. "An Optimal Class of System Science , 1981, pp. Symmetric Key Generation 280-311. 1988. (8: GUN-89). pp. 167- Systems," Proc. Eurocrypt 76. J4. Paris. 1984. (8: BET- Key Words: methods, design. authentication, 85). pp. 335-338. Key Words: BRA-82 methods, theory. Key Words: keys, theory. Brassard, G. "On Computationally Secure BRA-88a BLU-82 Authentication Tags Requiring Brassard, G. Blum. M. Short Shared Keys," Proc. Modem Cryptology: A

'82 Tutorial . Lecture Notes in "Coin Flipping by Crypto . Santa Barbara, Telephone." Proc. IEEE CA, 1982, (8: CHA-83b), pp. Computer Science No. 325. Springer-Verlag. New York. Spring Computer Conference . 79-85. 1982. pp. 133-137. NY. 1988 Key Words: authentication, Key Words: protocols, case. keys. Key Words: book, general.

8-4 BRA-90 BRI-84 BRI-87b Brassard, G. Brickell, E.F. BrickeU. E.F., P.J. Lee, Advances in Cryptology. "A Few Results in Message and Y. Yacobi

Proceedings of Crypto-89 , Authentication" Congress "Secure Audio

Santa Barbara, CA, August Numerantium , December Teleconference," Proc. Crypto '87 1989, Lecture Notes in 1984. pp. 141-154. . Santa Barbara, CA. 1987. Computer Science, Springer (8: POM-88). pp. 418-426. Verlag, Berlin, 1990. Key Words: authentication, methods, theory. Key Words: techniques, Key Words: proceedings, design. general. BRI-84a BrickeU, E.F. BRI-88 BRI-82 "Breaking Iterated BrickeU, E.F., and '84 BrickeU, E.F. Knapsacks," Proc. Crypto , A.M. Odlyzko "A Fast Modular Santa Barbara, CA, 1984, (8: "Cryptanalysis: A Survey of Multiplication Algorithm with BLA-84a), pp. 342-358. Recent Results," Proceedings Application to Two-Key of the IEEE. May 1988, pp. Cryptography," Proc. Crypto Key Words: analysis, 578-593. '82 . Santa Barbara, CA, knapsack. 1982. (8: CHA-83b), pp. 51- Key Words: analysis, methods. 60. BRI-85 Brickell, E.F., and BRI-88a Key Words: RSA, techniques. J.M. DeLaurentis BrickeU, E.F., and "An Attack on a Signature D.R. Stinson BRI-82a Scheme Proposed by Okamoto "Authentication Codes with Brickell. E.F.. J.A. Davis, and Shiraishi," Proc. Crypto Multiple Arbitrers," Proc. '85 '87 and G.J. Simmons . Santa Barbara, CA, 1985. Eurocrypt , Amsterdam. "A Preliminary Report on the (8: WIL-86). pp. 28-32. 1987. (8: CHA-88a), pp. 51- Cryptanalysis of Merkle- 55. Hellman Knapsack Key Words: analysis, Cryptosystems," Proc. Crypto signatures. Key Words: authentication, '82 . Santa Barbara, CA, codes. 1982, (8: CHA-83b), pp. BRI-86 289-301. BrickeU, E.F., J.H. Moore, BRI-89 and M.R. Purtill BrickeU, E.F., and Key Words: analysis, "Structure in the S-Boxes of D.M. Davenport '86 knapsack. the DES," Proc. Crypto , "On the Classification of Ideal Santa Barbara, CA. 1986, (8: Secret Sharing Systems," Proc. '89 BRI-83 ODL-87), pp. 3-32. Crypto , Santa Barbara, Brickell.E.F. CA, (8: BRA-90), 1989. "Solving Low Density Key Words: DES, analysis. '83 methods, theory. Knapsacks" Proc. Crypto , Key Words: Santa Barbara, CA, 1983. (8: BRI-87 CHA-84b), pp. 25-38. BrickeU, e.F. BUC-82 "On Privacy Buck. R.C. Key Words: analysis, Homomorphisms," Proc. 'The Public Cryptography knapsack. Eurocrypt '87, Amsterdam, Study Group," Computers &

1987, (8: CHA-88a), pp. 117- Security , November 1982, pp. BRI-83a 125. 249-254. Brickell, E.F., and G.J. Simmons Key Words: methods, theory. Key Words: policy, research. "A Status Report on Knapsack Based Public-key BRI-87a Cryptosystems," Congressus BrickeU, E.F.. et al.

Numerantium . Vol. 37, 1983, "Gradual and Verifiable pp. 3-72. Release of a Secret," Proc. '87 Crypto , Santa Barbara, Key Words: analysis, CA, 1987. (8: POM-88), pp. knapsack. 156-166.

Key Words: verification, methods.

8-5 BUC-88 CAR-88 CHA-85 Buchmann, J., and Carroll, J.M., and Chaum, D., and J.-H. Evertse H.C. WUliams L.E. Robbins "Cryptanalysis of DES with a "A Key-Exchange System "Using Binary Derivatives to Reduced Number of Rounds Based on Imaginary Test an Enhancement of Sequences of Linear Factors in Quadratic Fields," Journal of DES," Cryptologia, October Block Ciphers," Proc. Crypto '85 Cryptology . Vol. 1, No. 2, 1988, pp. 193-208. , Santa Barbara, CA, 1985, 1988, pp. 107-118. (8: WIL-86), pp. 192-211. Key Words: DES, evaluation. Key Words: methods, keys, Key Words: DES, analysis, theory. CHA-81 design. Chaum, D.L. BUC-89 "Untraceable Electronic Mail, CHA-85a Buchmann, J.A., and Return Addresses, and Digital Chaum, D. H.C. WUUams Pseudonyms," "Security Without "A Key Exchange System Communications of the ACM, Identification: Transaction Based on Real Quadratic February 1981, pp. 84-88. System to Make Big Brother '89 Fields," Proc. Crypto . Obsolete," Communications of

Santa Barbara, CA, (8: BRA- Key Words: methods, the ACM , October 1985, pp. 90), 1989. protocols. 1030-1044.

Key Words: methods, keys, CHA-82 Key Words: techniques, theory. theory. Chaum, D. "Blind Signatures for CHA-86 CAD-86 Untraceable Payments," Proc. Chaum, D., and J.-H. Evertse '82 Cade, J.J. Crypto , Santa Barbara, "A Secure and Privacy- "A Modification of A Broken CA, 1982, (8: CHA-83b), pp. Protecting Protocol for Public-Key Cipher," Proc. 199-203. Transmitting Personal

Crypto '86 , Santa Barbara, Infromation Between CA, 1986, (8: ODL-87), pp. Key Words: signatures, Organizations," Proc. Crypto '86 64-83. theory. , Santa Barbara, CA, 1986, (8: ODL-87), pp. 118-167. Key Words: methods, design. CHA-83 Chaum, D., R.L. Rivest, and Key Words: protocols, design. CAR-86 A.T. Sheridan (Eds.), Carroll, J.M., and S. Martin Advances in Cryptology: Proc. CHA-86a

"The Automated of Crvpto-82 , Santa Barbara, Chaimi, D. Cryptanalysis of Substitution CA, August 1982, Plenum "Demonstrating the a Public Ciphers," Cryptologia, Press, New York, 1983. Predicate Can Be Satisfied October 1986, pp. 193-209. Without Revealing Any Key Words: proceedings, Infromation About How," Proc. '86 Key Words: analysis, general. Crypto , Santa Barbara, methods. CA, 1986, (8: ODL-87), pp. CHA-84 195-199. CAR-87 Chaum, D. (Ed.), Carroll, J.M., and L. Robbins Advances in Cryptology: Proc. Key Words: protocol, theory,

"The Automated of Crypto-83 . Sata Barbara, zero. Cryptanalysis of CA, August 1983, Plenum Polyalphabetic Ciphers," Press, New York, 1984. CHA-86b Cryptologia, October 1987, Chaum, D., et al. pp. 193-205. Key Words: proceedings, "Demonstrating Possession of a general. Discrete Logarithm Without Key Words: analysis, Revealing It," Proc. Crypto '86 methods. . Santa Barbara, CA, 1986, (8: ODL-87), pp. 200-212.

Key Words: protocol, theory, zero.

8-6 CHA-87 CHA-88b CHO-88 Chaum, D., LB. Damgard, Chaum, D. Chor, B., and R.L. Rivest and J. Van de Graaf "Elections with "A Knapsack-Type Public-key "Multiparty Computations Unconditionally Secret Ballots Cryptosystem Based on Ensuring of Each Party's and Disruption Equivalent to Arithmetic in Finite Fields," Input and Correctness of the Breaking RSA," Proc. IEEE Trans, on Inform. '87 Result," Proc. . '88 Crypto Eurocrypt . Davos, 1988, Theory , September 1988, pp. Santa Barbara, CA, 1987. (8: (8: GUN-89). pp. 177-182. 901-909. POM-88), Key Words: RSA. protocols. Key Words: methods, Key Words: protocols, knapsack, theory, public-key. theory. CHA-89 Chaum. D. CHO-89 CHA-87a "Undeniable Signatues" Proc. Chor, B.. and E. Kushilevitz '89 Chaum, D. Crypto , Santa Barbara, "Secret Sharing over Infinite '89 "Blinding for Unaticipated CA, (8: BRA-90), 1989. Domains." Proc. Crypto , Signatures," Proc. Eurocrypt Santa Barbara, CA, 1989, (8: '87 , Amsterdam. 1987. Key Words: signatures, BRA-90). (CHA-88a). pp. 227-233. methods. Key Words: methods, theory. 'Cey Words: signatures, CHA-89a methods. Chaum, D. CU-84 "The Spymaster's Double- "Government and CHA-87b Agent Problem: Multiparty Cryptography," Computer/Law

Chaum. D.. J.-H. Evertse. Computations Secure Journal . Winter 1984. pp. 573-

and J. van de Graaf Unconditionally from All 603. "An Improved Protocol for Minorities and Demonstrating Posession of a Cryptographically from Key Words: policy, research. '89 Discrete Logarithm and Some Majorities," Proc. Crypto , Generalizations." Proc. Santa Barbara, CA, (8: BRA- COH-85 '87 Eurocrypt , Amsterdam, 90), 1989. Cohen, J., and M. Fischer 1987, (CHA-88a). pp. 127- "A Robust and Verifiable 141. Key Words: protocols, theory. Cryptographically Secure Election System," Proceedings, Key Words: protocols, CHO-84 26th IEEE Symposium on

theory. Chor, B. and R.L. Rivest Foimdations of Computing , "A Knapsack Type Public -key 1985, pp. 372-382. CHA-88 Cryptosystem Based on Arith Chaum. D.. and metic in Finite Fields," Proc. Key Words: methods, '84 W.L. Price (Eds.) Crypto , Santa Barbara, protocols.

Advances in Cryptology : CA, 1984, (8: BLA-84a), pp. '87 Eurocrypt Proceedings . 54-65. COO-80 Amsterdam. April 1987, Cooper, R.H. Lecture Notes in Computer Key Words: methods, "Linear Transformations in Science No. 304, Springer- knapsack. Galois Fields and Their Verlag, New York, 1988. AppUcations to Cryptography," CHO-85 Cryptologia, Vol. 4, 1980, pp. Key Words: proceedings, Chor. B.. et al. 184-188. general. "Verifiable Secret Sharing and Achieving Simultaneity in the Key Words: algorithms, theory. CHA-88a Presence of Faults," Chaum, D. Proceedings, 26th IEEE COO-84 "The Dining Cryptographers Annual Symposium on the Cooper, R.H., W. Hyslop,

Problem: Unconditional Foundations of Comp. Sci. , and W. Patterson Sender and Receiver 1985. pp. 383-395. "An Application of the Untraceability," Journal of Chinese Remainder Theorem to Multiple-Key Encryption in Cryptology , Vol. 1, No. 1, Key Words: protocols, 1988, pp. 65-75. methods. Data Base Systems," Proc. '84 MP/Sec. , Toronto, 1984, Key Words: protocols, (2: FIN-85), pp. 553-556. theory. Key Words: methods, theory.

8-7 COP-84 DAV-80 DAV-83a Coppersmith, D. Davies. D.W.. W.L. Price, Davis, J.A., and "Another Birthday Attack," and GJ. Parkin D.B. Holdridge '85 Proc. Crypto . Santa "Evaluation of Public-key "Factorization Using the Barbara, CA, 1985, (8: WIL- Cryptosystems." Information Quadratic Sieve Algorithm," 86), pp. 14-17. Privacy (U.K.). March 1980, Proc. Crypto '83. Santa pp. 138-154. Barbara, CA, (8: CHA-84b), Key Words: analysis, 1983, pp. 103-113. methods. Key Words: evaluation, public-key. Key Words: analysis, COP-85 techniques. Coppersmith, D. DAV-80a "Cheating at Mental Poker," Davies, D.W., and D.A. Bell DAV-83b Proc. Crypto '85. Santa "Protection of Data by Davio, M., et al., Barbara, CA. 1985, (8: WIL- Cryptography," Information "Analytical Characteristics of '83 86). pp. 104-107. Privacy , (U.K.), May 1980, the DES," Proc. Crypto . pp. 106-125. Santa Barbara, CA, 1983. (8: Key Words: threats, CHA-84b). pp. 171-202. protocols. Key Words: techniques, case. Key Words: DES, analysis, COP-87 DAV-82 methods. Coppersmith. D. Davies. D.W. "Cryptography," IBM Journal "Some Regular Properties of DAV-84 of Research and Data Encryption Standard Davio, M., Y. Desmedt, and '82 Development, March 1987, Algorithm." Proc. Crypto , J.-J. (Juisquater pp. 244-248. Santa Barbara, CA, 1982, (8: "Propagation Characteristics of '84 CHA-83b), pp. 89-96. the DES" Proc. Eurocrypt . Key Words: methods, Paris, 1984. (8: BET-85). pp. general. Key Words: DES, analysis. 62-73.

COS-81 DAV-82a Key Words: DES, analysis. Costas, IP. Davies, D.W., and "The Hand-Held Calculator G.I.P. Parkin DAV-84a as a Cryptographic 'The Average Cycle Size of Davis. JA., D.B. Holdridge. G.J. Simmons Terminal," Cryptologia, April the Key Stream in Output and 1981, pp. 94-117. Feedback Encipherment," "Status Report on Factoring '82 Sandia Laboratories)." Proc. Crypto , Santa (At the '84, Key Words: methods, Barbara, CA, 1982, (8: CHA- Proc. Eurocrypt Paris, 183- hardware. 83b), pp. 97-98. 1984, (8: BET-85), pp. 215. CRE-85 Key Words: DES, analysis. Crepeau, C. Key Words: RSA, analysis, "A Secure Poker Protocol DAV-82b methods. that Minimizes the Effect of Davida, G.I., and Y.Yeh Player Coalitions," Proc. "Cryptographic Relational DAV-87 Davida, G.I.. and G.G. Walter Crypto '85 , Santa Barbara, Algebra," Proc. 1982 IEEE "A Public -key Analog CA. 1985, (8: WIL-86), pp. Symp. Sec. & Privacy , (5: 73-86. IEE-82). 1982, pp. 111-116 Cryptosystem," Proc. Eurocrypt '87. Amsterdam. 1987. (CHA- Key Words: methods, Key Words: algorithms, 88a), pp. 144-147. protocols. theory. Key Words: methods, public- CRE-87 DAV-83 key. Crepeau, C. Davies, D.W. "Equivalence Between Two "Use of the 'Signature Token' Flavors of ObUvious to Create a Negotiable '83 '87 , Transfer." Proc. Crypto . Document, Proc. Crypto Santa Barbara, CA. 1987. (8: Santa Barbara, CA, (8: CHA- POM-88). pp. 350-354. 84b), 1983. pp. 377-382.

Key Words: oblivious, Key Words: signatuers. theory. methods.

8-8 DAV-87a DEJ-86 DEM-83a Davida, G.I, and BJ. Matt de Jonge, W., and D. Chaimi DeMillo, R.. and M. Merritt "Arbitration in Tamper Proof "Some Variations on RSA "Protocols for Data Security." '87. Systems," Proc. Crypto Signatures & Their Security," IEEE Computer . February Santa Barbara, CA, 1987, (8: Proc. Crypto '86, Santa 1983. pp. 39-50. POM-88), pp. 216-222. Barbara, CA. 1986, (8: ODL- 87). pp. 49-59. Key Words: protocols, general. Key Words: signatures, methods. Key Words: RSA, signatures. DEN-82 Denning. D.E. DAV-87b DEL-84 Cryptography and Data

Davida, G.I., and F.B. Danes DeLAurentis, J.M. Security . Addison-Wesley, "A Crypto-Engine," Proc. "A Further Weakness in the Reading, MA, 1982. '87 Crypto , Santa Barbara, Common Modulus Protocol CA, 1987, (8: POM-88), pp. for the RSA Cryptoalgorithm," Key Words: book, methods,

257-268. Cryptologia, July 1984, pp. models. 253-259. Key Words: methods, design. DEN-83 Key Words: RSA. analysis, Denning. D.E.. DAV-88 threats. j)rotocols. 'The Many-Time Pad: Theme Davis, JA, and and Variations," Proc. 1983

DB. Holdridge DEL-84a IEEE Symp. Sec. & Priv. , (5: "Factorization of Large Delsarte, P., et al. IEE-83a), pp. 23-30. Integers on a Massively "Fast Cryptanalysis of Parallel Computer," Proc. Matsumoto-Imai Public-key Key Words: techniques, case. '88 '84 Eurocrypt . Davos, 1988, Scheme," Proc. Eurocrypt , (8: GUN-89), pp. 235-243. Paris, 1984. (8: BET-85). pp. DEN-84 142-149. Denning. D.E. Key Words: analyis, "Digital Signatiffes with RSA techniques. Key Words: analysis, public- and Other PubUc-Key key. Cryptosystems." DEA-87 Communications of the ACM. Deavours, C.A., DEM-82 April 1984. pp. 388-392. Cryptology Yesterday. Today DeMillo. R.. N. Lynch, signatures. and Tomorrow . Artech and M. Merritt Key Words: RSA. House, Norwood, MA, 1987. "Cryptogr^hic Protocols." Proc. 14th ACM Symposium DEN-88 Boer, B. Key Words: book, general. on Theory of Computation, Den 1982, pp. 383-400. "Cryptanalysis of F.E.A.L.," '88 DEA-89 Proc. Crypto , Santa Deavours, C.A., et al. (Eds.) Key Words: protocols, Barbara. CA. 1988. pp. 293- Cryptology: Machines, general. 299.

History, and Methods . Artech House, Norwood, MA, 1989. DEM-83 Key Words: analysis, DeMillo, R.A., et al. algorithm. Key Words: book, general. "AppUed Cryptology, Cryptographic Protocols, and DES-84 DEJ-85 Computer Security Models," Desmedt, Y.G.. et al. deJonge, W., and D. Chaum Proceedings, 29th Symposium "A Critical Analysis of Security of Knapsack Public- "Attacks on Some RSA on Applied Mathematics , '85 Soc, key Algorithms," IEEE Trans, Signatures," Proc. Crypto , American Mathematical July Santa Barbara, CA. 1985, (8: 1983. on Inform. Theory, 1984, 601-611. WIL-86). pp. 18-27. pp. Key Words: models. Key Words: RSA. analysis, protocols. Key Words: analysis, signatures. knapsack.

8-9 DES-84a DES-87 DIF-81 Desmedt, Y., et al. De Santis. A., S. Micali, Diffie, W. "Dependence of Output on and G. Persiano "Cryptographic Technology: Input in DES: Small "Non-Interactive Zero- Fifteen Year Forecast," Proc. '81 Avalanche Characteristics," Knowledge Proof Systems," Crypto , Santa Barbara, '84 '87 Proc. Crypto . Santa Proc. Crypto , Santa CA. 1981. (8: GER-82). pp. Barbara, CA, 1984. (8: BLA- Barbara, CA, 1987. (8: POM- 84-108. 84a), pp. 359-376. 88), pp. 52-72 Key Words: methods, gneral. Key Words: DES, design, Key Words: theory, zero. analysis. DIF-88 DES-87a Diffie. W. DES -85 Desmedt, Y.G.. et al. "The First Ten Years of Desmedt, Y. "Special Uses and Abuses of Public-Key Cryptography." "Unconditionally Secure the Fiat-Shamir Passport Proceedings of the IEEE. May '86 Authentication Schemes and Protocol" Proc. Crypto . 1988. pp. 560-577. Practical and Theoretical Santa Barbara. CA, 1986. (8: Consequences." Proc. Crypto ODL-87), pp. 21-39 Key Words: public-key, '85 , Santa Barbara, CA. methods. 1985, (8: WIL-86), pp. 42- Key Words: thretas, protocols. 55. DOL-81 DES-87b Dolev. D., A.C. Yao Key Words: authentication, Desmedt, Y.G. "On the Security of Public theory. "Society and Group Oriented Key Protocols," Proc, 22nd Cryptography: A New Annual Symp. on the '87 DES-85a Concept," Proc. Crypto , Foundations of Comp. Sci. . Desmedt, Y., and Santa Barbara, CA, 1987, (8: 1981. A.M. Odlyzko POM-88), pp. 120-127. "A Chosen Text Attack on Key Words: analysis, public- the RSA Cryptosystem and Key Words: policy, methods. key. Some Discrete Logarithm '85 Schemes," Proc. Crypto , DES-88 DOL-82 Santa Barbara, CA. 1985, (8: Desmedt, Y.G. Dolev. D.. and A. Wigderson WIL-86), pp. 516-522. "Subliminal-Free "On the Security of Multi- Authentication and Signature," Party Protocols in Distributed '88 '82 Key Words: RSA, analysis, Proc. Crypto , Santa Systems." Proc. Crypto , threats. Barbara, CA, 1988, pp. 23-33. Santa Barbara, CA, 1982, (8: CHA-83b), pp. 167-175. DES-86 Key Words: authentication, Desmedt, Y., and methods. Key Words: analysis, J.-I. Quisquater protocols. "Public-Key Systems Based DES-88a on the Difficulty of De Soete, M. DOL-82a Tampering," Proc. Crypto "Some Constructions for Dolev, D., S. Even, '86 , Santa Barbara, CA, Authentication-Secrecy and R.M. Karp '88 1986, (8: ODL-87), pp. Hi- Codes," Proc. Eurocrypt , "On the Security of Ping-Pong '82 ll?. Davos, 1988, (8: GUN-89), Algorithms," Proc. Crypto , pp. 57-75. Santa Barbara, CA, 1982, (8: Key Words: public-key, CHA-83b), pp. 177-186. design. Key Words: authentication, codes. Key Words: analysis, DES-86a algorithms. Desmedt, Y. DES-89 "Is There A Ultimate Use of Desmedt, Y.G. DOL-83 Cryptography?," Proc. Crypto "Making Conditionally Secure Dolev, D., and A.C. Yao '86 , Santa Barbara, CA, Cryptosystems Unconditionally "On the Security of Public-key 1986, (8: ODL-87). pp. 459- Abuse-Free in a General Protocols," IEEE Trans, on '89 463. Context." Proc. Crypto , Inform. Theory, March 1983, Santa Barbara, CA, (8: BRA- pp. 198-208. Key Words: policy, general. 90), 1989. Key Words: analysis, Key Words: methods, design. protocols.

8-10 EIE-83 EST-85 EVE-87 Eier, R., and H. Lagger Estes, D., et al. Evertse, J.-H. 'Tr^oors in Knapsack "Breaking the Ong-Schorr- "Linear Structures in Block '87 Cryptosystems," Proc. Burg Shamir Signature Scheme for Ciphers," Proc. Eurocrypt ,

Feuerstein Conf. , 1982, (8: Quadratic Number Fields," Amsterdam, 1987, (CHA-88a), '85 BET-83), pp. 316-322. Proc. Crypto , Santa pp. 249-266. Barbara, CA, 1985. (8: WIL- Key Words: analysis, 86). pp. 3-13. Key Words: analysis, methods. knapsack. Key Words: analysis, EVE-89 ELG-82 signatures. Even, S., O. Goldreich, ElGamal, T. and S. Micali "A Public-key Cryptosystem EVE-82 "On Line/Off Line Digital '89 and a Signature Scheme Even, S., O. Goldreich, Signatures," Proc. Crypto , Based on Discrete and A. Lempel Santa Barbara, CA, (8: BRA- Logarithms," Proc. Crypto "A Randomized Protocol for 90). 1989.

'84 , Santa Barbara, CA, Signing Contracts" Proc. '82 1984. (8: BLA-84a). pp. 10- Crypto , Santa Barbara, Key Words: signatures, 18. CA. 1982. (8: CHA-83b), pp. methods. 205-210. Key Words: methods, FAM-83 signatures. Key Words: signatures, Fam, B.W. random, protocols. "Improving the Security of ELG-85 Exponential Key Exchange," '83 ElGamal, T. EVE-85 Proc. Crypto , Santa "A Public-key Cryptosystem Even, S., O. Goldreich, Barbara, CA, 1983, (8: CHA- and Signature Scheme Based and A. Shamir 84b), pp. 359-368. on Discrete Logarithms," "On the Security of Ping-Pong IEEE Trans, on Inform. Protocols when Implemented Key Words: methods, keys.

Theory , July 1985, pp. 469- Using the RSA," Proc. Crypto '85 472. , Santa Barbara, CA, 1985, FEI-85 (8: WIL-86), pp. 58-72. Feigenbaum, J. Key Words: methods, "Encrypting Problem '85 signatures. Key Words: RSA, analysis, Instances," Proc. Crypto , protocols. Santa Barbara, CA, 1985, (8: ELK-83 WIL-86), pp. 477-488. El-Kateeb, A., and EVE-85a S. Al-Khayatt Even, S., and O. Goldreich Key Words: methods, theory. "Public-key Cryptosystems," "On the Power of Cascade Information Age (UK), Ciphers," ACM Trans, on FEI-88 Feige, U., A. Fiat, October 1983, pp. 232-237. Computer Systems , 1985, pp. 108-116. and A. Shamir Key Words: publi-key, "Zero-Knowledge Proofs of general. Key Words: evaluation, Identity," Journal of

methods. Cryptology , Vol. 1, No. 2. ESC-84 1988, pp. 77-94. Escobar, C.B. EVE-85b "Nongovenunental Cryptology Even, S., O. Goldreich, Key Words: authentication, and National Security: The and A. Lempel zero. Government Seeking to "A Randomized Protocol for Restrict Research," Signing Contracts," FEL-85 Fell. H., W.Diffie Computer/Law Journal. Communications of the ACM , and Winter 1984. pp. 573-603. June 1985. pp. 637-647. "Analysis of a Public-key Approach Based on Key Words: policy, research. Key Words: siagnatures, Polynomial Substitution," Proc. '85 random. Crypto , Santa Barbara, CA, 1985, (8: WIL-86), pp. 340-349.

Key Words: analysis, public- key.

8-11 FEL-87 GAL-85 GIR-88 Feldman, P. Galil, Z.. S. Haber, and Girault, M., R. Cohen, "A ftactical Scheme for M. Yung and M. Campana Non-Interactive Verifiable "Symmetric I*ublic-Key "A Generalized Birthday '85 Secret Sharing," Proc, 28th Encryption," Proc. Crypto . Attack," Proc. Eurocrypt '88 . IEEE Annual Symp. on the Santa Barbara, CA. 1985, (8: Davos, 1988. (8: GUN-89), pp. Foundation of Comp. WIL-86), pp. 128-137. 129-156.

Science . 1987, pp. 427-437. Key Words: public-key, Key Words: analysis, threat Key Words: methods, methods. protocols. GOD-85 GAL-85a Godlewski, P., and FIA-86 GaUl. Z., S. Haber, and G.D. Cohen Fiat, A., and A. Shamir M. Yimg "Some Cryptographic Aspects "How to Prove Yourself: "A Private Interactive Test of of Womcodes," Proc. Crypto Practical Solutions to a Boolean Predicate and '85. Sanu Barbara, CA, 1985, Identification and Signature Minimum-Knowledge Public- (8: WIL-86), pp. 458-467. Problems," Proc. Crypto '86, Key Cryptosystems," Proc. Santa Barbara, CA, 1986, (8: 26th IEEE Symposium on Key Words: methods, codes.

ODL-87). pp. 186-194. Foundations of Computing . 1985. pp. 360-371 GOL-82 Key Words: signatures, Goldwasser, S., S. Micali, methods. Key Words: evaluation, and A. Yao public-key. "On Signatures and ns-81 Authentication," Proc. Crypto Fischer, E. GEO-89 '82, Sanu Barbara, CA, 1982, "Measuring Cryptographic Georgia, G. (8: CHA-83b), pp. 211-215. Performance with Production "A Method to Strengthen Processes," Cryptologia, July Ciphers," Cryptologia, April Key Words: signatures, 1981, pp. 158-162. 1989, pp. 151. GOL-82a Key Words: evaluation, Key Words: methods, Goldwasser, S., and S. Micali methods. techniques. "ProbabiUstic Encryption and How to Play Mental Poker FOR-84 GER-82 Keeping Secret All Partial Fortune, S. Gersho. A. (Ed.) Information," Proceedings, 14th "Poker Protocols," Proc. Advances in Cryptology: A Annual ACM Symp. on '84 Crypto , Santa Barbara, Report on Crypto 81 . August Theory of Computing , May CA. 1984, (8: BLA-84a), pp. 1981. ECE RepL No. 82-02. 1982, pp. 365-377. 454-464. University of California, Santa Barbara, CA, August 20, Key Words: methods, Key Words: protocols, case. 1982. protocols.

FOS-82 Key Words: proceedings, GOL-82b Foster, C.C. methods. Goldwasser, S., S. Micali, and Cryptanalysis for P. Tong

Microcomputers . Hayden GIF-82 "How to Establish a Private Book Co., Rochelle Park, NJ, Gifford, D.K. Code on a Public Network," 1982. "Cryptographic Sealing for Proceedings. 23d Annual IEEE Information Security and Symposium on Foimdations of

Key Words: book, PC, Authentication," Computing , 1982, pp. 134-144.

methods. Communications of the ACM . April 1982. pp. 274-286. Key Words: methods, codes.

Key Words: authentication, methods.

8-12 GOL-83 GOL-85 GOL-87a Goldreich, O. Goldwasser. S.. S. Micali. Goldreich, O., and R. Vainish "A Simple Protocol for and R.L. Rivest "How to Solve a Protocol Signing Protocols," Proc. "A 'Paradoxical' Solution to Problem: An Efficiency '83 Crypto , Santa Barbara, the Signature Problem," Proc, Improvement," Proc Crypto '87 CA, 1983. (8: CHA-84b), pp. 25d Annual IEEE Symp.on , Santa Barbara, CA, 1987,

133-135. Found, of Comp. , 1984, pp. (8: POM-88), pp. 73-86 441-448. Key Words: signatures, Key Words: methods, protocols. Key Words: signatures, protocols. theory. GOL-83a GOL-89 Goldwasser, S., S. Micali, GOL-86 Goldwasser, S., et al. and A. Yao Goldreich, O. "Efficient Identification "Strong Signature Schems," 'Two Remarks Concerning Schemes Using Two Prover Proc. 15th Annual ACM the Goldwasser-Micali-Rivest Interactive Proofs." Proc. '89 Symp. on Theory of Comp. . Signature Scheme" Proc Crypto . Santa Barbara, '86 1983. pp. 431-439. Crypto , Santa Barbara, CA, (8: BRA-90). 1989. CA, 1986, (8: ODL-87), pp. Key Words: methods, 104-110. Key Words: authentication, signatures. methods. Key Words: analysis, GOL-84 signatures. GOO-84 Goldreich, O., S. Goldwasser, Goodman, R.M.F., and and S. Micali GOL-86a A.J. McAuley "On fhe Cryptographic Goldreich. O., S. Micali, "A New Trapdoor Knapsack Apphcations of Random and A. Wigderson Public-key Cryptosystem," '84 '84 Fimctions," Proc. Crypto , "How to Prove All NP Proc. Eurocrypt , Paris, Santa Barbara, CA, 1984, (8: Statements in Zero-Knowledge 1984, (8: BET-85), pp. 150- BLA-84a). pp. 276-288. and Methodology of 158. Cryptographic Protocol '86 Key Words: methods, Design," Proc. Crypto , Key Words: public-key, random. Santa Barbara, CA, 1986, (8: knapsack. ODL-87), pp. 171-185. GOL-84a GOR-81 Goldreich. O. Key Words: protocols, zero. Gordon, J.A. "On Concunent Identification 'Towards a Design for Protocols." Proc. Eurocrypt GOL-86b Cryptosecure Susbstitution ;84. Paris, 1984, (8: BET- Goldreich. O. Boxes," Proc. Crypto '81. 85). pp. 387-396. 'Toward a Theory of Santa Barbara, CA, 1981, (8: Software Protection." Proc. GER-82), pp. 53-63. '86 Key Words: methods, Crypto . Santa Barbara. protocols. CA. 1986. (8: ODL-87). pp. Key Words: methods, design. 426-439. GOL-84b GRO-84 Goldwasser. S.. and S. Micali Key Words: software, theory. Groscot, H. "Probabilistic Encryption," "Estimation of Some Journal of Comp. and System GOL-87 Encryption Functions Implemented into Smart Science , April 1984, pp. 270- Goldreich, O. '84 299. 'Towards a Theory of Cards," Proc. Eurocrypt , Software Protection and Paris, 1984, (8: BET-85), pp. Key Words: methods, theory. Simulation by ObUvious 470-479. RAMs," Proceedings, 19th ACM Symposium on Theory Key Words: analysis, methods.

of Computing , 1987, pp. 182- 194. GUA-87 Guam, P. Key Words: theory, software. "Cellular Automaton Public Key Cryptosystem," Complex

Systems , 1987, pp. 51-56.

Key Words: methods, case.

8-13 GUI-88 HAR-84 HEN-81 Guillou, L.C., and Harari, S. Henry, P.S.

J. Quisquater "Non-Linear Non- "Fast Encryption Algorithm for "A Practical Zero-Knowledge Conunutative Functions for the Knapsack Cryptographic Protocol Fitted to Security Data Integrity," Proc. System," Bell System '84 Microprocessor Minimizing Eurocrypt . Paris, 1984, (8: Technical Journal , May-June Both Transmission and BET-85), pp. 25-32. 1981, pp. 767-773. Memory," Proc. Eurocrypt ^88. Davos, 1988, (8: GUN- Key Words: integrity, theory. Key Words: algorithm, 89). pp. 123-128. knapsack. HAR-89 Key Words: design protocols, Ham, L., and T. Keisler HEP-86 zero. 'Two New Efficient Hepshey, J.E., R.K. Yarlanda Cryptosystems Based on Data Encryption and

GUI-89 Rabin's Scheme: Alternatives Protection . Plenum Press, New Guillou, L., et al. to the RSA Cryptosystem," York. 1986. "Public-Key Techniques: Proc. 5th Security Applicat.

Randomness and Conf. . (4: IEE-89c), 1989, pp. Key Words: book, general.

Redundancy," Cryptologia, 254-262. April 1989, pp. 167. HER-83 Key Words: methods, public- Herlestam, T. Key Words: public-key, key. "On the Complexity of Certain random Crypto Generators," Proc. '83 HEL-80 IFIP/Sec. . Stockholm. GUN-88 Hellman. M.E. 1983, (2: FAK-83), pp. 305- Gunther, C.G. "A Cryptoanalytic Time- 308. "A Universal Algorithm for Memory Tradeoff." IEEE

Homophonic Coding," Proc. Trans, on Inform. Theory , Key Words: complexity, '88 Eurocrypt , Davos, 1988, July 1980, pp. 40M06. methods. (8: GUN-89), pp. 405-414. Key Words: analysis, design. HUA-88 Key Words: algorithms, Huang. Y.J., and F. Cohen coding. HEL-81 "Some Weak Points of One "On the Necessity of Fast Cryptographic Checksum GUN-89 Cryptoanalytic Exhaustive Algorithm and Its '81 Gunther, C.G. Search." Proc. Crypto , Improvement," Computers &

Advances in Cryptology: Santa Barbara, CA, 1981, (8: Security , October 1988, pp. Eurocrypt '88 Proceedings, GER-82). pp. 1-5. 503-505. Davos, Switzerland, May 1988, Lecture Notes in Key Words: analysis, Key Words: vulnerabilities, Comp. Science No. 330, methods. algorithms, check-sum. Springer- Verlag, New York, 1989. HEL-82 IMP-87 Hellman, M.E., and Impagliazzo, R., Key Words: proceedings, J.M. Reyneri and M. Yimg general. "Distribution of Drainage in "Direct Minimum-Knowledge DES," Proc. Crypto '82. Santa Computations," Proc. Crypto '87 HAR-83 Barbara, CA. 1982, (8: CHA- , Santa Barbara, CA, 1987, Harari, S. 83b), pp. 129-131. (8: POM-88). pp. 40-51 "Secret Sharing Systems in Digital Communications," in Key Words: DES, design, Key Words: methods, zero. Longo, G. (Ed.), Secure methods.

Digital Systems , Springer, Wien, 1983, pp. 105-110.

Key Words: techniques, design.

8-14 ING-81 JAN-87 JUE-83 Ingemaisson, I., and Jansen, C.J.A., and Jueneman, R.R., C.K. Wong D.E. Boekee S.M. Matyas, and "A UsCT Authentication "Modes of Block Cipher C.H. Meyer, Scheme for Shared Data Algorithms and Their "Authentication with Based on a Trap-Door One- Protection Against Active Manipulation Detection Way Function," Information Eavesdropper," Proc. Codes," Proc. 1983 IEEE '87, Processing Letters , April 13, Eurocrypt Amsterdam, Symp. Sec. & Priv. , (5: lEE- 1981, pp. 63-67. 1987, (8: CHA-88a), pp. 281- 83a), pp. 33-54. 286. Key Words: authentication, Key Words: authentication, trap-door, methods. Key Words: therats, methods, codes. algorithms. ING-82 JUE-86

Ingemarsson, I., D.T. Tang, JIN-88 Juenemam, R.R. and C.K. Wong Jingmin, H., and L. Kaicheng "A High Speed Manipulation "A Conference Key "A New ProbabiUstic Detection Code," Proc. Crypto '86 Distribution System" IEEE Encryption Scheme," Proc. , Santa Barbara, CA, 1986, '88 Trans, on Inform. Theory , Eurocrypt , Davos, 1988, (8: ODL-87), pp. 327-346. 1982, pp. 714-720. (8: GUN-89), pp. 413-418. Key Words: methods, codes, Key Words: methods, keys, Key Words: methods, design. threats. case. JOR-81 JUR-83 JAM-86 Jordan, J.P. Jurgensen. H., and James, N.S., R. Lidl, and "A Variant of a Public-key D.E. Matthews H. Niederreiter Cryptosystem Based on Goppa "Some Results on the "Breaking the Cade Cipher," Codes," Proc. Crypto '81, Information Theoretic Analyses '86 Proc. Crypto , Santa Santa Barbara, CA, 1981, (8: of Cryptosystems," Proc. '83 Barbara, CA, 1986, (8: ODL- GER-82). pp. 25-30. Crypto , Santa Barbara, 87), pp. 60-63. CA, 1983, (8: CHA-84b), pp. Key Words: methods, public- 303-356. Key Words: analysis, case. key. Key Words: analysis, theory, JAM-88 JOR-87 design. Jamnig, P. Jorissen, P., J. Vandewalle, "Securing the RSA- and R. Govaerts KAH-80 Cryptosystem Against "Extension of Brickell's Kahn, D. Cycling Attacks," Algorithm for Breaking High "Cryptography Goes Public," Cryptologia, July 1988, pp. Density Knapsacks," Proc. IEEE Communications '87 159-164. Eurocrypt , Amsterdam, Magazine , March 1980, pp. 1987. (8: CHA-88a), pp. 109- 19-28. Key Words: RSA, analysis, 115. threats. Key Words: public -key, Key Words: analysis, general. JAN-82 algorithms. Janardan, R., and KAH-82 K.B. Lakshmanan JUE-82 Kahn. D. "A Public-Key Cryptosystem Jueneman, R.R. "The Grand Lines of Based on the Matrix Cover "Analysis of Certain Aspects Cryptology's Development,"

NP-Complete Problem," Proc. of Output Feedback Mode," Computers & Security , '82 245-248. Crypto '82 , Santa Barbara, Proc. Crypto . Santa November 1982, pp. CA, 1982, (8: CHA-83b). pp. Barbara, CA, 1982, (8: CHA- 21-37. 83b), pp. 99-127. Key Words: methods, general.

Key Words: public-key, Key Words: DES, analysis, KAH-84 methods. design. Kahn, D.

Kahn on Codes , Macmillan, New York, 1984.

Key Words: book, general.

8-15 KAH-84a KAR-83 KON-81 Kahn. D. Kamin, E.D., et al. Konheim, A.G. the Origins "Cryptology and "On Secret Sharing Systems," - Cryptography A Primer. J. of Spread Spectrum," IEEE Trans, IEEE on Inform. Wiley & Sons, New York.

September 1984, . Spectrum , Theory 1983, pp. 35-41. 1981. pp. 70-80

Key Words: methods, general. Key Words: book, general. Key Words: methods, general. KAR-84 KON-84 Kamin, E.D. Konheim, A.G. KAK-83 "A Parallel Algorithm for the "Cryptanalysis of ADFGVX Kak, S.C. Knapsack Problem," IEEE Encryption Systems," Proc.

"Joint Encryption and Error Trans, on Computers . '84 May Crypto . Santa Barbara, Correction," Proc. 1983 IEEE 1984, 404-408. pp. CA, 1984, (8: BLA-84a), pp. Symp. Sec. & Privacy , (5: 339-341. IEE-83a), pp. 55-60. Key Words: algorithm, knapsack. Key Words: analysis, method, Key Words: methods, codes. case. KES-88 KAK-84 Kesim, S.N. KOT-84 Kak, S.C. "Encryption: Security with Kothari, S.C. "On the Method of Puzzles Ciphers," Security "Generalized Linear Threshold for Key Distribution," Management. October 1988, '84 Scheme," Proc. Crypto . 45-47. Intemat. Journal of Computer pp. Santa Barbara, CA, 1984, (8: and Information Science , BLA-84a), pp. 231-241. April 1984. pp. 103-109. Key Words: methods, general. Key Words: methods, theory. Key Words: methods, keys. KOB-87 KobUtz, N. KOY-87 KAL-84 A Course in NumbCT Theory Koyama, K., and K. OhU

Kahski, B.S. and Cryptography , Springer, 'Identity-Based Conference "Wyner's Analog Encryption New York, 1987. Key Distribution Systems," '87 Scheme: Results of a Proc. Crypto , Sanu Simulation," Proc. Crypto Key Words: book, general. Barbara, CA, 1987. (8: POM- •84 , Santa Barbara, CA, 88). pp. 175-184. 1984, (8: BLA-84a). pp. 83- KOB-87a 94. Kobhtz, N. Key Words: methods, keys. "Elliptic Curve Key Words: Cryptosystems," Mathematics KOY-88 of Computation, 1987, pp. Koyama, K., and K. Ohta KAL-85 203-209. "Security of Improved Identity- Kaliski. B.S., Jr., R.L. Rivest, Based Key Distribution

and A.T. Sherman Key Words: methods, theory. System," Proc. Eurocrypt-87 , "Is the Data Encryption pp. 11-19. Standard a Group?," Joumal KOB-89

of Cryptology , Vol. 1, No. 1, KobUtz, N. Key Words: methods, keys. 1988, pp. 3-36. "Hyperelliptic Cryptosystem,"

Joumal of Cryptology , Vol. 1, KRA-86 Key Words: DES, design, No. 3, 1989, pp. 139-150. Kranakis, E.

theory. Primality and Cryptography , Key Words: methods, theory. Wiley, New York, 1986. KAL-85a Kaliski, B.S. Jr, R.L. Rivest KON-80 Key Words: book, general. and A.T. Sherman Konheim, A.G., et al. "Is DES a Pure Cipher?," "The IPS Cryptographic '85 Proc. Crypto , Santa Programs," IBM Systems

Barbara, CA, 1985, (8: WIL- Joumal . Vol. 19. No. 2, 1980, 86), pp. 212-226. pp. 153-283.

Key Words: DES, design, Key Words: methods, theory. software.

8-16 KUR-88 LEE-88 LID-83 Kurosawa, K., T. Ito, and Lee, P.J., and E.F. BrickeU Lidl, R., and W.B. MuUer M. Takeuchi "An Observation on the "Permutation Polynomials in "Public Key Cryptosystem Security of McElice's Public- RSA Cryptosystems," Proc. '83 Using a Reciprocal Number Key Cryptosystem, Proc. Crypto , Santa Barbara, Intractability '88 with the Same Eurocrypt , Davos, 1988 CA, 1983, (8: CHA-84b), pp. as Factoring a Large (8: GUN-89), pp. 275-280. 293-301. Number," Cryptologia, October 1988, pp. 225-233. Key Words: analysis, public- Key Words: RSA, methods, key. theory. Key Words: methods, public- key. LEI-84 LID-84 Leighton, A.C., and Lidl, R. LAG-83 S.M. Matyas "On Cryptosystems Based on Lagarias, J.C. "The History of Book Polynomials and Finite Fields," '84 '84 "Knapsack Public Key Ciphers," Proc. Crypto , Proc. Eurocrypt , Paris, Cryptosystems and Santa Barbara, CA, 1984, (8: 1984, (8: BET-85), pp. 10-15. Diophantine Approximations," BLA-84a), pp. 101-113. '83 Proc. Crypto , Santa Key Words: methods, theory. Barbara, CA, 1983, (8: CHA- Key Words: methods, general. 84b), pp. 4-23. LON-82 LEN-81 Longpre. L. Key Words: public-key, Lennon. R.E.. et al. "The Use of Public-Key knapsack. "Cryptographic Authentication Cryptography for Signing '82 of Time-Invariant Quantities," Checks," Proc. Crypto , LAI-89 IEEE Trans, on Santa Barbara, CA, 1982, (8: Laih, C.-S.. et al. Communications, June 1981, CHA-83b), pp. 187-197. "Linearly Shift Knapsack pp. 773-777. Public Key Cryptosystem," Key Words: signatures, pubUc- IEEE Journal on Selected Key Words: authentication. key.

Areas in Communications , May 1989, pp. 534-539. LEU-84 LUB-87 Leung, A.K. Luby, M., and C. Rackoff Key Words: methods, "Sequenec Complexity as a "A Study of Password '87 knapsack. Test for Cryptographic Security," Proc. Crypto , '84 Systems," Proc. Crypto , Santa Barbara, CA, 1987, (8: LAK-83 Santa Barbara, CA, 1984, (8: POM-88), pp. 392-397. Laksmivarahan, S. BLA-84a), pp. 468-474. "Algorithms for Public -Key Key Words: methods, general. Cryptosystems: Theory and Key Words: methods, AppUcations," in M. Yovits, complexity. MAD-84 (Ed.), Advances in Madryga, W.E. "A High Performance Computers . Vol. 22, LEV-85 Academic Press, New York, Levin, L. Encryption Algorithm," Proc. '84 Toronto, 1983, pp. 45-108. "One-Way Functions and IHP/Sec. , 1984, Pseudo-random Generators," (2: FIN-85), pp. 557-570. Key Words: public-key, Proc. 17th Annual ACM methods. Symp. on Theory of Key Words: methods, algorithm. Computing , 1985, pp. 363- LAM-81 365. Lamport, L. MAG-89 "Pasword Authentication with Key Words: Methods, one- MagUveras, S.S., and Insecure Communications," way, N.D. Memon Communications of the "Algebraic Properties of the PGM Cryptosystem" Proc. ACM . November 1981, pp. LEV-87 '89 770-772. Levine, J., and R. Chandler Crypto , Santa Barbara, "Some Further AppUcations of CA. 1989 (8: BRA-89). Key Words: authentication. Permutation Polynomials," Cryptologia, October 1987, Key Words: methods, theory, pp. 211-218. case.

Key Words: methods, theory.

8-17 MAS -84 MCE-81 MEI-89 Massey, J.L., and McElicie, R.J., and Meier, W., and R.A. Rueppel D.V. Sarwate O. Staffelbach "Linear Ciphers and Random "On Sharing Secrets and "Fast Correlation Attacks on Sequence Generators with Reed-Solomon Codes," Certain Stream Ciphers,"

Multiple Clocks," Proc. Communications of the ACM, Journal of Cryptology, Vol. 1, '84 Eurocrypt . Paris, 1984, September 1981, pp. 583-584. No. 3, 1989, pp. 159-176. (8: BET-85), pp. 74-87. Key Words: theory, codes. Key Words: analysis, methods. Key Words: methods, design. MEA-87 MER-80 MAS-88 Meadows, C, and Merkle, R.C. Massey, J.L. D. Mutchler "Protocols for Public Key "An Introduction to "Matching Secrets in the Cryptosystems." Proc. 1980

Contemporary Cryptology," Absence of a Continuously IEEE Symp. Sec. & Privacy,

Proceedings of the IEEE , Available Trusted Authority," (5: IEE-80). pp. 122-134. May 1988, pp. 533-549. IEEE Trans, on Software

Engr. . February 1987, pp. Key Words: protocols, pubUc- Key Words: metliods, theory, 289-292. key. general. Key Words: methods, MER-81 MAT-86 protocols. Merkle, R.C. Matyas, S.M. "On the Security of Multiple "Public Key Registration," MEA-88 ," Communications '86 Proc. Crypto , Santa Meadows, C, of the ACM, July 1981, pp. Barbara, CA, 1986, (8: ODL- "Some Threshold Schemes 465-467. 87), pp. 451-458. Without Central Key Distribution," Proc. Crypto Key Words: analysis, methods. '88 Key Words: methods, public- . Santa Barbara, CA, 1988 key. (8: GOL-89b). MER-82 Merritt, M. MAT-88 Key Words: methods, keys. "Key Reconstruction," Proc. '82 Matsumoto, T., and H. Imai Crypto , Santa Barbara, "Public Quadratic MEI-82 CA, 1982, (8: CHA-83b), pp. Polynomial-Tuples for Meijer, H., and S. Akl 321-375. Efficient Signature "Digital Signature Schemes," Verification and Message Cryptologia, October 1982, Key Words: methods, keys, Encryption," Proc. Eurocrypt pp. 329-338 design. 'Ji, Davos, 1988, (8: GUN- 89), pp. 419-453. Key Words: methods, MER-82a signatures. Merkle. R.C. Key Words: methods, Security, Authentication, and

signatures. MEI-85 Public-Key Systems , University Meijer, H., and S. Akl of Michigan Press, Ann Arbor, MCC-88 'Two New Secret Key MI, 1982. McCurley, K.S. Cryptosystems," Proc. '85 "A Key Distribution System Eurocrypt . Linz, 1985, (8: Key Words: book, public-key. Equivalent to Factoring," PIC-86). pp. 96-102.

Journal of Cryptology . Vol. MER-87 1, No. 2. 1988, pp. 95-105. Key Words: methods, Merkle, R.C. algorithms. "A Digital Signature Based on Key Words: methods, keys, a Conventional Encryption '87 case. MEI-88 Fimction," Proc. Crypto , Meier. W., and Santa Barbara, CA, 1987, (8: O. Staffelbach POM-88), pp. 369-378. "Fast Correlation Attacks on Stream Ciphers," Proc. Key Words: methods, '88 Eurocrypt , Davos, 1988, signatures. (8: GUN-89), pp. 301-314.

Key Words: analysis, methods.

8-18 MER-89 MOO-85 NIE-85 Merkle. R.C. Moore, T.E., and S.E. Tavares Niederreiter, H. "A Certified Digital "A Layered Approach to the "A Public-Key Cryptosystem '89 Signature," Proc. Crypto . Design of Private Key Based on Shift Register Santa Barbara, CA, 1989, (8: Cryptosystems," Proc. Crypto Sequences," Proc. Eurocrypt •85 BRA-89). , Santa Barbara, CA. 1985, ^85, Linz, 1985, (8: PIC-86). (8: WrL-86), pp. 227-245. pp. 35-39. Key Words: signatures, case. Key Words: methods, design, Key Words: methods, public- MER-89a case. key. Merkle, R.C. "One Way Hash Functions MOO-86 OCO-87 and the DES." Proc. Crypto Moore, J.H., and O'Connor, L.J. and •89 , Santa Barbara, CA, G.J. Simmons J. Seberry 1989. (8: BRA-89). "Cycle Structures of the DES The Cryptographic Significance

with Weak and Semiweak of the Knapsack Problem , '86 Key Words: DES, methods, Keys," Proc. Crypto , Aegean Park Press, Laguna design. Santa Barbara, CA, 1986, (8: HUls, CA, 1987. ODL-87), pp. 187-205. MEY-82 Key Words: book, knapsack, Meyer, C.H., and Key Words: DES, analysis, analysis, theory. SM. Matyas design. Cryptography - A New ODL-84 Dimension in Computer Data MOO-87 Odlyzko, A.M.

Sectirity , J. Wiley & Sons, Moore, J.H., and "Cryptanalytic Attacks on the New York, 1982. G.J. Simmons Multiplicative Knapsack "Cycle Structure of the DES Cryptosystem and on Shamir's Key Words: book, general, for Keys Having Palindromic Fast Signature System, IEEE

theory, methods, keys. (or Anti-palindromic) Trans, on Inform. Theory , July Sequences of Keys," IEEE 1984, pp. 594-601. MIC-86 Trans, of Software Engr., Micali, S., et al. February 1987, pp. 262-273. Key Words: analysis, "The Notion of Security for knapsack, signatures. Probabilistic Cryptosystems," Key Words: DES, analysis, '86 Proc. Crypto , Santa design. ODL-84a Barbara, CA, 1986. (8: ODL- Odlyzko, A.M. 87), pp. 381-392. MOR-81 "Discrete Logarithms in Finite Morrison, D.R. Fields and Their Cryptographic Key Words: methods, theory. "Subtractive Encryptors - Significance," Proc. Eurocrypt Alternatives to the DES," ^84. Paris, 1984, (8: BET-85), '81 MIC-89 Proc. Crypto , Santa pp. 225-314. Micali. S. Barbara, CA. 1981. (8: GER- "Digital Signatures: The 82). pp. 42-52. Key Words: methods, theory. Evolution of a Fundamental '89 Primitive." Proc. Crypto , Key Words: DES. methods, ODL-87 Santa Barbara. CA. 1989. (8: case. Odlyzko, A.M., (Ed.)

BRA-89). Advances in Cryptology , '86 MUL-84 Proceedings of Crypto . Key Words: signatures, Mullin. A.A. Santa Barbara, CA, August theory. "A Note on the Mathematics 1988. Lecture Notes in of Public-Key Cryptosystems," Computer Science No. 263. Springer- MIL-85 Computers & Security , Verlag. New York. MiUer, V.S. February 1984, pp. 45-47. 1987. "Use of Elliptic Curves in Cryptography," Proc. Crypto Key Words: public-key, Key Words: proceedings, '85 general. . Santa Barbara, CA. theory. 1985. (8: WIL-86). pp. 415- 426.

Key Words: methods, theory.

8-19 OKA-85 OKA-88a Pn-87 Okamoto, T., and Okamoto, T. Pfitzmann and M. Waidner A. Shiraishi "A Digital Multisignature 'T*Jetworks Without User "A Fast Signature Scheme Scheme Using Bijective Observability." Computers &

Based on Quadratic PublicKey Cryptosystems," Security . April 1987. pp. 158- Inequalities," Proc. 1985 ACM Trans, on Computer 166.

IEEE Symp. Sec. & Privacy , Systems , November 1988, pp. 1985, (5: IEE-85). pp. 123- 432-441. Key Words: methods, case. 133. Key Words: methods, PIC-86 Key Words: methods, signatures. Pichler. F. (Ed.) signatures. Advances in Cryptology: '85 OKA-89 Proceedings of Eurocrypt . OKA-85a Okamoto, E., and K. Ohta Linz, Austria, April 1985. Okamoto, E., and "Disposable Zero-Knowledge Lecture Notes in Comp. K. Nakamura Authentications and Their Science. No. 219, Springer- "Lifetimes of Keys in Application to Untraceable Veriag, New York, 1986. Cryptographic Key Electronic Cash," Proc. Crypto '89 Management Systems," Proc. . Santa Barbara, CA, 1989 Key Words: proceedings, '85 Crypto , Santa Barbara, (8: BRA-89). general. CA, 1985, (8: WIL-86), pp. 246-259. Key Words: methods, zero, PIE-84 design. Pieprzyk, J.P. Key Words: keys, "Algebraical Structures of management. ONG-83 Cryptographic Ong. H., and CP. Schorr Transformations." Proc. OKA-86 "Signatures through Eurocrypt '84. Paris, 1984, (8: Okamoto, E. Approximate Representations BET-85), pp. 16-24. "Proposal for Identity-Based by Quadratic Forms." Proc. '83 Key Distribution Systems," Crypto . Santa Barbara, Key Words: algorithms, theory.

Electronics Letters , Nov. 20, CA. 1983. (8: CHA-84b). pp. 1986, pp. 1283-1284. 117-132. PIE-85 Pieprzyk, J.P. Key Words: methods, keys. Key Words: methods, "On PubUc-Key Cryptosystems signatures. Built Using Polynomial '85 OKA-87 Rings." Proc. Eurocrypt , Okamoto, E. ONG-84 Linz, 1985, (8: PIC-86), pp. "Key Distribution Systems Ong, H., C. Schnorr, 73-78. Based on Identification and A. Shamir Information," Proc. Crypto "Efficient Signature Schemes Key Words: methods, public- '87 , Santa Barbara, CA, Based on Polynomial key. '84 1987, (8: POM-88), pp. 194- Equations," Proc. Crypto , 202. Santa Barbara, CA, 1984, (8: PIE-85a BLA-84a), pp. 37-46. Pieprzyk, J.P.. D.A. Rutowski Key Words: keys, "Modular Design of management. Key Words: methods, Information Encipherment for signatures. Computer Systems." Computers

OKA-88 & Security , September 1985, Okamoto, E. PAT-87 pp. 211-218. "Substantial Number of Patterson, W. Cryptographic Keys and Its Mathematical Cryptology for Key Words: methods, design. Application to Encryption Computer Scientists and

'88 «fe Design," Proc. Eurocrypt , Mathematicians , Rowman

Davos, 1988, (8: GUN-89), Littlefield, Totowa, NJ. 1987. pp. 361-373 Key Words: book, theory. Key Words: methods, keys, design.

8-20 PIE-85b POM-88 QUI-87 Pieprzyk, J.P., Pomerance, C, (Ed.) Quisquater. J.-J. DA. Rutkowski Advances in Cryptology: "Secret Distribution of Keys '87 "Design of Public Key Proceedings of Crypto , for Public-Key Systems," Proc. '87 Cryptosystems Using Santa Barbara. CA. August Crypto . Santa Barbara, Idempotent Elements," 1988. Lecture Notes in CA, 1987, (8: POM-88), pp.

Computers & Security . Computer Science No. 293. 203-208. December 1985, pp. 297-308. Springer. New York. 1988. Key Words: public -key, keys. Key Words: design, public- Key Words: proceedings, key. general. QUI-89 Quisquater, J., and PIP-89 POR-84 J. Delescaille Piper, F., and M. Walker Porter. S. "How Easy Is Collision "Linear Ciphers and "Cryptology and Nimiber Search? New Results and Spreads," Journal of Sequences: Pseudorandom, Applications to DES," Proc. '89 Cryptology , Vol. 1, No. 3, Random, and Perfectly Crypto , Santa Barbara, 1989. pp. 185-188. Random," Computers & CA, 1989 (8: BRA-89).

Security . February 1984. pp. Key Words: methods, theory. 43-44. Key Words: DES, methods, design. POE-85 Key Words: algorithms, Poet, R. theory. QUI-89a "The Design of Special- Quisquater, J.-J., and K.Vedder Purpose Hardware to Factor PRE-89 "A Signature with Shared Large Integers," Computer Preneel. B.. et al. Verification Scheme," Proc. '89 Physics Communications , "A Chosen Text Attack on the Crypto , Santa Barbara, 1985, pp. 337-341. Modified Cryptographic CA. 1989 (8: BRA-89). Checksum Algorithm of Key Words: analysis, Cohen and Huang," Proc. Key Words: verification, '89 hardware. Crypto , Santa Barbara. signature. CA. 1989. (8: BRA-89). POM-83 QUI-89b Pomerance, C, et al., Key Words: analysis, Quisquater, J.-J., (Ed.) "New Ideas for Factoring checksum. Advances in Cryptology:

Large Integers," Proc. Crypto Proceedings of Eurocrypt-89 , '83 10- . Santa Barbara, CA, PRO-84 Houthalen, Belgium, April 1983, (8: CHA-84b), pp. 81- Proctor, N. 13, 1989, Lecture Notes in 86. "A Self-Synchronizing Computer Science, Springer- Cascaded Cipher System with Veriag, New York, 1989. Key Words: analysis, Dynamic Control of Error algorithms. Propagation," Proc. Crypto Key Words: proceedings,

'84 , Santa Barbara, CA, 1984, gneral. POM-85 (8: BLA-84a), pp. 174-190. Pomerance, C. RAO-84 "The Quadratic Sieve Key Words: methods, design. Rao, T.R.N. Factoring Algorithm," Proc. "Joint Encryption and Error '84 Correction Schemes," Proc., Eurocrypt . Paris. (8: QUI-85 BET-85). pp. 169-182. Quisquater, J.-J., Y. Desmedt, 11th Intern. Symp. on Comp. and M. Davio Arch., May 1984. Key Words: analysis, 'The Importance of 'Good' algorithms. Key Scheduling Schemes Key Words: methods, codes. (How to Make a Secure DES Scheme with <48-Bit RAO-86 '85 Keys>?)," Proc. Crypto . Rao, T.R.N., and K.-H. Nam Santa Barbara, CA, 1985, (8: "Private-Key Algebraic-Coded WIL-86), pp. 537-542. Cryptosystems," Proc. Crypto

'86 . Santa Barbara, CA, 1986, Key Words: DES. methods, (8: ODL-87), pp. 35-48. design. Key Words: methods, codes.

8-21 RAO-87 RIV-84 SAL-88 Rao. T.R.N. Rivest, R.L.. and A. Shamir Salomaa, A. "On Struik-Tilburg "How to Expose an "A Public-Key Cryptosystem Cryptanalysis of Rao-Nam Eavesdropper," Based on Language Theory," '87 Scheme," Proc. Crypto . Communications of the ACM . Computers & Security . Santa Barbara, CA. 1987. (8: April 1984. pp. 393-395. February 1988. pp. 83-87. POM-88). pp. 458-461. Key Words: analysis, threat, Key Words: methods, theory. Key Words: analysis, methods. methods, case. SCH-84 RUB-81 Schnorr, CP., and W. Alexi

RAO-89 Rubin. F. "RSA-bits are 0.5 -i- e Secure," '84 Rao. T.R.N.. and K.H. Nam "Decrypting a Stream Cipher Proc. Eurocrypt , Paris, "Private-Key Algebraic-Code Based on J-K FHp-Flops." 1984. (8: BET-85). pp. 113- Encryptions," IEEE Trans, on Cryptologia, January 1981. pp. 126.

Inform. Theory, July 1989, 51-57. pp. 829-833. Key Words: RSA. analysis, Key Words: analysis, theory. Key Words: methods, codes. methods. SEB-89

REE-84 RUB-87 Seberry, J., and J. Pieprzyk Reeds, J.A., and Rubin. F. Cryptography: An Introduction

J. Manferdelli "Foiling an Exhaustive Key- to Computer Security , Prentice-

"DES Has No Per Round Search Attack." Cryptologia. Hall, New York, 1989 Linear Factors," Proc. Crypto April 1987. pp. 102-107 '84 , Santa Barbara, CA, Key Words: book, general. 1984, (8: BLA-84a), pp. 377- Key Words: analysis, 389 methods. SGA-83 Sgarro, A. Key Words: DES. analysis, RUE-86 "Error Probabilities for Simple design. Rueppel. R. Substitution Ciphers," IEEE

Analysis and Design of Trans, on Inform. Theory .

Rrr-81 Stream Ciphers , Springer 1983. pp. 190-198. Ritts, R.R. Verlag, New York, 1986. "Data Encryption Basics and Key Words: methods, analysis, the Cipher Feedback Key Words: book, analysis, theory. Method," design.

Telecommunications , Jxme SGA-84 1981, pp. 39-44. RUE-88 Sgarro,A. Rueppel, R. "Equivocations for Key Words: methods, theory. "Key Agreements Based on Homophonic Ciphers," Proc. '84 Function Composition." Proc. Eurocrypt , Paris, 1984, (8: '88 RIV-82 Eurocrypt . Davos, 1988, BET-85), pp. 51-61. Rivest, R.L.. ar d (8: GUN-89), pp. 3-10. A.T. Sherman Key Words: methods, theory. "Randomized Encryption Key Words: methods, keys. '82 Technique." Proc. Crypto , SHA-80 Santa Barbara. CA. 1982. (8: RUG-84 Shamir, A. CHA-83b). pp. 145-163. Ruggiu, G. "The Cryptographic Security of "Cryptology and Complexity Compact Knapsacks," Proc. Key Words: methods, design, Theories," Proc. Eurocrypt 1980 IEEE Symp. Sec. &

random. 'S4, Paris, 1984, (8: BET-85), Privacy . (5: IEE-80), pp. 94-98 pp. 3-9. Key Words: analysis, Key Words: methods, knapsack. complexity.

8-22 SHA-80 SIE-84 SIM -82 Shamir, A.„and R E. Zippel Siegenthaler, T. Simmons, G.J., and "On the Security of the "Correlation-Immunity of D. Holdridge Merkle-Hellman Nonlinear Combining "Forward Search as a Cryptographic Systems," Functions for Cryptographic Cryptanalytic Tool Against IEEE Trans, on Inform. Applications," IEEE Trans, of Public Key Privacy Channel,"

Theory , May 1980, pp. 339- Inform. Theory , September Proc. 1982 IEEE Symp. Sec.

340. 1984, pp. 776-780. & Privacy , (5: IEE-82), pp. 117-128. Key Words: analysis, Key Words: algorithms, knapsack. theory. Key Words: analysis, public- key. SHA-81 SIF,-85 Shamir, A., R.L. Rivest, Siegenthaler, T. SIM-82a and L. Adleman "Decrypting a Class of Sream Simmons, G.J. "Mental Poker," in Klamer, Ciphers Using Ciphertext "A Game Theory Model of D.E. (Ed). Mathematical Only," IEEE Trans, on Digital Message

Gardner , Wadsworth, NY, Computers , January 1985, pp. Authentication," Congressus

1981, pp. 37-43. 81-85. Numerantium , 1982, pp. 413- 424. Key Words: methods, Key Words: analysis, protocols. methods. Key Words: authentication, models. SHA-83 SIM-80 Shamir, A. Simmons, G.J. SIM-83 "On Generation of "Secure Communications in Simmons, G.J. Computationally Strong the Presence of Pervasive "The Prisoners' Problem and Pseudo-'^andom Sequences," Deceit," Proc. 1980 IEEE the Subliminal Channel," Proc. '83 ACM Trans, on Computer Symp. Sec. & Privacy , (5: Crypto , Santa Barbara, 38- Systems , May 1983, pp. IEE-80), pp. 84-93. CA, 1983, (8: CHA-84b), pp. 44. 51-67. Key Words: therats, methods. Key Words: algorithms, Key Words: analysis, methods. random. SIM-81 Simmons, G.J. SIM-83a SHA-84 "A System for Point-of-Sale Simmons, G.J. Shamir, A. or Access, User Authntication "Verification of Treaty "A Polynomial-Time and Identification," Proc. Compliance Revisited," Proc. '81 Algorithm for Breaking the Crypto , Santa Barbara, 1983 IEEE Symp. Sec. & 61- Basic Merkle-Hellman CA, 1981, (8: GER-82). pp. Privacy . (5: IEE-83a), pp. Cryptosystem," IEEE Trans, 31-37. 66.

of Liform. Theory , September 1984, pp. 525-530. Key Words: authentication. Key Words: verification, methods. Key Words: analysis, SIM-81 a algorithm, knapsack. Simmons, G.J. SIM-84 "Half a Loaf Is Better than Simmons, G.J. SHA-84a None: Some Novel Message "Authentication Theory/Coding '84 Shamir, A. Integrity Problems," Proc. Theory," Proc. Crypto , 'Identity-Based 1981 IEEE Symp. Sec. & Santa Barbara, CA, 1984, (8: 65- 411-431. Cryptosystems and Signature Privacy , (5: IEE-81), pp. BLA-84a), pp. '84 Schemes," Proc. Crypto , 69. Santa Barbara, CA. 1984, (8: Key Words: authentication, BLA-84a), pp. 45-53. Key Words: authentication. codes, theory.

Key Words: methods, signatures.

8-23 SIM-84a SIM-87a SIM-89a Simmons, GJ. Simmons. G.J. Simmons, G.J. "The Subliminal Channel and "A Natural Taxonomy for "A Protocol to Provide Digital Signatures," Proc. Digital Information Verifiable Proof of Identity '84 Eurocrypt , Paris. 1984. Authentication Schemes." and Unforgeable Transaction '87 (8: BET-85). pp. 364-378. Proc. Crypto . Santa Receipts," IEEE J. Selected Barbara, CA. 1987. (8: POM- Areas in Comm., May 1989, Key Words: theory, 88). pp. 269-288 pp. 435447. ^ signaturtes Key Words: authentication, Key Words: methods, SIM -84b theory. protocols. Simmons. G.J. "Message Authentication: A SIM-88 SLO-82 Game on Hypergraj^." Sinunons. G.J. Sloane, N.Jj\.

Congressus Numerantium , "Authentication Codes that "Error-Correcting Codes and 1984, pp. 161-192. Permit Arbitration," Cryptology, Part 1,"

Congessus Numerantium. Cryptologia, April 1982, pp. Key Words: models, March 1988. pp. 275-290. 128-153. authentication. Key Words: authentication, Key Words: methods, codes. SIM-85 codes. Simmons, G.J. SLO-82a "A Secure SubUminal SIM -88a Sloane, N.JA. Channel (?)" Proc. Crypto Simmons, G.J. "Error-Correcting Codes and '85 2," , Santa Barbara, CA, "How to (Really) Share a Cryptology, Part '88 Cryptologia, July 1985, (8: WIL-86), pp. 33- Secret," Proc. Crypto , 1982, pp. 41. Santa Barbara, CA, 1988 (8: 258-278. GOL-89b). Key Words: methods, theory. Key Words: methods, codes. Key Words: methods, SIM-85a protocols. SME-84 Simmons, G.J. Smeets, B.J.M. "How to (Selectively) SIM-88b "On the Use of the Binary Broadcast a Secret," Proc. Simmons. G.J.. and Multiplying Channel in a 1985 IEEE Symp. Sec. & G.B. Purdy Private Communication Proofs of Channel," Proc. Eurocrypt '84, Privacy . (5: IEE-85), pp. "Zero-Knowledge 108-113. Identity and Veracity of Paris, 1984, (8: BET-85), 339- Transaction Receipts." Proc. 348. '88 Key Words: methods, Eurocrypt . Davos, 1988, methods, design. protocols. (8: GUN-89). pp. 35. Key Words:

SIM-86 Key Words: protocols, zero. SME-85 Simmons, G.J. Smeets, B. "Cryptology." Encyclopedia SIM -89 "A Comment on Niedereiter's Public-Key Cryptosystem," Britannica, Encyclopaedia Simmons, G.J. '85 Linz, Britannica, Inc., Chigaco. IL, "Prepositioned Shared Secret Proc. Eurocrypt , PIC-86), 40-42. 1986, pp. 913-924B. and/or Shared Control 1985, (8: pp. Schemes," Proc. Eurocrypt Key Words: analysis, public- Key Words: methods, '89. Houthalen , 1989, (8: general. QUI-89). key.

SIM-87 Key Words: methods, SPE-83 Simmons. G.J. protocols. Spencer, M.E., and "An Impersonation-Proof S.E. Tavares Identity Verification Scheme." "A Layered Broadcast '87 Cryptographic System," Proc. Proc. Crypto . Santa Crypto '83, Santa Barbara, Barbara. CA, 1987, (8: POM- 1983, (8: CHA-84b), 88), pp. 211-215. CA, pp. 157-170.

Key Words: authentication, methods, case. case. Key Words:

8-24 STI-87 TAN-87 VAN-85 Stinson, D.R., and Tanaka, H. van Tilborg. J., and SA. Vanstone "A Realization Scheme for the D.E. Boekee "A Combinatorial Approach Identity-Based Cryptosystem." "Divergence Bounds on Key '87 to Threshold Schemes," Proc. Proc. Crypto . Santa Encryption and Error '87 Crypto , Santa Barbara, Barbara, CA. 1987, (8: POM- ProbabiHty in Cryptanalysis," '85 CA, 1987, (8: POM-88), pp. 88). pp. 340-349. Proc. Crypto , Santa 330-339. Barbara, CA. 1985. (8: WEL- Key Words: methods, design. 86), pp. 489-513. Key Words: methods, keys. TED-84 Key Words: methods, keys, STI-87a Tedrick, T. theory. Stinson, D.R. "Fair Exchange of Secrets," '84 "A Construction of Proc. Crypto , Santa VAN-87 Authentication/Secrecy Codes Barbara, CA. 1984. (8: BLA- van de Graaf, J., and from Certain Combinatorial 84a). pp. 434-438. R. Peralta '87 Designs," Proc. Crypto , "A Simple and Secure Way to Santa Barbara, CA, 1987. (8: Key Words: methods, Show the VaUdity of Your '87 POM-88), pp. 255-366. protocols. Public Key," Proc. Crypto , Santa Barbara, CA, 1987, (8: Key Words: authentication, TOM-86 POM-88), pp. 128-134. codes, design, case. Tompa, M.. and H. Woll "How to Share a Secret With Key Words: methods, public- '86 STI-88 Cheaters," Proc. Crypto , key. Stinson, D.R. Santa Barbara, CA, 1986, (8: "Some Constructions and ODL-87), pp. 261-265. VAN-88 Boimds for Authentication van Tilborg, J.

Codes," Journal of Key Words: methods, An Introduction to Cryptology ,

Cryptology , Vol. 1, No. 1, protocols. Kluwer Academic PubUshers, 1988, pp. 37-64. NorweU. MA. 1988. TSU-89 Key Words: authentication, Tsujii, S., and T. Itoh Key Words: book, general. theory design, codes. "An ID-Based Cryptosystem Based on Discrete Logarithm VAR-85 STI-88a Problem," IEEE Journal on Varadharajan, V. Stinson, D.R. Selected Areas in "Extension of RSA

"A Construction for Communic ations . May 1989, Cryptosystems to Matrix

Authentication/Secrecy Codes pp. 467-473. Rings," Cryptologia, April from Certain Combinatorial 1985, pp. 140-153. Designs," Journal of Key Words: methods, case.

Cryptology . Vol. 1, No. 2, Key Words: RSA, theory, 1988, pp. 119-127. VAL-88 case. VaUee, B., et al. Key Words: authentication, "How to Break Okamoto's VAR-85a codes, design, theory. Cryptosystem by Reducing Varadharajan, V. Lattice Bases," Proc. 'Trapdoor Rings and Their '88 STR-87 Eurocrvpt , Davos, 1988, Use in Cryptography," Proc.

'85 , Struik. R. , and J. van (8: GUN-89), pp. 281-291. Crypto Santa Barbara, Tilburg CA, 1985, (8: WIL-86), pp. "The Rao-Nam Scheme in Key Words: analysis, 369-395. Insecure Against a Chosen methods. Plaintext Attack," Proc. Key Words: methods, theory. '87 Crypto , Santa Barbara, CA, 1987, (8: POM-88). pp. WAG -84 445-457. Wagner, N.R. "A Public-Key Cryptosystem Key Words: analysis, case. Based on the Word Problem," '84 Proc. Crypto , Santa Barbara, CA, 1984, (8: BLA- 84a), pp. 19-36.

Key Words: methods, case.

8-25 WAG-84a WIL-82 WIN-83 Wagner, N. WiUett, M. Wintemitz, R.S. "Search for Public-Key "A Tutorial on Public Key "Producing a One-Way Hash Cryptosystems," Proc. Crypto Cryptosy stems," Computer & Function from DES," Proc. '84 '83 , Santa Barbara, CA, Security , January 1982, pp. Crypto , Santa Barbara, 1984, (8: BLA-84a), pp. 91- 72-79. CA, 1983, (8: CHA-84b), pp. 98. 203-207. Key Words: methods, public- Key Words: methods, public- key. Key Words: DES, methods, key. design. WIL-84 WAG-85 Williams, H.C. WIN-84 Wagner, N.R., P.S. Putter, "Some Public-Key Crypto- Wintemitz, R.S. and M.R. Cain Functions As Intractable as "A Secure One-Way Hash "Using Algorithms as Keys Factorization," Proc. Crypto Function Built from DES," '84 in Stream Ciphers," Proc. , Santa Barbara, CA, 1984, Proc. 1984 IEEE Symp. Sec , '85 Eurocrypt , Linz, 1985, (8: BLA-84a), pp. 66-70. (5: IEE-84), pp. 121-126. (8: PIC-86), pp. 149-155. Key Words: methods, public- Key Words: DES, methods, Key Words: methods, keys. key. design.

WAG-86 WIL-85 WIN-87 Wagner, N. WiUiams, H.C. Wintemitz, R., and "Large-Scale Randomization "An M3 PubUc-Key M. Hellman Techniques," Proc. Crypto Encryption Scheme," Proc. "Chosen-Key Attacks on a '86 '85 , Santa Barbara, CA, Crypto , Santa Barbara, Block Cipher," Cryptologia , 1986, (8: ODL-87), pp. 393- CA, 1985, (8: WIL-86), pp. January 1987, pp. 16-20. 404. 358-368. Key Words: analysis, methods. Key Words: methods, Key Words: methods, public- random. key. WOL-85 Wolfram, S. WEB-85 WIL-86 "Cryptography with Cellular '85 Webster, A.F., and Williams, H. (Ed.) Automata," Proc. Crypto , S.E. Tavares Advances in Cryptology, Santa Barbara, CA, 1985, (8: '85 "On the Design of S -Boxes," Proceedings of Crypto , WIL-86), pp. 429-432. '85 Proc. Crypto , Santa Santa Barbara, CA, August Barbara, CA, 1985, (8: WIL- 1985, Lecture Notes in Key Words: methods, case. 86), pp. 523-534. Computer Science, No. 218, Springer- Verlag, New York, WUN-83 Key Words: DES, analysis, 1986 Wunderlich, M.C. design. "Factoring Numbers on the Key Words: proceedings, Massively Parallel Computer," '83 WEI-83 general. Proc. Crypto , Santa Weingarten, F.W. Barbara, CA, 1983, (8: CIL\- "Controlling Cryptographic WIN-82 84b), pp. 87-102. Publication," Computers & Wintemitz, R.S.

Security , Jan. 1983, pp. 41- "Security of a Keystream with Key Words: analysis, methods, 48. Secret Initial Value," Proc. hardware. '82 Crypto , Santa Barbara, Key Words: policy, research. CA, 1982, (8: CHA-83b), pp. WUN-83 a 133-137. WunderUch, M.C. WIL-80 "Recent Advances in the Williams, H.C. Key Words: analysis, Design and Implementation of "A Modification of the RSA methods. Large Integer Factorization Public-Key Cryptosystem," Algorithms," Proc. 1983 IEEE

IEEE Trans, on Inform. Symp. Sec. & Privacy , (5: 67-71. Theory , November 1980, pp. IEE-83a), pp. 726-729. Key Words: analysis, Key Words: RSA, methods, algorithms. design.

8-26 YAC-89 YAO-82a YUN-84 Yacobi, Y., and Z. Shmuley Yao, A.C. Yung, M. "On Key Distribution "Protocol for Secure "Cryptoprotocols: Subscription '89 Systems," Proc. Crypto . Computation," Proc, 23d to a Public Key, the Secret Santa Barbara, CA. 1989 (8: IEEE Symposium on Blocking and die Multi-Player BRA-89). Foundations of Computer Mental Poker Game," Proc. '84 Science . November 1982, pp. Crypto , Santa Barbara, Key Words: methods, keys. 160-164. CA. 1984. (8: BLA-84a), pp. 439-453. YAG-85 Key Words: methods, Yagisawa, M. protocols. Key Words: methods, "A New Method for protocols. Realizing Public-Key YAO-86 Cryptosystems," Cryptologia. Yao. A.C. ZHE-89 October 1985, pp. 360-371. "How to Generate and Zheng, Y., T. Matsumoto, and Exchange Secrets." Proc, 27th H. Imai Key Words: methods, public- IEEE Symposium on "On the Construction of Block key. Foimdations of Computer Ciphers and Not Relying on

Science , October 1986, pp. Any Unproved Hypotheses," '89 YAM-86 162-167. Proc Crypto , Santa Yamamoto, H. Barbara, CA, 1989 (8: BRA- "On Secret Sharing Key Words: methods, 89). Communication Systems with protocols. Two or Three Channels," Key Words: methods, design.

IEEE Trans. Inform. Theory , YUK-89 May 1986. Yu. K.W.. and T.L. Yu ZOR-87 "Data Encryption Based on Zorbette, G. Key Words: methods, Time Reversal Algorithms." "Breaking the Enemy's Code,"

protocols. The Computer Journal . (U.K.). IEEE Spectrum . September June 1989. pp. 241-245. 1987, pp. 47-51. YAO-82 Yao, A.C. Key Words: methods, Key Words: analysis, methods. "Theory and Applications of algorithms. Trapdoor Functions," Proc, 23d IEEE Symposium on Foundations of Comp.

Science , November 1982, pp. 80-91.

Key Words: methods, theory.

8-27

9. Privacy

This section cites publications on the problem of protecting information privacy in computer-based record-keeping systems, descriptions of the privacy problem, legislative measures in the United States and internationally, privacy aspects of international transborder data flows (TDF), and problems in specific application areas (e.g., credit reporting, criminal justice, employment, health care).

ABA-82 ADA-84 AUE-83 Privacy: Invited Papers on Adams. J.M. Auerbach. L. Law, Ethics, and Technology. "Canada's Future TDF Policy: "Privacy and Canadian National Symposium on Reconciling Free Flow of Telecommunication Personal Privacy and Information with National Regulation."

Information Technology , Sovereignty," Transnational Telecommunications Policy . American Bar Association Data Report. Oct/Nov. 1983, March 1983. p. 35+ and AFIPS, Washington. DC, pp. 405-411. 1982. Key Words: laws, foreign. Key Words: TDF, policy, Key Words: proceedings, foreign. AUE-84 general. Auerbach. I.L. ADL-85 "Professional Responsibility for ABA-82a Adler, A. Information Privacy." Proc. Report on a National Litigation the '84 Under Federal fflP/Sec. . Toronto, 1984, Symposium on Personal Freedom of Information Act (2: FIN-85), pp. 3-10.

Privacy and Information and Privacy Act , Center for

Technology . American Bar National Security Studies, Key Words: management, Association and AFIPS. Washington, DC. 1985. records. Washington, DC. 1982. Key Words: FOI, PA. laws, AUE-85 Key Words: proceedings, use. Auerbach, I.L. general. "Professional ResponsibiUty for ALB-84 Information Privacy," Albanese. S. ABA-84 Computers & Security , June Abass. O. Justice, Privacy, and Crime 1985, pp. 103-107.

"Guidelines for Informatics Control , University Press of Laws in Africa," America, Lanham, MD, 1984. Key Words: managemnt.

Transnational Data Report, records. Aug/Sept. 1984, pp. 325-326. Key Words: laws, criminal, records, use. BAS-84 Key Words: guidelines, Basche, J.R., Jr. foreign, laws. ALL-83 Regulating International Data AUen, F.A. Transmission: The Impact on ACL-89 "1984 and the Eclipse of Managing International Litigation Under the Federal Private Worlds," Michigan Business, Report No. 852, The

Freedom of Information Act Quarterly Review , Fall 1983. Conference Board, New York. and Privacy Act, American 1984. Civil Liberties Union, Key Words: analysis, general. Washington, DC, 1989. Key Words: TDF. policy, ASA-87 foreign. Key Words: FOI, PA. laws, "Privacy Rights in Personal use. Information," Annual Survey

of American Law , June 1987. pp. 495-666.

Key Words: laws, protection.

9-1 BAS-89 BEM-82 BIG-86 Bass, G., and D. Plocher Bemer, R.W. Bigelow, R. "Strengthening Federal "Incorrect Data and Social "Computers and Privacy — An Information Policy: Harm," Computer Security American Perspective,"

Realities . Opportunities and at Journal Winter 1982, pp. 51- Information Age . (U.K.), July 0MB," Software Law 56. 1986, pp. 134-140.

Journal , Summer 1989, pp. 413-459. Key Words: management, Key Words: rights, laws. threats. Key Words: policy, BIN-83

government. BEQ-81 Bing, J. Bequai, A. "New Technology and the BEC-84 The Cashless Society: EFTS Law: Likely Impact and Future

Becker, J. at the , J. Crossroads Wiley & Trends," Computers & Law , Information Technology and Sons. New York, 1981. February 1983, pp. 2-6.

a New International Order , Transnational Data Reporting Key Words: book, general. Key Words: rights, laws, Service, Springfield, VA, records. 1984. BER-87 Berman. J.J. BIN-83a Key Words: book, general. "National Security vs. Access Bing, J., to Computer Databases: A "Computers and Law — The BEE-84 New Threat to Freedom of Regulatory Envirorunent of Beer, B. Information," Software Law Information Services," Proc. 1- '83 "Legal Aspects of Automatic Journal , Winter 1987, pp. mP/Sec. , Stockholm, Trade Data Exchange," 15. 1983, (2: FAK-83), pp. 253- Transnational Data Report, 264. Jan/Febr., 1984, pp. 52-57. Key Words: FOI, threat, policy. Key Words: requirements, Key Words: TDF, laws, case. rights. BER-89 BEL-83 Berkvens, J. BIN-86 Beling, C.T. "Dutch Banks' Privacy Code Bing, J. 'Transborder Data Flow: of Conduct," Transnational "Beyond 1984: The Law and International Privacy Data Report, June/July 1988, Information Technology in Protection and Free Flow of pp. 12-17. Tomorrow's Society," Information," Boston College Information Age (U.K.), April International & Computer Key Words: policy, foreign, 1986, pp. 85-94.

Law Review , Spring 1983, case. pp. 591-624. Key Words: requirements, BER-89a laws. Key Words: TDF, policy, Berman, J.J. laws. "The Right to Know: Public BIS-88

Access to Electronic Public Biskup, J., and BEL-83a Information," Software Law H.H. Bruggeman

Belkin, N. et al. Journal . Summer 1989, pp. "The Personal Model of Data,"

"Mass-Informatics and Their 491-530. Computers & Security , Implications on Every-Day December 1988, pp. 575-597. Life," Information Processing Key Words: rights, records.

83. Proc. IFIP Congr. Paris . Key Words: records, general. North-Holland. Amsterdam, BER-89b 1983. Berman, J., and J. Goldman A Federal Right of Key Words: proceedings, Information Privacy: The

general. Need for Reform , Benton Foundation, Washington, DC, 1989.

Key Words: book, PA, general. A

BIS-89 BUR-84b CHA-84a Biskup, J. Burton, R.P.. and Chamoux, J., and F. Chamoux "Protection of Privacy and R.D. Malmrose "French Data Protection: The Confidentiality in Medical "The Effects of Recent First Five Years," Information Systems: Privacy Laws on Rights of Transnational Data Report, Problems and Guidelines," Deceased Persons," April/May 1984, pp. 163-166. Proc. m WG 11.3 (Data Transnational Data Report, Base) Workshop . (6: in-89), June/July 1984, pp. 237-242. Key Words: laws, foreign. 1989. Key Words: laws, case. CHC-87 Key Words: protection, Open and Shut: Enhancing the medical. BUR-85 Right to Know and Right to

Burgess, B.C. Privacy , Canadian House of BRA-84 "Restrictions in Data Transfer Commons, Canadinan Branscomb, A.W. and Use," Transnational Data Government Printing, Ottawa, "The Legal Infrastructure for Report. June 1985, pp. 217- March 1987. Global Information Flows," 219. Transnational Data Report, Key Words: laws, rights, June/July 1984. pp. 247-251. Key Words: TDF, foreign. requirements. Key Words: TDF, laws, CHE-84 design. BUR-87 Cheah, C.W. Burton, R.P., and "An Econometric Analysis of BRO-84 R.D. Malmrose TDF Regulation," Brown, R.W. "Impact of Privacy Laws on Transnational Data Report, "A Model Code for Religious Organizations," December 1984, pp. 475-479 Transnational Commerce?," Transnational Data Report. Transnational Data Report, June 1987. pp. 5-9. Key Words: TDF, analysis, March 1984, pp. 117-124. case. Key Words: laws, case. Key Words: regulation, TDF. CHP-87 CEC-84 Information Technology and

BRT-85 New Information and the Erosion of Privacy , Report International Information Communication Technologies of the Commission on

Flow A Plan For Action , The and Data Protection , Humanities and Public Affairs, Business Roundtable, New Information Technology Task Claremont Graduate School, York, January 1985. Force, Council of European Claremont. CA, 1987. Communities, Brussels, 1984. Key Words: TDF, guidelines. Key Words: requirements, Key Words: requirements, rights. BUR-84 rights. Bumham, D. CLA-81 The Rise of the Computer CHA-83 Clariana, G.G.

State , Random House, Chavda, H. 'TDF, DaU Protection and Westminster, MD, 1984 "Data Protection in the International Law,"

Computing Industry— Transnational Data Report, Key Words: threats, general. Survey," Information Age July/August 1981, pp. 31-35. (UK), October 1983, pp. 211- BUR-84a 221. Key Words: TDF, rights, Burkert, H. foreign. "Information Law Problems Key Words: protection, case. For the Eighties," CLA-88 Transnational Data Report, CHA-84 Clarke, R.A. Aug/Sept. 1984, pp. 331-336. Chaum. D. "Information Technology and "A New Paradigm for Dataveillance,"

Key Words: laws, Individuals in the Information Communications of the ACM , requirements. Age," Proc. 1984 IEEE Symp. May 1988, pp. 498-512.

on Sec. & Privacy , (5: lEE- 84), pp. 99-103. Key Words: surveillance, rights. Key Words: protection, rights.

9-3 CLU-88 COE-86 COL-85 Clukey, L. Protection of Personal Data Cole, P.E. "The Electronic Used for Purposes of Direct "New Challenges to the U.S.

Communications Privacy Act Marketing , Reconunendation Multinational Corporations in of 1986: The Imact on R(85)20, Council of Europe, European Community: Data Software Communication Strassbourg, France, 1986. Protection Laws," N.Y.U. Technologies," Software Law Journal on International Law

Journal. Spring 1988, pp. Key Words: protection, and Politics . Summer 1985, 243-263. foreign private, records. pp. 893-947.

Key Words: analysis, laws. COE-86a Key Words: TDF. foreign, Protection of Personal Data analysis. COE-81 Used for Social Security

Convention on Protection of Purposes , Recommendation COM-83 Individuals with Regard to R(88)l, Council of Europe, "Computerized Bank Accounts, Automatic Processing of Strassbourg, France, 1986. Credit Cards, and George Personal Data, Council of Orwell's 1984," Computers and Strassbourg, protection, Europe, France, Key Words: People , March/April 1983, pp. 28 January 1981. foreign, soci^, records. 27-1-

Key Words: jwotection, COE-88 Key Words: threats, rights. foreign. Regulating the Use of Personal Data in the Police CON-80

, COE-81 a Sector Recommendation International Data Flow , Regulations for Automated R(87)15, Council of Europe, Hearings Before Committee on

Medical Data Banks , Strassbourg, France, 1988. Government Operations, House Recommendation R(81)l, of Representatives, U.S. Coimcil of Europ>e, Key Words: protection, Congress, Washington, DC, Strassbourg, France, 1981. foreign, criminal, records. 1980.

Key Words: protection, COE-89 Key Words: TDF, laws. foreign medical, records.. "Protection of Personal Data Congress. Used for Employment COE-83 Purposes," Coimcil of Europe CON-80a The Protection of Users of Recommendation No. R(89)2, International Information Flow Computerized Legal Transnational Data Report, Flow: Forging a New

Information Services , March 1989, pp. 26-28. Framework , House Report No. Recommendation R(83)3, 96-1535, U.S. Congress, Coimcil of Europe, Key Words: protection, Washington, DC, December Strassbourg, France, 1984. records, employment. 11, 1980.

Key Words: protection, COE-89a Key Words: TDF, Congress. foreign private, records. New Technologies: A Challenge to Privacy CON-83

COE-84 Protection? , Council of Oversight of Computer Protection of Personal Data Europe, Strassbourg, France, Matching to Detect Fraud and Used for Scientific Research 1989. Mismanagement in

and Statistics , Government Programs , Recommendation R(83)10, Key Words: requirements, Hearings, Senate Subcommittee Council of Europe, foreign. on Oversight of Government Strassboiu'g, France, 1984. Affairs, Washington, DC, 1983. Key Words: protection, foreign, statistical, social. Key Words: Congress, matching.

9-4 CON-83a CON-87 CUL-87 Who Cares About Privacy? Computer Matching and "Protecting Individual Privacy Oversight of the Privacy Act Privacy Act of 1987, in Shadow of a National Data of 1974 by Office of Hearings, Subcommittee of Base," Capital University Law

Management and Budget and House Committee on Review . Fall '87. pp. 117-141.

by Congress . No. 98-455, Government Operations, U.S. House of Representatives, Congress, Washington, DC, Key Words: threats, U.S. Congress, Washington, 1987. government DC. 1983. Key Words: Congress, DAM-83 Key Words: Congress, PA, matching. Danunan, U. oversight. "Auditing Data Protection" CON-88 Transnational Data Report CON-83b Computer Matching and April-May 1983, pp. 161-163. Oversight of the Privacy Act Privacy Act of 1988, Report

of 1974 , Hearings, House 100-802. House Committee on Key Words: management Committee on Government Government OpCTations. U.S. records. Operations, U.S. Congress, Congress, Washington, DC, Washington, DC, 1983. July 27.1988. DOC-88 Dockrill, C. Key Words: Congress, PA, Key Words: Congress, "Computer Data Banks and oversight. matching. Personal Information: Protection Against Negligent CON-85 CON-88a Disclosure," Dalhousie Law Unauthorized Access to The Computer Matching and Journal March 1988, pp. 546- 580. Individual Medical Records , Privacy Act of 1988 . P.L. Hearings, House Committee 100-503. (5 U.S.C. 552a), on Judiciary, Subcommittee U.S. Congress, Washington, Key Words: protection, on Civil and Constitutional DC 1988. records. Rights, U.S. Congress, Washington, DC, 1985. Key Words: Congress, DOJ-85 matching. Criminal Justice Information Key Words: protection, Policy: Intelligence and medical. COO-81 Investigative Records , U.S. Cooper, G.R., and Department of Justice, Bureau CON-86 R.R. Belair of Justice Statistics. NCJ- Computer Matching and Privacy and the Private 95787. Washington, DC. 1985. , of Justice February Privacy Act of 1986 , Employer Bureau Hearings, Subcommittee on Statistics, U.S. Department of Oversight of Government Justice. Washington, DC, Key Words: policy, criminal, Management, Senate 1981. rights. Commitee on Government Affairs, U.S. Congress, Key Words: guidelines, DON-81 T.G. Washington. DC, 1986. employment Donovan, "Data Protection's Many Tentacles," Proc. Comp. Sec. Key Words: Congress, COO-83

Priv. Symposium . Phoenix. matching. Coombe, G.W., and S.L. Kirk & "Privacy, Data Protection and AR. 1981. (1: HON-81). pp. CON-86a Transborder Data Flows: A 13-24. Electronic Communications Corporate Response," The Key Words: laws, records, Lawyer, November Privacy Act of 1986 , P.L. Business general. 99-508, (18 U.S.C. 2703), 1983, pp. 33-66. 1986, U.S. Congress, Washington, DC, 1986. Key Words: TDF, policy, DUB-83 A. case. Dubrow. "Your Medical Records: How Key Words: Congress, laws. Private Are They?." California

Lawyer . Apr. 1983, p. 33+.

Key Words: threats, medical, records.

9-5 DUF-82 FAR-83 FLA-85 Duffy. D.J. Famsworth, D.P. Flaherty, D.H. "Privacy vs. Disclosure: "Data Privacy: An American Protecting Privacy in Two-

Balancing Employee and View of European Way Electronic Services , Employer Rights," Employee Legislation," Transnational Knowledge Industry Publicat.,

Relations Law Journal , Data Report, July/August White Plains, NY. 1985. Spring 1982, pp. 594-609. 1983, pp. 285-290. Key Words: book, rights, Key Words: rights, Key Words: laws, foreign. laws. employment. FIS-80 FLA-85a EAT-86 Fishman, W.L. Flaherty. D.H. Eaton, J.W. "Introduction to Transborder Privacy and Data Protection: Card-Carrying Americans: Data Flow," Stanford Jotmial An International BibUography.

Privacy, Security, and the of Intemat. Law . Summer Knowledge Industry Publicat.. National ID Card Debate, 1980, pp. 1-26. White Plains. NY, 1985. Rowman & Littlefield, Totowa, NJ, 1986. Key Words: TDF. policies, Key Words: book, general. rights. Key Words: book, laws, FLA-86 rights. ns-81 Flaherty, D. Fisher. J.F. "Governmental Surveillance ENN-84 "Access to Fair Credit and Bureaucratic Ennison, T., Jr. Reports: Current Practices and AccoimtabiUty: Data Protection "Sovereignty Considerations Proposed Legislation." Agencies in the Western in TDF: Developing-Country American Business Law Societies," Science,

Perspective," Transnational Journal . FaU 1981. pp. 319- Technology and Human

Data Report, April/May 1984, 342. Values , No. 1, 1986, pp. 1-12. pp. 175-181. Key Words: credit, laws, Key Words: laws, rights, Key Words: TDF, rights, rights. foreign. foreign. FLA-84 FLA-86a EVA-81 Flaherty. D.H. Flaherty, D. Evans, A.C. Nineteen Eighty-Four and "On Making Data Protection

"Eiu-opean Data Protection After. Final Report of Effective," Transnational Data Law," American J. of Bellagio Conf. University of Report, April 1986, pp. 15-16.

Comparative Law , Fall 1981, Western Ontario, London, pp. 571-582. Ontario, May 15, 1984. Key Words: laws, protection.

Key Words: laws, foreign, Key Words: proceedings, FLA-89 TDF. rights. Flaherty, D.H. Protecting Privacy in

EVE-80 FLA-84a Surveillance Societies . Everest, G.C. Flaherty, D.H., E.H. Hanis, University of North Carolina "Nonxmiform Privacy Laws: and S.P. Mitchell Press, Chapel Hill, NC, 1989. Implications at Attempts at Privacy and Access to Uniformity," Hoffman, L.J. Government Data for Key Words: book, laws, (Ed.), Computers and Privacy Research: An International foreign.

in the Next Decade , Bibliography , Knowledge Academic Press, New York, Industry Pubhcat., White FLE-86 1980, pp. 141-150. Plains, NY, 1984. Fletcher, P.T. "Current Issues in Key Words: guidelines, laws. Key Words: book, general. Confidentiality: Computerized Information Systems, Medical Records, and Patients' Rights,"

Computers & Society. Summer/Fall 1986. pp. 8-18.

Key Words: rights, medical.

9-6 FLR-84 GAO-86 GOT-84 "Damages Under the Privacy Privacy Act: Federal Godieb. C.C. Act of 1974: Compensation Agencies' Implementation Can "Equity in Access to and Deterrence," Fordam Be Improved , GAO/GGD-86- Information," Proc. IFIP/Sec. Law Review , March 1984, p. 107, U.S. General Accounting '84, Toronto, 1984, (2: FIN- 611+. Office, Washington, DC, 85). pp. 29-39. August 1986. Key Words: PA, protection, Key Words: uses. Key Words: PA, oversight, laws. GRA-84 FRE-81 Gray, J., L.B. McSweeney, Freese, J. GAR-85 and J.C. Shaw "The Vulnerability of Garzon, G. Information Disclosure and the Computerized Society," "Legal Framework for Multinational Corporation . Transnational Data Report, International Information" John Wiley & Sons, Ltd., July/August 1981. pp. 21-25. Transnational Data Report. Chichester. UK, 1984. March 1985, pp. 101-107. Key Words: threats, laws. Key Words: book. TDF, laws. Key Words: TDF. laws, FRE-83 foreign. GRA-86 Freese, J. Grandjean, J.R. "The Right to Be Alone in GAS-85 "Computerized Medical Data ~ Sweden," Transnational Data Gassman, H.P. (Ed.) Privacy and Delinquency

Report, December '86 1983, pp. Transborder Data Flows. Issues," Proc. IFIP/Sec. , 447-449. Proceedings of 1973 OECD Monte Carlo, 1986, (2: GRI-

Conference , North- 89). Key Words: rights, foreign. Holland/Elsevier Science Publishing Co.. New York, Key Words: records, medical. FRE-87 1985. Freedman, W. GRE-80 The Right of Privacy in the Key Words: proceedings, Greguras, F.M.

Computer Age , Quorum general. "Information Systems and Books, New York, 1987 Privacy Issues in the U.S.A.." GEB-88 Information Privacy (U.K.). Key Words: book, rights, Gebhardt, H.-P. May 1980. pp. 90-97. laws. "Data Protection in Telecommunication Services," Key Words: rights, general. FUT-83 Transnational Data Report, "Orwell's 1984: How Close June/July, 1988, pp. 18-23. GRE-81 to the Truth?," Special Issue, Greguras. F.M.

The Futurist , December 1983. Key Words: TDF. protection. "Anticipating the Impact of EFTS on Privacy & Key Words: threats, general. GES-82 Information Practices." Proc.

Gest, T.. and P.M. Scherschel Comp. Sec. & Priv. Symp. . GAO-85 "Report on Privacy: Who Is Phoenix, AR, (1: HON-81), Eligibility Verification and Watching You," U.S. News & pp. 25-45. Privacy in Federal Benefit World Report, July 12, 1982, Programs: A Delicated pp. 34-37. Key Words: EFTS,

Balance , GAO/HRD-85-22. requirements. U.S. General Accounting Key Words: threats, rights. Office, Washington, DC, GRO-82

March 1. 1985. GOL-89 Grossman. G.S. Golden, J.S. 'Transborder Data Flow: Key Words: goverrunent, "Information on the Federal Separating the Privacy Interests matching. Government's Electronic of Individuals and Databases: Is There a First Corporations." Northwestem Amendment Right of Journal of International Law

Access?," Software Law and Business . Spring 1982, pp.

Journal . Winter 1989. pp. 65- 9-11. 90. Key Words: TDF, laws, Key Words: government, general. laws.

9-7 GUR-84 HAR-86 HIR-89 Gurry, F. Harding, N.G.L Hiramatsu, T.

Breach of Confidence , Data Protection in Medicine, "Japan Adopts Privacy Oxford University Press, Proc. of a National Meeting, Protection Act," Transnational Clarendon (UK), 1984. Oxford, England, February Data Report, February 1989, 1986, HMSO Pubhcations pp. 22-29. Key Words: book, rights, Center, London. 1986. laws. Key Words: laws, foreign. Key Words: rights, laws, HAE-84 medical. HOF-80 Haeck, L. Hoffman, L.J. (Ed.) 'Transborder (Private) Data HEL-85 Computers and Privacy in the

Flow and the International Hely, M.H., and Next Decade . Academic Press. Airlines," Transnational Data M.T. Morrison New York, 1980.

Report, Aug/Sept. 1984, pp. Data Protection Act of 1984, 343-345. The Computer Services, Ltd., Key Words: proceedings, Easterton, Devizes, Wilts, general. Key Words: TDF, policy, U.K., 1985. foreign. HON-80 Key Words: laws, foreign. Hondius, F.W. HAM-84 "Data Law in Europe," Hamelink, C.J. HER-88 Stanford J. of International

Transnational Data Flows in Hernandez, R.T. Law , Summer 1980, pp. 87-

the Information Age, "ECPA and Online Computer 111. Transnational Data Reporting Privacy," Federal Communic.

Service, Springfield, Va, Law Journal , November 1988, Key Words: laws, foreign. 1984. pp. 17-41 IBI-80 Key Words: TDF, policy, Key Words: laws, Transborder Data Flow

foreign. government. Policies , Papers Presented at IBI Conference in Rome, June HAR-84 HHS-85 1980. Unipub, New York, Harris, L. et al. Catalog of Automated Front- 1981. The Road After 1984: Impact End Eligibility Verification

of Technology on Society. A Techniques . OAI-85-H-51, Key Words: proceedings, TDF.

Public Opinion Study , U.S. Department of Health Southern New England and Human Services. IBM-83 Telephone Company, New Washington. DC. 1985. Privacy Begins at Home-IBM Haven, CT, 1984. Experience with Developing Key Words: guidelines, and Administration of

Key Words: threats, rights, matching. Employee Privacy Practices , laws. IBM Corporation, White HIR-84 Plains, NY, 1983. HAR-85 Hiramatsu, T. Hartmann, J., and "Japan's Privacy Protection Key Words: policy, rights, S.M. Renas Measures," Transnational Data case. "Anglo-American Privacy Report. March 1984, pp. 109- Law: An Economic 112. ICC-85 Analysis," International Business Guide to Privacy and

Review of Law and Key Words: laws, foreign. Data Protection Legislation ,

Economics , December 1985, No. 384, International pp. 133-152. HIR-87 Chamber of Commerce, Paris, Hiramatsu, T. 1985. Key Words: laws, foreign. "Japan's New Personal Data Bill," Transnational Data Key Words: TDF, guidelines,

Report. October 1987, pp. 14- laws. 16.

Key Words: laws, foreign.

9-8 ICC-85a KEN-86 KIR-87 Issues in Computing, Kenny, J.J. (Ed.) Kirby, M.D. Telecommunications and Data Privacy & Security. "Access to Information and Information Policy. -No. 385, Pergamon Press, Elmsford. Privacy: The Ten Information International Chamber of NJ. 1986 Commandments," University of Commerce, Paris, 1985. Cincinnatti Law Review . 1987. Key Words: book, general. pp. 745-759. Key Words: TDF, policy, foreign. KIR-80 Key Words: rights, laws, use. Kirby. M.D. IRV-86 'Transborder Data Flows and KLU-83 Irving, R.H., C.A. Higgins, the 'Basic Rules' of Privacy," Klugman. E. and F.R. Safayeni Stanford Journal of 'Toward a Uniform Right to "Computerized Performance International Law . Siunmer Medical Records: A Proposal Monitoring Systems: Use and 1980. pp. 27-66. for a Model Patient Access Abuse," Communications of and Information Practices

the ACM . August 1986, pp. Key Words: TDF, rights, Statute." UCLA Law Review , 794-801. foreign. August 1983. p. 1349-h.

Key Words: rights, KIR-81 Key Words: rights, medical. employment Kirchner, J. "Privacy: A History of KUS-84 JML-88 Computer Matching in the Kusserow, R.P. "Privacy Edition," The John Federal Government, "The Government Needs

Marshall Law Review , Computerworld, December 14, Computer Matching to Root Summer '88, pp. 703-902. 1981, pp. 2ff. Out Waste and Fraud." Communications of the ACM. Key Words: rights, laws, Key Words: matching, June 1984. pp. 542-545. general. general. Key Words: requirements, JON-88 KIR-84 case, matching, rights. Jones, S.E. Kirby, M.D. "Right to Financial Privacy: "Urgent Need to Solve TDF LAN-84 Emerging Standards of Bank Legal Difficulties," Landever, A.R. Compliance," Banking Law Transnational Data Report. "Electronic Surveillance,

Journal , Jan./Febr. 1988, pp. Aug/Sept. 1984. pp. 347-350. Computers and the Fourth 37-51. Amendment." University of

Key Words: TDF, laws, Toledo Law Review , Winter Key Words: rights, laws, rights. 1984. pp. 597-640. EFTS. KIR-86 Key Words: surveillance, KAT-88 Kirby. M.D. rights. Katz. J.E. 'Ten Information "Public Policy Origins of Commandments." LAU-83 Telecommunications Privacy Transnational Data Report, Lauffer. S. and the Emerging Issues." June 1986. pp. 19-22. International Issues in Information Age (U.K.), July Communication Technology rights, 1988, pp. 169-176. Key Words: laws, use. and Policy , Academy for Educational Development, Key Words: policy, laws, KIR-86a Washington, DC, 1983. case. Kirby, M.D. "Human Rights - The Key Words: book, policy, Challenge of New foreign. Technology," Information Age (U.K.). October 1986, pp. 200-207.

Key Words: rights, general.

9-9 LAU-86 MAR-80 MCC-80 Laudon, K.C. Marchand. D.A. McConnell, R.M. Dossier Society: Value The Politics of Privacy, and "Designing for Privacy: The

Choices in the Design of Criminal Justice Records . Data Vault." in RuUo, T.A. National Information Information Resources Press, (Ed.). Advances in Computer

Systems . Columbia University Arlington, VA, 1980. Security Management. Vol. 1, Press, New York, 1986 Heyden, Philadelphia, PA. Key Words: policy, criminal. 1980. pp. 106-121. Key Words: book, surveillance. MAR-84 Key Words: "protection, design. Marx. G.T.. and LAU-86a N. Reichman MCK-83 Laudon, K.C. "Routinizing the Discovery of McKay, G.A. "Data Quality and Due Secrets: Computers as "Privacy - A Call for Action." '83 Process in Large Informants." Americ. Proc. IFIP/Sec. . Interorganizational Record Behavioral Scientist, March Stockhohn, 1983, (2: FAK-83), Systems," Communications of 1984. pp. 47-55.

the ACM . January 1986, pp. 5-11. Key Words: threats, rights. Key Words: protection, general. Key Words: requirements, MAR-86 case. Marx. G.T., and S. Sherizen MCL-81 "Monitoring the Job: How to McLaughlan, W. LEA-86 Protect Privacy as well as "Privacy and Criminal Justice," Leahy. P. Property." Technology Information Privacy (U.K.). "Privacy and Progress." Review. Nov ./Dec. 1986, pp. March 1981. pp. 43-49.

Computers & Security . 63-72. December 1986. pp. 347-349. Key Words: rights, criminal. Key Words: threats, rights. Key Words: rights, general. MEL-82 MAR-86a Meldman, J.A. LER-84 Marx. G.T. "Privacy Expectations in an Lemer, E.J. "Surveillance: A Dangerous Information Age," Information "International Data Wars Are Game Played With Matches." Privacy (U.K.). Winter 1982,

Brewing," IEEE Spectrum. Abacus . Fall 1986. pp. 60-64. pp. 81-89. July 1984. p. 454-1-. Key Words: threats, matching. Key Words: rights, laws. Key Words: TDF. policy. MAR-88 MON-88 LIN-89 Marx, G.T. Monssen, W. Linowes. D.F. Undercover: Police "Airline Industry Takes Data Privacy in America: Is Your Surveillance in America, Protection Seriously," Private Life in the Public University of California Press, Transnational Data Report.

Eye? . University of Illinois Berkeley, CA, 1988 January 1988, pp. 17-20. Press, Urbana, IL. 1989. Key Words: book, threats. Key Words: policy, rights. Key Words: book, threats, rights. MAT-85 MOW-81 Madey, B.G. Mowshowitz. A. MAI-81 "Computer Privacy in "On Approaches to the Study Maisonrouge. J.G. America: Conflicting Practices of Social Issues in "Regulation of International and Policy Choices." Proc. Computing." Communications

Information Hows," The 1986 IEEE Symp. Sec. & of the ACM . November 1981.

Information Society . Vol. 1, Priv. , (5: IEE-86), pp. 219- pp. 146-155. No. 1. 1981. pp. 17-30. 223. Key Words: policy, social. Key Words: TDF. policy, Key Words: policy, laws. laws.

9-10 NIB-84 OEC-84 OTA-86 Niblett, B. An Exploration of Legal Federal Government Protection Data Act of 1984 . Issues In Informationa and Information Technology: Longman Group Limited, Telecommunication Electronic Record Systems and London, 1984. Technologies . OECD, Paris, Individual Privacy , OTA-CIT- 1984. 296, U.S. Congress, Office of Key Words: book, laws, Technology Assessment, foreign. Key Words: TDF, laws, Washington, DC. June 1986. policy. NOV-80 Key Words: rights, records, Novotny, EJ. OEC-86 laws, government, policy. 'Transborder Data Flows and 1984 And Beyond: The Social International Law: A Challenge of Information OTA-87

Framework for Policy- Technology . Proc. 1984 Berlin The Electronic Supervisor — Oriented Inquiry," Stanford Conf. OECD, Paris, March New Technology, New

Journal of International . Law 1986. Tensions . OTA-CIT-333, U.S. Summer 1980, pp. 141-199. Congress, Office of Techn. Key Words: jwlicy, social. Assessment, Washington, DC, Key Words: TDF, laws, September 1987. foreign. OMB-85 Management of Federal Key Words: threats, rights,

NOV-82 Information Resources , government, policy. Novotny, E.7. Circular No. A- 130, Office of 'Transborder Data Flow Management and Budget, OTA-88 Regulation: Technical Issues Washington, DC, December Criminal Justice, New of Legal Concern," 1985. Technologies and the

Computer/Law Journal , Constinition, OTA-CIT-366, Winter 1982. pp. 105-124. Key Words: policy, U.S. Congress, Office of guidelines. Techn. Assessment, Key Words: TDF, Washington, DC, May 1988. requirements. OSV-83 Osvald, T. Key Words: policy, criminal. NYC-80 "The Data Act and Nyciun, S.H., and Documentation Requirements," PAG-84 '83 S. Courmey-Saunders Proc. IFIP/Sec. . Pagels, H.R. (Ed.) 'Transborder Data Flow: Stockhohn, 1983, (2: FAK- Computer Culture: The Legal Persons in Privacy 83), pp. 265-268. Scientific Intellectual and

Protection Legislation," Proc, Social of the the Computer ,

1980 National Comp. Conf. , Key Words: laws, foreign. The New York Academy of AFIPS Press, Arlington, VA, Sciences, New York, 1984. pp. 587-593. OTA-85 Federal Government Key Words: book, policy. Key Words: TDF, policy, Information Technology: laws. Electronic Surveillance and PAR-83

Civil Liberties , OTA-CIT-293, Parent, W.A. OEC-80 U.S. Congress, Office of "Recent Work on the Concept Information, Computer and Techn. Assessment, of Privacy," Americican

Communications Policies for Washington, DC, October Philosophical Quarterly , 1983,

1980s . Proc. of a High-Level ^985. pp. 341-355. Conf., OECD, Paris, 1980. Key Words: surveillance, Key Words: policy, general. Key Words: proceedings, rights, government, policy. general. PAR-84 Parkhill, D., P. Enslow (Eds.)

OEC-81 So This is 1984 , North- Guidelines for the Protection Holland, Amsterdam, 1984. of Privacy & Transborder Data Flows of Personal Key Words: book, general.

Information , OECD, Paris, 1981.

Key Words: TDF, guidelines.

9-11 PAT-89 RAS-86a ROB-86 Patrick. Rasor, P.B. Robinson, P. "Public Access to "Privacy Implications of "Legal Issues Raised by Government Databanks," Consumer Credit Laws," The Transborder Data Flow,"

Proc, 12th Natl. Comp. Sec. John Marshall Law Review , Canadian-U.S. Law Journal , Conf.. 1989. (5: NCS-89). Summer 1986. pp. 941-957. 1986, pp. 295-316. pp. 609-610. Key Words: privacy, credit. Key Words: TDF, laws, Key Words: policy, rights, foreign. laws. RIC-86 Rice, R. RUB-89 PIE-83 "I*rivacy, Freedom and Rubenfeld, J.

Pietarinen, I. PublicKey Cryptography," 'The Right of Privacy,"

"Finland's Privacy Information Age, (U.K.), Harvard Law Review . February Legislation," Transnational October 1986, pp. 208-214. 1989, pp. 737-807. Data Report, March 1983,

. pp. 101-103. Key Words: policy, rights. Key Words: rights, laws.

Key Words: laws, foreign. RIL-87 RUL-80 RUey, T. Rule, J., et al. PIP-84 "Quebec's Unique Access and The Politics of Privacy, New Pipe, G.R. Privacy Act," Transnational American Library, New York, "Getting on the TDF Track," Data Report. January 1987. 1980.

Datamation , Jan. 1984, p. pp. 11-13. 200-211. Key Words: book, rights. Key Words: laws, foreign. Key Words: TDF, general. SAU-84 RIL-87a Sauvant, K.P. PLE-82 Riley. T. "The Growing Dependence on Plesser, R. "Enhancing Canadians' Right Transborder Data Flows," "Issue of Data Flows Across to Know and to Privacy." Computerworld, June 25, 1984. National Borders Must Be Transnational Data Report, pp. ID/19-24. Faced," ABA Banking June 1987, pp. 23-25.

Journal , February 1982, pp. Key Words: TDF. policy, 71-78. Key Words: rights, foreign. laws.

Key Words: TDF, policy, RIL-87b SCH-84 laws. RUey, T. Schoeman, F.D. (Ed.) Access to Government Philosophical Dimensions of

RAD-84 Records: International Privacy , Cambridge University

Rada, J.F. and Perspectives and Trends , Press. New York, 1984 G.R. Pipe (Eds.) Transnational Data Reporting Communications Regulation Services, Springfield, VA, Key Words: book, rights, laws.

and International Business , 1987. Elsevier Science PubUshers, SEI-80 New York, 1984. Key Words: book, policy, Seller. R.S. foreign. "Privacy and Insurance: An Key Words: book, TDF, Enforceable Expectation of

policy. RIL-88 Confidentiality." Forum . Spring RUey, T. 1980. pp. 628-659. RAS-86 "Data Commissioners Rasor, P.B. Consider Wider Horizons: Key Words: rights, laws. case. "Controlling Government Conference Report," Access to Personal Financial Transnational Data Report, SEI-86 Records," Washbum Law December 1988, pp. 10-18. Seipel. P.

Review , Spring 1986, pp. "Pitfalls of the Electronic

417-436. Key Words: policy, laws, Revolution." Information Age . foreign. (U.K.). October 1986. pp. 215- Key Words: policy, records. 219.

Key Words: threats, rights.

9-12 SEL-88 SIM-85 SMI-86 Selmer, K. Simitis, S. Smith. R.E. "Data Protection Policy "Data Protection: New Collection and Use of Social

Trend," Transnational Data Developments, New Security Numbers . Privacy Report, December 1988, pp. Challenges," Transnational Joumal Publication, 19-25. Data Report, March 1985, pp. Washington, DC, 1986. 95-96. Key Words: policy, laws. Key Words: policy, rights. Key Words: policy, rights, SHA-84 laws. SMI-88 Shattuck, J. Smith, R.E. "Computer Matching Is a SIM-87 Compilation of State &

Serious Threat to Individual Simitis, S. Federal Privacy Laws , Privacy Rights," Communications of "Reviewing Privacy in an Joumal Publication,

the ACM , June 1984, pp. Information Society," Washington, DC, 1988. 538-541. University of Peimsylvania

Law Review , March 1987, pp. Key Words: laws, general. Key Words: matching, 707-746. threats. STE-81 Key Words: policy, rights, Stevenson, R.B., Jr.

SHA-85 laws. Corporations «fe Information :

Shattuck, J. Secrecy, Access & Disclosure, "Privacy in the Age of SIZ-85 Johns Hopkins University Information," Transnational Sizer, R. and P. Newman Press, Baltimore MD, 1981. Data Report, July/August The Data Protection Act book, policy, 1985, pp. 259-260. (U.K.) , Gower Publishing Co.. Key Words: Ltd., London, 1985. laws. Key Words: rights, laws. Key Words: laws, foreign. STE-83 SHA-89 Steriing. R.A. Shattuck, J., and SLA-83 "Privacy Information Systems M.M. Spence Slansky, P. (Ed.) Common Law - A Comparative Study in the "A Presidential Initiative on On Nineteen Eighty-Four , Information Policy," Software W.H. Freeman & Co., New Private Sector," Gozanga Law

Review , Vol. 18, 1982/83, pp. Law Journal , Summer 1989, York, 1983. 567-604. pp. 461-490. Key Words: book, rights. Key Words: policy, rights, Key Words: policy, rights, laws. SMI-83 law. Smith, R.E. STR-86 SHU-86 Workrights , Privacy Joumal Shultz, G.P. Publication, Washington, DC, Strunk, O., Jr. Studies in Social and "Consequences of the Age of 1983. Privacy: University Information," Transnational Cultural History . Press of America. Lanham. Data Report, May 1986, pp. Key Words: rights, 16-19. employment. MD. 1986

Words: book, general. Key Words: polciy, rights. SMI-85 Key Smith, R.E. SIM -83 Fair Information Practices in STR-88 Strong, D.R. Simitis, S. Seven States , Privacy Joumal Computer Matching and "Data Protection~A Few Publication, Washington, DC, "The Privacy Protection Act of Critical Remarks," 1985. 1988: Necessary Relief from Transnational Data Report, Erosion of the Privacy Act of March 1983, pp. 93-96. Key Words: laws, general. 1974," Software Law Joumal , Summer 1988. pp. 391-422. Key Words: protection, laws.

Key Words: matching, laws.

9-13 SWA-83 TLR-87 TUR-80 Swan, J.C. "Privacy, Computers, and the Tum, R. "Public Records and Library Commercial Dissemination of 'Transborder Data Flows,"

Privacy," Library Journal, Personal Information," Texas Computerworld, March 3,

Sept. 1983. Law Review , June 1987, pp. 1980, pp. IDI-IDIO. 1395-1439. Key Words: policy, records. Key Words: TDF, policy, Key Words: policy, records. laws. TDR-83 Transborder Data Flow Issues TRA-85 TUR-80a

Guide , Transnational Data Traub, J.F. (Ed.) Tum, R.

Reporting Service, Cohabiting with Computers , "An Overview of Transnational Springfield, VA, 1983. William Kaufmaim, Inc., Los Dataflow Issues," Proceedings, Altos, CA, 1985. Pacific Telecommunications

Key Words: TDF, guidelines. Conference . January 1980, pp. Key Words: book, general. 1D31-1D40. TDR-83a "Statistical Data Privacyand TRE-88 Key Words: TDF, policy, Confidentiality," Tremper, C.R., and laws. Transnational Data Report, M.A. Small Oct./Nov. 1983, pp. 368-386. "Privacy Regulation of TUR-80b Computer Assisted Testing Tum, R. Key Words: statistical, laws. and Instruction," Washington 'Technical ImpUcations of

Law Review , October 1988, Privacy Protection TDR-84 pp. 841-879, Requirements," Information

"Surveys Show Strategic Privacy . (U.K.), January 1980, Importance of TDF," Key Words: policy, rights. pp. 2-6. Transnational Data Report, Jan/Febr. 1984, pp. 20-36. TRU-86 Key Words: TDF, policy, Trubow, G. design. Key Words: TDF, policy. "Peeping Sam: Uncle Is Watching You," Computer TUR-SOc

TDR-84a Security Joumal , No. 1, 1986, Tum, R. "New Technologies' Impact pp. 15-20. "Privacy Protection and On Data Protection," Transborder Data Flows,"

Transnational Data Report, Key Words: surveillance. Proceedings, 1980 National

June/July 1984, pp. 204-215. Computer Conference , AFIPS TRU-87 Press, Reston, VA, 1980, pp. Key Words: threats, rights. Trubow, G.B. 581-586. "National Information Policy TDR-84b and the Management of Key Words: TDF, laws, "Second World TDF Personal Records," Software foreign.

Conference: Special Report," Law Joumal , Winter 1987, pp. Transnational Data Report, 101-112. TUR-80d Aug./Sept. 1984, pp. 253-283. Tum, R. Key Words: policy, "Privacy Protection and Key Words: TDF, policy, management. Security in Transnational Data foreign. Processing," Stanford Joumal

TRU-89 of International Law , Summer TDR-85 Trubow, G.B. 1980, pp. 7-86. "OECD Sets TDF Rules of "Watching the Watchers: The the Road," Transnational Coordination of Federal Key Words: TDF, laws, Data Report, April/May 1985, Privacy Policy," Software Law foreign.

pp. 115-117. Joumal , Summer 1989, pp. 391-411. Key Words: TDF, guidelines. Key Words: policy, rights, laiws.

9-14 TUR-80e TUR-82b UCD-81 Turn, R. Turn, R. "Confidentiality of Persoimel "An Overview of Transborder "Situation in the U.S.: Privacy Files in the Private Sector." Dataflow Problems," Proc. Protection Needs in the University of California at

1980 IEEE Symp. Sec. & 1980s," Transnational Data Davis Law Review , Winter 3-8. Privacy , (5: IEE-80). pp. Report, July/August 1982, pp. 1981, pp. 473-492. 257-258. Key Words: TDF, laws, Key Words: rights, foreign. Key Words: requirements, employment laws. TUR-81 UNI-82 Turn. R., (Ed.) TUR-83 Transnational Corporations &

'Transborder Data Flows: Turn, R. Transborder Data Flows , Issues and Organizations," "Privacy Protection in the United Nations, New York,

Information Privacy . (U.K.), Computer Age," Information 1982. January 1981, pp. 6-20. Age, (U.K.), April 1983, pp. 105-109. Key Words: TDF, policy, Key Words: TDF, policy. laws. Key Words: rights, laws. TUR-81 a VEE-89 Turn, R.. (Ed.) TUR-83a Veeder, R.N. 'Transborder Data Flows: Turn, R., et al. "Making Eligibility for Federal Privacy Protection," Observations on the Benefits Determinations under

Information Privacy , (U.K.), Resiliency of the U.S. the Computer Matching and

March 1981, pp. 56-67. Information Society , AFIPS Privacy Protection Act of Press, Reston, VA, 1983. 1988," Proc. 12th Natl. Comp.

Key Words: TDF, laws, Sec. Conf. , 1989, (5: IEE-89), foreign. Key Words: requirements, pp. 606-608. policy. TUR-81b Key Words: matching, laws. Turn, R.. (Ed.) TUR-83b 'Transborder Data Flows: Turn, R. VIT-83 Implementation of Privacy "Privacy Protection in the Vitro, R.A.

Protection," Information 1980s," Information Age , "Information Sector 105- Planning: Privacy . (U.K.), May 1981, (UK), April 1983. pp. Development Toward pp. 98-119. 109. Balanced TDF," Transnational

Data Report, December 1983, Key Words: TDF, protection. Key Words: rights, laws. pp. 461-468.

TUR-82 TUR-83C Key Words: TDF, policy. Turn, R. Turn, R., and E.J. Novotny "Security Issues in "Resiliency of the WAL-88 Transborder Data Flows," Computerized Society," Proc, Walden, N., and R.N. Savage "Data Protection and Privacy Computer Security Journal , 1983 Natl. Comp. Conf. , Winter 1982, pp. 71-79. AFIPS Press, Reston, VA, Laws: Should Organisations Be May 1983, pp. 341-349. Protected," International & C)uarterly Key Words: TDF, protection. Computer Law , April Key Words: requirements, 1988, pp. 337-347. TUR-82a policy. Turn. R. Key Words: policy, laws. "Privacy Protection in the TUR-84 1980s," Proc. 1982 IEEE Turkic, S. WAR-80 Self: Computers Ware, W.H. Symp. Sec. & Privacy . (5: The Second IEE-82), pp. 86-89. and the Human Spirit, Simon "Privacy and Information and Schuster, New York, Technology," in Hoffman, L.J. Key Words: rights, laws. 1984. (Ed.), Computers and Privacy

in the Next Decade , Academic Key Words: book, societal. Press. New York, 1980, pp. 9- 22.

Key Words: proceedings, general.

9-15 WAR-81 WES-83 WRI-83 Ware. W.H. Westin, A.F. Wright. J. "Security, Privacy, and "New Issues of Computer "Protection of Corporate National Vulnerai)ility," Proc. Privacy in the 1980s," Privacy." Transnational Data

Comp. Sec. & Priv. Symp. , Information Processing 83, Report. June 1983, pp. 231-

Phoenix, AR. 1981, pp. 107- Proc, IFIP Congress , Paris, 235. 111. North-Holland, Amsterdam, 1983. Key Words: policy, rights. Key Words: policy, rights, laws. Key Words: policy, rights, YOU-83 laws. Yourow. J.H. WAR-86a Issues in International Ware, W.H. WES-83a Telecommunications Policy: A

"Emerging Privacy Issues," Westin. A.F. Source Book , Center for

Computers & Security , June "New Eyes on Privacy," Telecommimications Studies, 1986, pp. 101-113. Computerworld. November 28, George Washington University, 1983, pp. ID/11-18. Washington, DC, 1983. Key Words: policy, rights. Key Words: policy, rights, Key Words: TDF. policy, WES-80 laws. laws. Westin, A.F., and S. Salisbury WES-84 YUR-83 Individual Rights in the Westin, A.F. Yurow. J.

Corporation , Pantheon Books, The Changing Workplace: A "Privacy Legislation and New York, 1980. Guide to Managing People, Restriction of Transborder

Organizational, and Data Row." Information Age , Key Words: book, Regulatory Aspects of Office (UK). January 1983, pp. 11-15.

employment Technology , Knowledge Industry Pubhcations, Inc.. Key Words: TDF, laws, WES-80a White Plains, NY. 1984. policy. Westin, A.F. "Long-Term Implications of Key Words: book, guidelines, ZAK-83 Computers for Privacy and laws, employment Zaki, A.S. Protection of the Pubhc "Regulation of Electronic Order," in Hoffman, L.J. WIG-84 Funds Transfer: Impact and (Ed.), Computers and Privacy Wigand. R.T., et al. Legal Issues," Communications

in the Next Decade, 'Transborder Data Flow, of the ACM , February 1983, Academic Press, New York, Informatics and National pp. 112-118. 1980, pp. 167-181. PoUcies," Journal of

Communications , Winter Key Words: EFTS, poUcy. Key Words: policy, rights, 1984. laws. laws. Key Words: TDF, policy, laws.

WLL-81 "Employee Medical Records and Constitutional Right of Privacy," Washington & Lee

Law Review , Fall 1981, pp. 1267-1284.

Key Words: rights, employment.

9-16 10. Pre-1980 Publications

This section cites pre-1980 publications listed under the following four subject categories: security environment, security models and database security, communications security, and privacy.

A. Security Environment

BRO-71 DIN-78 GAO-77 Brown, W.F. (Ed.) Dinardo, C.T. (Ed.) New Methods Needed for Guide to Computer and Computers and AMR Security . Checking Payments Made by Software Security , Advanced AFIPS Press, Reston. VA, Computers . FGMSD-76-82, Management Research, New 1978. U.S. General Accounting York, 1971. Office, Washington, DC, 7 Key Words: book, general. November 1977. Key Words: book, general.

DOJ-79 Key Words: threats, BRO-79 Computer Crime: Criminal management. Brown, P.S. Justice Resource Manual. Law Security: Check List for Enforcement Assistance GAO-79

Computer Center Self-Audits , Administration, U.S. Automated Systems Security: AFPS Press, Reston, VA, Department of Justice, Federal Agencies Should 1979. Washington, DC, 1979. Strengthen Safeguards Over Personal and Other Sensitive Key Words: book, general, Key Words: guidelines, crime. Data, LCD-78-123, U.S. risk. General Accounting Office, FAR-72 Washington, EXT, 23 January BUR-78 Farr, M., B. Chadwick, 1979. Burch, J.G., and J.L. Sardinas and K. Wong Computer Control and Audit: Security for Computer Key Words: threats,

A Total Systems Approach , Systems , National Computer government Wiley & Sons, New York, Centre, Ltd., Manchester, 1978. England, 1972. HAM-73 Hamilton, P.

Key Words: book, auditing. Key Words: book, general, Computer Security , Auerbach risk. Publishers, Inc. Pennsauken, CAR-77 NJ, 1973. Carroll, JM. GAO-76

Computer Sectirity , Security Computer-Related Crimes in Key Words: book, general.

World Publ. Co., 1977. Federal Programs . FGMSD- 76-27, U.S. General HEM-73 Key Words: book, methods, Accotmting Office, Hemphill, C, and general. Washington, DC, 27 April JM. Hemphill 1976. Security Procedures for

COU-77 Computer Systems , Dow-Jones Courtney, R.H., Jr. Key Words: crime, Co., Homewood, IL 1973. "Security Risk Assessment in government. Electronic Data Processing," Key Words: book, methods, Proc. 1977 Natl. Comp. general.

Conf. , AFIPS Press, Reston, VA, pp. 97-104.

Key Words: risk, management.

10-1 IBM-74 NBS-75 PAR-76a Data Security and Data Computer Security Guidelines Parker. D.B.

Processing , Report in 6 for Implementing the Privacy "Computer Abuse Perpetrators

Volumes on a Study by Act of 1974 , FIPS PUB 41. and Vulnerabilities of TRW, MIT. and the State of National Bureau of Standards. Computer Systems." Proc.

Illinois, IBM Corporation, Gaithersburg, MD, 30 May 1976 Natl. Comp. Conf. . White Plains. NY, 1974. 1975. AFIPS Press. Reston, VA, 1976. Key Words: methods, Key Words: guidelines, management. methods, privacy. Key Words: crime, threats.

KRA-79 NBS-76 PAR-79 Krauss, LJ. Glossary for Computer Parker, D. (Ed).,

Computer Fraud and Systems Security . FIPS PUB Ethical Conflicts in Computer

Countermeasures , Prentice- 39, National Bureau of Science and Technology , HaU, Englewood CUffs, NJ, Standards. Gaithersburg, MD, AFIPS Press, Reston, VA, 1979. 15 Febr. 1976. 1979.

Key Words: book, crime, Key Words: guidelines, Key Words: ethics, general. methods. standards. PAT-74 MAR-73 NBS-77 Patrick, R.L. (Ed.) Martin. J. Evaluation of Techniques for Security: AFIPS System

Security, Accuracy and Automated Personal Review Manual . AFIPS Press.

Privacy in Computer Identification . FIPS PUB 48, Reston. VA, 1974.

Systems , Prentice-Hall, National Bureau of Standards, Englewood Cliffs, NJ. 1973. Gaithersburg, MD, 1 April Key Words: risk, management. 1976. Key Words: book, methods, PET-67 privacy. Key Words: authentication. Petersen, H.E., and R. Turn, "System ImpUcations of MOW-78 NBS-79 Information Privacy." Proc.

Mowshowitz, A. Guidelines for Automatic Data Spring Joint Comp. Conf.

"Computers and Ethical Processing Risk Analysis . AFIPS Press. 1967, pp. 291- Judgement in Organizations." FIPS PUB 65, National 300. Proc. 1978 Nad. Comp. Bureau of Standards,

Conf. . AFIPS Press. Reston, Gaithersburg. MD. 1 August Key Words: threats, methods. VA, pp. 675-683. 1979. REE-73 Key Words: awareness, Key Words: guidelines, risk. Reed. S.K.. and M. Gray ethics. Controlled Accessibility

OMB-78 Bibliography , TN 780. NBS-74 Security of Federal Automated National Bureau of Standards.

Guidelines for Automatic Information Systems , Circ. Gaithersburg, MD, June 1973. Data Processing Physical No. A-71. Transmittal Memo.

Security and Risk No. 1. Office of Management Key Words: awareness,

Management , FIPS PUB 31, and Budget, Washington. DC, general. National Bureau of Standards, July 27, 1978. Gaithersburg. MD, 1974. REN-74 Key Words: requirements, Renninger, C. and D. Branstad Key Words: guidelines, risk. Government Looks at Privacy physical, methods, risk. and Security in Computer PAR-76 Systems. TN 809. National Parker, D.B. Bureau of Standards.

Crime by Computer, Gaithersburg. MD, February Scribners, New York, 1976. 1974.

Key Words: book, crime, risk. Key Words: proceedings, general.

10-2 REN-74a VAN-72 WON-77 Renninger, C, (Ed.) Van Tassel, D. Wong, K. Approaches to Privacy and Computer Security Computer Security Risk

Secimty in Computer Management , Prentice-Hall, Analysis and Control: A Guide

Systems , SP 404, National Englewood Cliffs, NJ, 1972 to the DP Manager , Hayden Bureau of Standards, Book Co, New Rochelle Park, Gaithersburg, MD, September Key Words: book, general. NJ, 1977. 1974. WAL-77 Key Words: book, risk, Key Words: proceedings, Walker, B.J., and I.F. Blake control. general. Computer Security and

Protection Structures , Dowden, WOO-73 TAB-79 Hutchison and Ross, Inc., Wooldridge, S., C. Corder, Taber, J.K. Stroudsburg, PA, 1977. and C. Johnson "On Computer Crime (S.B. Security Standards for Data

240)," Computer/Law Journal , Key Words: book, techniques. Processing , Wiley & Sons, Winter 1979, pp. 517-544. New York, 1973.

Key Words: crime, laws. Key Words: book, general.

B. Security Models and Database Security

ABR-77 AND-73 BAY-76 Abrams, M.D., et al. (Eds.) Anderson, J.P. Bayer. R.. and J.K. Metzger Tutorial on Computer Computer Security "On the Encipherment of

Security and Integrity , IEEE Technology Planning Study , Search Trees and Random Computer Society, Long ESD-TR-73-51, James P. Access Files," ACM Trans.

Beach. CA, 1977. Anderson and Co., Fort Database Systems , March Washington. PA, 1973. 1976, pp. 37-52. Key Words: book, techniques. Key Words: policy, models, Key Words: database, crypto. techniques. AMB-77 BEL-73 Ambler, A.L., and C.G. Hoch ATT-76 BeU, D.E. "A Study of Protection in Attanassio. C. P. Markstein. Secure Computer Systems: A Programming Languages," and R. Phillips Refinement of the Proc. ACM Conf. on "Penetrating an Operating Mathematical Model, Vol. HI, Language Design for Reliable System: A Study of VM/370 ESD-TR-73-278, Mitre Corp.. Bedford, 1973. Software , 1977, pp. 25-40. Integrity." IBM Systems MA.

Journal . January 1976. pp. Key Words: methods, 102-116. Key Words: policy, models. software. Key Words: OS, threats, case. BEL-75 AND-72 BeU, D.E., and Anderson, J.P. BAR-64 L.J. LaPadula,

"Information Security in Baran. P.. Secure Computer Systems : Multiuser Computer On Distributed Unified Exposition and Multics

Environment," in Rubinoff, Communications: IX. Security. Interpretation , ESD-TR-75-306, R., (Ed.), Advances in Secerecy, and Tamper-Free Mitre Corp., Bedford. MA. 1975. Computers , Vol. 12, Considerations , Report RM- Academic Press, New York, 3765-PR. The Rand Corp.. 1972, pp. 1-35. Santa Monica, CA, 1964. Key Words: policy, models, case. Key Words: policy, methods. Key Words: threats, policy.

10-3 BER-79 DEN-76 DOD-78 Berson, T., G. Barksdale, Jr. Denning, D.E., Proceedings. U.S. Army "KSOS—Development "A Lattice Model of Secure Automation Security

Methodology for a Secure Information Flow." Workshop . Leesburg, VA, Operating System," Proc. Communications of the ACM. December 1978,

1979 Natl. Comp. Conf. . May 1976. pp. 236-242. OACSI/DAMI-AMP, U.S. AFIPS Press. Reston, VA, Department of the Army, pp. 365-371. Key Words: models, flow. Washington, DC. 1978.

Key Words: OS, kernel, case. DEN-77 Key Words: proceedings, Denning, D.E., Denning, P.J., general. BIB -77 "Certification of Programs for Biba, K.J.. Secure Information Flow," DOD-79

Integrity Considerations for Communications of the ACM . Proceedings, Seminar on the

Secure Computer Systems , July 1977, pp. 504-513. DOD Computer Security

ESD-TR-76-372, Mitre Corp., Initiative Program . Bedford, MA, 1977. Key Words: verification, flow. Gaithersburg. MD. July 1979. OSD(CCCI). U.S., Department Key Words: models, DEN-78 of Defense. Washington, DC, integrity. Denning, D.E. 1979. "Are Statistical Data Bases CON-72 Secure?," Proc. 1978 Nad. Key Words: proceedings,

Conway, R.W., Comp. Conf. . AFIPS Press. trusted. W.L. Maxwell, and Reston. VA. pp. 525-530. H.L. Morgan DOD-79a "On the Implementation of Key Words: statistical, threats. Proceedings. Second U.S. Security Measures in Army Automation Security

Information Systems," DEN-79 Workshop , Virginia Beach, Communications of the Denning, D.E., Denning, P.J., VA. September 1979. ACM, April 1972, pp. 211- "Data Security," ACM OACSI/DAMI-AMP. U.S.

220. Computing Surveys . Department of the Army, September 1979, pp. 227-250. Washington. DC, 1979. Key Words: OS, techniques. Key Words: databases, Key Words: proceedings, DAV-78 methods. general. Davida, G.I., et al. "Data Base Security," IEEE DEN-79a DON-75

Trans. Software Engr. , Denning. D.E., et al., Donovan, J. J., and November 1978, pp. 531-533. 'The Trackers: A Threat to S.E. Madnick Statistical Database Security," "Hierarchical Approach to Key Words: database, ACM Trans. Database Computer System Integrity,"

methods. Systems , March. 1979. pp. IBM Systems Joumal , No. 2, 76-96. 1975, pp. 188-202. DEM-77 DeMillo, R.A., et al. Key Words: statistical, threats. Key Words: integrity, design. "Even Databases that Lie Can Be Compromised," IEEE DOB-79 DON-76

Trans. Software Engr. , Dobkin, D.A., A.K. Jones, Donovan, J. J., and January 1977, pp. 73-75. and R. Lipton S.E. Madnick "Protection Against User "Virtual Machine Advantages Key Words: threats, database. Inference," ACM Trans. in Security. Integrity, and

Database Systems , March Decision Support Systems,"

DEM-78 1979. pp. 97-106. IBM Systems Joumal , No. 3, Demillo, R., et al. (Eds.), 1976, pp. 270-278. Foundations of Secure Key Words: databases,

Computation . Academic inference. Key Words: integrity, methods, Press, New York, 1978. design.

Key Words: book, models, theory.

10-4 DOW-77 FEI-79 GRA-72 Downs, D., and G.J. Popek Feiertag, R.J., and Graham, G.S., and "A Kernel Design for a P.G. Neumann PJ. Denning, Secure Database Management "The Foundations of Provably "Protection ~ Principles and System," Proc. 3rd Secure Operating Systems Practice," Proc. Spring Joint International Conf. on Very (PSOS)," Proc. 1979 Natl. Comp. Conf. . AFIPS Press.

Large Data Systems . Base Comp. Conf. . AFIPS Press, Reston, VA., 1972, pp. 417- IEEE Computer Society, Los Reston, VA, 1979, pp. 329- 479. Angeles, CA, 1976, pp. 507- 334. 514. Key Words: models, methods. Key Words: MLS, OS, Key Words: DBMS, kernel, design. GRI-76 design. Griffiths, P.P., and FRI-70 B.W. Wade DOW-79 Friedman, T.D. "An Authorization Mechanism Downs, D., and G.J. Popek "The Authorization Problem for a Relational Database "Data Base Management in Shared Files," IBM System," ACM Trans.

Systan Security and Ingres," Systems Journal , No, 4, 1970, Database Systems . September Proc. 5th Intemat. Conf. on pp. 258-280. 1976, pp. 242-255. Very Large Data Base

Systems , IEEE Computer Key Words: authorization, Key Words: authorization, Society, Los Angeles, CA, databases, methods. database, relational. 1979, pp. 280-290. GLA-77 GUD-76 Key Words: DBMS, design, Glaseman, S., R. Turn, Gudes, E., H.S. Koch, case. and R.S. Gaines and FA. Stahl "Problem Areas in Computer 'The Application of EVA-74 Security Assessment," Proc. Cryptography for Data Base Evans, A., W. Kantrowitz, 1977 Natl. Comp. Conf.," Security." Proc. 1976 Natl.

and E. Weiss AFIPS Press, Reston, VA, pp. Comp. Conf. , AFIPS Press, "A UsCT Authentication 105-112. Reston. VA. pp. 97-107. Scheme Not Requiring Secrecy in the Computer," Key Words: methods, risk. Key Words: database, crypto. Communications of the

ACM . August 1974, pp. 437- GLA-78 HAN-76 412. Gladney, H.M. Hantler, S.L., and J.C. King "Administrative Control of "An Introduction to Proving Key Words: authentication, Computing Service," IBM Correcmess of Programs,"

Surveys , techniques. Systems Journal , No. 2, 1978, ACM Computing 331-353. pp. 151-178. December 1976, pp. FAB-74 Fabry, R., Key Words: management, Key Words: verification, "Capability-Based control. general. Addressing," Communications HAR-76 of the ACM . July 1974, pp. GOL-79 Ruzzo, 403-411. Gold, B.D., et al. Harrison, M.A., W.L. "A Security Retrofit of and J.D. Ullman, "Protection in Operating Key Words: ciq}ability, VM/370," Proc. 1979 Natl. Systems," Communications of methods. Comp. Conf. , AFIPS Press, August 1976, Reston, VA, pp. 335-344. the ACM , pp. FEI-77 461-471. Feiertag, R.J., KJ«J. Levitt, Key Words: MLS. OS, Words: models, theory. and L. Robinson, design, case. Key "Proving Multilevel Security of A System Design," Proc. GRA-68 6th ACM Symposium on Graham, R.M., Information Operating System Principles , "Protection in an 1977, pp. 57-65. Processing Utility,"

Communications of the ACM . Key Words: MLS, May 1968. pp. 385-369. verification, methods, design. Key Words: policy, models.

10-5 HAR-78 HOF-78 JON-75a Harrison, M.A.,and Hoffman, L.J., and Jones, A.K., and W. Wulf, W.L. Ruzzo E. Michelman 'Towards the Design of Secure "Monotonic Protection "SECURATE ~ Security Systems," Software Practice &

Systems," in De Millo, R.A., Evaluation and Analysis Using Experience , Oct.-Dec., 1975, (Ed.), Foundations of Secure Fuzzy Metrics," Proc. 1978 pp. 321-336.

Computations. (10: DEM-78), Nad. Comp. Conf. . AFIPS pp. 337-363. Press, Reston, VA, pp. 531- Key Words: models, methods. 540. Key Words: models, theory. JON-78 Key Words: risk, methods, Jones, A.K.. and R. Lipton, HIN-75 case. "Protection Mechanism Hinke, T.H. and M. Schaefer, Models: Their Usefulness," in Secure Data Management HOY-73 De Millo, R.A., (Ed.),

System , RADC-TR-75-266, Hoyt, D.B. (Ed.) Foundations of Secure

System Development Corp., Computer Security Handbook , Computations , 1978, (10: Santa Monica, CA, 1975. McMiUan, New York, 1973. DEM-78). pp. 237-252.

Key Words: DBMS, design, Key Words: book, general. Key Words: models, theory. case. HSI-76 JON-78a HOF-70 Hsiao, D.K., and R.L Baum Jones, A. K., and Hoffman, L.J., and "Information Secure Systems," B.H. Liskov W.F. Miller in Yovits, M., (Ed.) Advances "A Language Extension for

"Getting a Person's Dossier in Computers , Vol. 15, 1976, Expressing Constaints on Data from a Statistical Data Academic Press, New York, Access," Commimications of

Bank," Datamation, May pp. 231-272. the ACM , May 1978, pp. 358- 1970, pp. 74. 367. Key Words: methods, Key Words: threats, database. Key Words: models, control, statistical. case. HSI-79 HOF-71 Hsiao, D.K., D.S. Kerr, KAM-77 Hoffman, L.J. and C. Nee Kam, J.B. "The Formulary Method for "Data Base Access Control in "A Model of Statistical Data Flexible Privacy and Access the Presence of Context Bases and Their Security," Control," Proc. Fall Joint Dependent Protection ACM Trans. Database 1- Comp. Conf. , AFIPS Press, Requirements," IEEE Trans. Systems , March 1977, pp. Reston, VA, 1971, pp. 587- Software Engr., July 1979, pp. 10. 601. 349-358. Key Words: statistical, models. Key Words: control, methods. Key Words: database, control. KAT-73 HOF-73 HSI-79a Katzan, H., Jr.

Hoffman, L.J., (Ed.) Hsiao, D., D.S. Kerr, and Computer Data Security . Security and Privacy in S.E. Madnick, (Eds.) J.Wiley & Sons. New York.

Computer Systems , Melville Computer Security , Academic 1973. Publishing Co., Los Angeles, Press, New York 1979. CA, 1973. Key Words: book, methods, Key Words: book, general. general. Key Words: book, general. JON-75 KIE-78 HOF-77 Jones, A,K., and R.J. Lipton, Kieburtz. R.B.. A. Silberscatz Hoffman, L.J., "The Enforcement of Security "Capability Managers," IEEE

Modem Methods for Pohcies for Computation," Trans. Software Engr. , Computer Security and ACM Operating Systems November 1978, pp. 467-477.

Privacy , Prentice Hall, Review , No. 5, 1975, pp. Englewood Cliffs, NJ, 1977. 197-206. Key Words: control, cj^ability.

Key Words: book, methods. Key Words: policies, methods.

10-6 LAM-69 LIN-76 MAC-79 Lampson, B.W., Linden, T.A.. (Ed.) MacCauley, E., P. Drongowski, "Dynamic Protection Security Analysis and "KSOS - The Design of A Structures," Proc. Fall Joint Enhancements of Computer Secure Operating System,"

Comp. Conf. . AFIPS Press, Operating Systems , IR 76- Proc. 1979 Natl. Comp. Conf. , Reston, VA, 1969, pp. 27-38. 1041, National Bureau of AFIPS Press. Reston, VA, pp. Standards, Gaithersburg, MD, 345-353. Key Words: models, April 1976. methods. Key Words: MLS. OS, design. Key Words: OS, threats, LAM-71 design. MCP-74 Lampson, B.W., McPhee, W.S. "Protection," Proc. 5th LIN-76a "Operating System Integrity of Princeton Conference on Linden, T., OSA'S2," IBM Systems

Information Systems "Operating System Structures Journal , No. 3, 1974, pp. 230-

Sciences , 1971, pp. 437-443. to Support Security and 252. ReUable Software," ACM

Key Words: models, theory, Computing Surveys , December Key Words: OS. methods. 1976, pp. 409-445. vulnerabiHties.

LAM-73 Key Words: OS, design, MIL-76 Lampson, B.W., methods. MiUen, J., "A Note on the Confinement "Security Kernel Vahdation In Problem," Communications of LIP-77 Practice," Communications of

the , 243- the ACM , October 1973, pp. Lipton, R.J., and L. Snyder ACM May 1976. pp. 613-615. "A Linear Time Algorithm for 250. Deciding Subject Security," verification, Key Words: covert channel. Journal of the ACM , July Key Words: 1977, pp. 455-464. kernel. LAM-76 Lampson, B.W., and Key Words: control, theory. MIL-78 H.E. Sturgis Millen, J.K. "Reflections on an Operating LIP-78 "Constraints and Multilevel System Design," Lipton, R.J., and T.A. Budd Security," in DeMillo, R., et. Commimications of the "On Classes of Protection al. (Eds.), Foundations of

251- Systems," in Millo, R.A., Secure Computing , (10: DEM- ACM , May 1976, pp. De 265. et. al., (Eds.), Foundations of 78), 1978, pp. 205-222.

Secure Computations , 1978, Key Words: OS, methods, (10: DEM-78), pp. 281-296. Key Words: MLS, models, design. theory. Key Words: models, theory. LAN-79 MIN-76 Lange, A.G. LIP-78a Minsky, N. Fraud and Abuse in Lipton, R.J. and L. Snyder "Intentional Resolution of Government Benefit "On Synchronization and Privacy Protection in Database Millo, R.A., Systems," Communications of Programs , U.S. Department Security," in De of Justice, Washington, DC, et al., (Eds.), Foundations of the ACM , March 1976, pp.

November 1979. Secure Computations , 1978 148-159. (10: DEM-78), pp. 367-385. Key Words: crime, Key Words: database, methods. govenunent. Key Words: models, theory. MIN-78 LIN-75 LOR-77 Minsky, N. Linde, T.A. Lorie, R.A. "The Principle of Attenuation "Operating System "Physical Integrity in a Large of Privileges and Its Penetration," Proc, 1975 Segmented Data Base," ACM Ramifications," in DeMillo. R.,

Database Systems , (Eds.) Foundations of Secure Nad. Comp. Conf. , AHPS Trans.

, Academic Press, Press, Reston, VA, pp. 361- March 1977, pp. 91-104. Computing 368. New York, 1978, pp. 255-276. Key Words: database, Key Words: OS. integrity. Key Words: models, theory. vubierabiUties.

10-7 MOR-73 NEU-77 PET-67 Morris, J.H. Neumann, P.G., et al. Peters, B. "Protection in Programming A Provably Secure Operating "Security Considerations in a Languages," Commtmications System: The System, Its Multi-Purpose Computer

of the ACM , January 1973, Applications, and Proofs , Systems," Proc. 1967 Spring

pp. 15-21. Stanford Research Institute, Joint Comp. Conf. , AFIPS Menlo Park, CA, 1977. Press, Reston. VA, pp. 283- Key Words: methods, 286. software. Key Words: OS, verification, methods, design. Key Words: methods, design. MOR-79 Morris, R., and K. Thompson NEU-78 POP-78

"Password Security: A Case Neumann, P.G., Popek, G , and C. Kline. History," Communications of "Computer Security 'Issues in Kernel Design,"

the ACM , November 1979, Evaluation," Proc. 1978 Natl. Proc, 1978 Natl. Comp. Conf.,

pp. 594-597. Comp. Conf. , AFIPS Press, AFIPS Press, Reston. VA. pp. Reston, VA, pp. 1087-1095. 1079-1086. Key Words: control, case. Key Words: threats, risk, Key Words: OS. kernel, NEE-72 methods. design. Needham. R.M. "Protection Systems and NIE-75 POP-78a Protection Implementation," Nielsen, N.R. Popek, G.J., and D.A. Farber,

Proc. Fall Joint Comp. Conf. , "Computers, Security, and the "A Model for Verification of AFIPS Press. Reston. VA, Audit Function," Proc, 1975 Data Security in Operating

pp. 571-578. Nad. Comp. Conf. , AFIPS Systems," Communications of

Press, Reston, VA, pp. 947- the ACM , September 1978. pp. Key Words: models, 954. 737-749. methods. Key Words: control, auditing. Key Words: OS, verification. NEE-77 Needham, R.M., and NIE-76 POP-79 R. Walker Nielsen, N.R., B.Ruder, and Popek, G., et al., "The Cambridge CAP D.H. Brandin, "UCLA Secure Unix," Proc.

Computer and Its Protection "Effective Safeguards for 1979 Natl. Comp. Conf. , System," ACM Operating Computer System Integrity," AFIPS Press, Reston, Va, pp.

Systems Review, No. 4, Proc. 1976 Natl. Comp. Conf. 355-364. 1977, pp. 1-10. AFIPS Press, Reston. VA. pp. 75-84. Key Words: OS, design, case. Key Words: OS, methods, case. Key Words: integrity, PUR-74 methods. Purdy, G. NEU-76 "A High Seciffity Log-In Neumann, P.O., et al. ORC-78 Procedure," Communications of

"Software Development and Orceyre, M.J., and the ACM , August 1974, pp. Proofs of Multilevel R. Courtney, Jr. 442-445. Security," Proc, 2nd Intemat. Considerations in the

Conf. on Software Engr. , Selection of Security Key Words: control, methods. October 1976, Measures for Automatic Data

Processing Systems , SP 500- REE-74 Key Words: MLS. 50, National Bureau of Reed, S.K., verification. Standards, Giathersburg, MD, D. Branstad, (Eds.) June 1978. Controlled Accessibility

Workshop Report , TN 827, Key Words: guidelines, National Bureau of Standards, methods. Gaithersburg, MD, May 1974.

Key Words: proceedings, models.

10-8 REI-78 SCH-72 STO-76 Reiss, S.P. Schroeder, M.A., and Stonebraker, M., P. Rubenstein "Medians and Database J.Sal tzer, 'The INGRES Protection Security," in De Millo, R.A., "A Hardware Architecture for System," Proc. 1976 ACM eL al. (Eds.), Foundations of Implementing Protection Nad. Conf. . ACM, 1976. pp. Secure Computing , 1978 (10: Rings," Communications of 80-84. 57-91. DEM-78), pp. the ACM . March 1972, pp. 157-170. Key Words: DBMS, control, Key Words: statistical, case. methods. Key Words: control, hardware. VER-78 RUD-78 SCH-77 Verhofstad, J.S.M. J.D. Schaefer. Ruder, 6., and Madden M., et al. "Recovery Techniques for An Analysis of Computer "Program Confinement in Database Systems," ACM Security Safeguards for KVM/370," Proc. 1977 ACM Computing Surveys. June Detecting and Preventing National Conf.. ACM, 1977, 1978. pp. 167-195. Intentional Computer Misuse , pp. 404-410. SP 5(X)-25, National Bureau Key Words: darabase, of Standards, Gaithersburg, Key Words: OS, methods, rceovery. MD, January 1978. case. WAL-74

Key Words: threads methods. SCH-77a Walter. K.G. et al. Schroeder, M.D., D.D. Clark, Primitive Models for Computer and J.H. Saltzer RUT-77 Security . ESD-TR-4-117. Case Ruthberg, Z., "The Multics Kemel Design Western Reserve University. R. McKenzie (Eds.) Project," Proc. 6th ACM Cleveland. OH. 1974. Audit and Evaluation of Symposium on Operating Principles Computer Security , Systems , ACM, Key Words: MLS. models, Proceedings of an Invitational 1977, pp. 43-56. theory. Workshop, SP 500-19, National Bureau of Standards, Key Words: OS. kernel, WAR-67 Gaithersburg, MD, October design. Ware, W.H. 1977. "Security and Privacy in SCH-79 Computer Systems," Proc.

Key Words: proceedings, Schwartz, M.D., Spring Joint Comp. Conf. , control, auditing. D.E. E)enning, and AFIPS Press, Reston, VA, P.J. Denning 1967, pp. 279-282. SAL-74 "Linear Queries in Statistical Saltzer, J., Databases," ACM Trans. Key Words: policy, general.

"Protection and Control of Database Systems , March Information Sharing in 1979, pp. 156-167. WAR-67a MULTICS," Communications Ware, W.H. of the ACM. July 1974. pp. Key Words: threats, statistical. "Security and Privacy: 388-402. Similarities and EHfferences," STO-74 Proc. Spring Joint Comp.

Key Words: control, methods, Stonebraker, M.. and E. Wong Conf. . AFIPS Press. Reston, case. "Access Control in a VA, 1967, pp. 287-290. Relational Data Base SAL-75 Management System by Query Key Words: requiremnets, Saltzer, J., and Modification," Proc. 1974 general.

M.A. Schroeder, ACM Annual Conf. . ACM. 'The Protection of 1974, pp. 180-186. WAR-70 Information in Computer Ware, W.H., (Ed.) Systems," Proceedings of the Key Words: DBMS, control, Security Controls for Computer

case. Systems . Report R-609, Rand IEEE , September 1975, pp. 1278-1308. Corporation, Santa Monica, CA, February 1970, (Reissued Key Words: control, methods. as R-609- 1. October 1979).

Key Words: policy, models, methods.

10-9 WEI-69 WOO-77 WOO-79 Weissman, C, Wood, H. Woodward, J.P.L. "Security Controls in the The Use of Passwords for "Applications of Multilevel ADEPT-50 Time-Sharing Controlled Access to Secure Operating Systems." Joint System," Proc. Fall Computer Resources , SP 500- Proc. 1979 Nad. Comp. Conf. . Comp. Conf. . AFEPS Press, 9, National Bureau of AFIPS Press, Reston, VA, pp. Reston, VA, 1969, pp. 119- Standards, Gaithersburg, MD, 821-830. 133. May 1977. Key Words: MLS, OS, Key Words: MLS. OS, Key Words: guidelines, general. models, case. control.

WEI-75 Weissman, C. "Secure Computer Operation with Virtual Machine Partioning," Proc, 1975 Natl.

Comp. Conf. . AFIPS Press, Reston, VA, pp. 929-934.

Key Words: OS, methods, design.

C. Communications Security

AME-78 BRA-78 COL-78 Ames, S.R., Branstad, D.K. Cole. G.D.. and F. Heinrich D.R. Oesterreicher "Security of Computer Design Alternatives for

"Design of a Message Commimications," IEEE Computer Network Security ,

Processing System for a Communications Magazine . SP 500-21, National Bureau of Multilevel Secure November 1978, pp. 33-40. Standards, Gaithersburg, MD, Environment," Proc. 1978 January 1978.

Natl. Comp. Conf. , AFIPS, Key Words: methods, Reston, VA. pp. 765-771. networks. Key Words: networic, design.

Key Words: MLS, design, BRI-76 DEN-79 case. Bright, H.S., and R.L. Enison Denning, D.E. "Cryptography Using Modular "Secure Personal Computing in BLA-79 Software Elements," Proc. an Unsecure Network,"

Blakely, G.R., 1976 Natl. Comp. Conf. . Communications of the ACM, "Safeguarding Cryptographic AFIPS. Reston, VA, pp. 113- August 1979, pp. 476-482. Keys," Proc. 1979 Nad. 123.

Comp. Conf. , AFIPS Press, Key Words: PC, network, Reston, VA, pp. 313-317. Key Words: crypto, software. crypto.

Key Words: crypto, keys, BUR-76 DIF-76 control. Burris, H.R. Diffie, W.. and M. Hellman, "Computer Network "New Directions in BRA-78 Cryptography Engineering," Cryptography." IEEE Trans, on

Branstad, D.K. (Ed.) Proc. 1976 Nad. Comp. Conf. . Inform. Theory. November Computer Security and the AFIPS Press, Reston. VA. pp. 1976. pp. 644-654.

Data Encryption Standard , SP 91-96. 500-27, National Bureau of Key Words: crypto, theory. Standards. Gaithersburg. MD, Key Words: crypto, design. February 1978.

Key Words: DES, crypto, general.

10-10 DIF-77 GAO-77 LEM-79 Diffie, W.. and Vulnerabilities of Lempel, A. M.E. Hellman Telecommunications Systems "Cryptology in Transition,"

"Exhaustive Cryptanalysis of to Unauthorized , Use LSD-77- ACM Computing Surveys . the NBS Data Encryption 102, U.S. General Accounting December 1979, pp. 285-303.

Standard," IEEE Computer , Office, Washington, DC, 31 June 1977, pp. 74-84. March 1977. Key Words: crypto, general.

Key Words: DES, analysis. Key Words: network, threats., LEN-78 Lennon, R.E., DIF-79 HEL-77 "Cryptography Architecture for Diffie, W., and M. HeUman, Hellman, M.E. Information Security," IBM

"Privacy and Authentication: "An Extension of Shannon Systems Journal , No. 2, 1978, An Introduction to Theory Approach to pp. 138-150. Crtyptography," Proceedings Cryptography," IEEE Trans.

of the IEEE . March 1979, Informal. Theory , May 1977, Key Words: crypto, design. pp. 397-429. pp. 289-294. LIE-78 Key Words: crypto, genral. Key Words: crypto, theory. Lientz, B.P., and I.R. Weiss 'Tradeoffs of Secure EHR-78 KAH-67 Processing in Centralized vs. Ehrsam, W.F., et al. Kahn, D. Distributed Networks,"

"A Cryptographic Key The Codebreakers , Macmillan, Computer Networks , February Management Scheme for New York, 1967. 1978, pp. 35-43. Implementing the Data Encryption Standard," IBM Key Words: book, crypto, Key Words: networks, design.

Systems Journal , No. 2, general. 1978, pp. 106-125. MAT-78 KAM-78 Matyas, S.M., and Key Words: DES, crypto, Kam, J.B., and G.I. Davida C.H. Meyer keys. "A Structured Design of "Generation, Distribution, and Substitution Permutation Installation of Cryptographic

FEI-75 Encryption Network," De Keys," IBM Systems Journal , Feistel H., W. Notz, Millo, R.A., (Ed.), No. 2, 1978, pp. 126-137. and J. Smith, Foundations of Secure crypto, "Some Cryptographic Computing , 1978, (10: DEM- Key Words: methods, Techniques for Machine-to- 78), pp. 95-131. keys. Machine Data Communications," Key Words: crypto, design. MAT-79 as, Proceedings of the IEEE , Maty S.M. November 1975, pp. 1545- KAR-78 "Digital Signatures: An 1554. Karger, P.A. Overview," Computer 87- 'The Lattice Model in a Networks , April 1979, pp. Key Words: crypto, general. Public Computing Network," 94. Proc. ACM Natl. Comp. Words: signatures, GAI-77 Conf. , 1978, pp. 453-459. Key

Gait, J. general. Validating the Correctness of Key Words: modesl, network. the Hardware MER-78 Implementations of the Data KLI-79 Merkle, R., Encryption Standard, SP 500- Kline, C.S., and G.J. Popek "Secure Communication Over 20, National Bureau of "PubHc-Key vs. Conventional Insecure Channels," of the Standards, Gaithersburg, MD, Key Encryption," Proc. 1979 Communications ACM , April 294-299. November 1977. Natl. Comp. Conf. , ARPS 1978, pp. Press, Reston, VA, pp. 831- Key Words: DES, crypto, 838. Key Words: crypto, methods. hardware. Key Words: crypto, public- key.

10-11 MER-78a NEE-78 POP-79 Merkle, R.C.. and Needham, R. and Popek. G.J.. and C.S. Kline M.E. Hellman Schroeder. M.. "Encryption and Secure "Hiding Information and "Using Encryption for Computer Networks," ACM

Signatures in Trapdoor Authentication in Large Computing Surveys , December Knapsacks," IEEE Trans, on Networks of Computers." 1979, pp. 331-356.

Inform. Theory. September Communications of the ACM. 1978. pp. 525-530. December 1978. pp. 993-999. Key Words: cryoto, networks.

Key Words: crypto, Key Words: crypto, control, RAB-78 knapsack. authentication. Rabin. M.O. "Digitalized Signatures." in De MEY-73 PAD-79 Millo. R.A., (Ed.), Foundations

Meyer, C.H. Padlipsky. M.A.. et al. of Secure Computing . 1978. "Design Considerations for "KSOS - Computer Network (10: DEM-78). pp. 155-168. Cryptography," Proc. 1973 Applications." Proc. 1979 Na.

Natl. Comp. Conf. . AFIPS Comp. Conf. . AFIPS Press, Key Words: signatures, Press. Reston. VA. 1973. Reston, VA. pp. 373-382. general.

Key Words: crypto, design. Key Words: OS. network, RrV-78 methods. Rivest. R., A. Shamir, MEY-78 and L. Adieman Meyer. C.H. PEL-79 "A Method for Obtaining "Ciphertext/Plaintext and Peleg. S., and A. Rosenfeld Digital Signatures and Public- Ciphertext/Key Dependence "Breaking Substitution Ciphers Key Cryptosystems," vs. Number of Rounds for Using a Relaxation Communications of the ACM. the Data Encryption AJgorithm," Communications February 1978. pp. 120-126.

Standard," Proc. 1978 Natl. of the ACM , November 1979,

Comp. Conf. . AFIPS Press, pp. 598-605. Key Words: RSA. public-key, Reston. VA. pp. 1119-1126. signatures. Key Words: analysis, crypto, Key Words: DES. design. algorithms. SHA-49 Shannon. C.E.. MIC-79 PLE-77 "A Communications Theory of Michelman. E.H. Pless, V.S. Secrecy Systems." Bell System

"The Design and Operation "Encryption Schemes for Techn. Journal . October 1949, of Public-Key Computer ConfidentiaUty." pp. 656-715.

Cryptosystems." Proc. 1979 IEEE Trans, on Computers ,

Nad. Comp. Conf. . AFIPS November 1977, pp. 1133- Key Words: crypto, theory. Press. Reston, VA, pp. 115- 1136. 119. SHA-79 Key Words: control, crypto. Shamir, A. Key Words: crypto, public- "How to Share a Secret, key, design. POP-78 Communications of the ACM. Popek, G.J., and C.S. Kline November 1979. pp. 612-613. NBS-77 "Encryption Protocols. Public

Data Encryption Standard. Key Algorithms and EHgital Key Words: crypto, protocols. FIPS PUB 46. National Signatures in Computer Bureau of Standards, Networks." in De Millo. R.A., SKA-69 Gaithersgurg, MD. 15 (Ed.), Foundations of Secure Skatrud. R.O.

January 1977. Computing , 1978. (10: DEM- "A Consideration of Applying 78). pp. 133-153. Cryptographic Techniques to Key Words: DES. crypto, Data Processing." Proc. Fall

general. Key Words: crypto, protocols. Joint Comp. Conf. . AFIPS Press, Reston, VA, 1969, pp. 111-117.

Key Words: crypto, methods.

10-12 SIM-79 TUR-73 WOO-77 Simmons, G., Turn, R. Wood, HJ^. "Symmetric and Asymmetric "Privacy Transformations for "Using Passwords for Encryption," ACM Databank Systems," Proc. Controlling Access to Remote

Computing Surveys . 1973 Natl. Comp. Conf. . Computer Systems and December 1979, pp. 117-128. AFIPS Press. Reston, VA, pp. Services," Ptoc. 1977 Nad.

589-600. Comp. Conf. . AFIPS Press, Words: crypto, Key methods. Reston, VA, pp. 27-33. Key Words: crypto, general. SMI-72 Key Words: control, network, Smith, J.L., WA. Notz, WIN-74 passwords, methods. and P.R. Osseck Winkler, S., and L. Danner "An Experimental Application "Data Security in the WOO-79 of Cryptography to a Communications Wood, H.M. Remotely Accessed Data Enviroiunent," IEEE "Access Control Mechanisms System," Proc. Natl. ACM Computer. February 1974, pp. for a Network Operating

Conf. . 1972, pp. 282-297. 23-31. System." Proc. 1979 Natl.

Comp. Conf. , AFIPS Press. Key Words: crypto, case. Key Words: methods, Reston, VA, pp. 821-830. network. SMI-79 Key Words: OS, control, Smid, M.E. network. A Key Notarization System

for Computer Networks . SP 500-54, National Bureau of Standards, Gaithersburg, MD, October 1979.

Key Words: crypto, management, keys, case.

D. Privacy

BER-75 COE-74 CON-74 93- Berg, J. (Ed.) Protection of the Privacy of Privacy Act of 1974 . (P.L. Exploring Privacy and Data Individuals Vis-a-Vis 579), U.S. Congress. Security Costs: Summary of Electronic Data Banks in the Washington, DC, 1974.

a Workshop. TN 876. Public Sector. Resolution National Bureau of Standards, (74)29. Council of Europe, Key Words: PA. privacy, laws. Gaithersburg. MD. August Strassbourg, France. 20 1975. September 1974. CON-76 Legislative History of the

Key Words: privacy, design. Key Words: privacy, policy. Privacy Act of 1974 . Source Book on Privacy. Senate COE-73 CON-68 Committee on Government Protection of the Privacy of Privacy and the National Operations, U.S. Congress, Individuals Vis-a-Vis Databank Concept, House Washington, DC. 1976. Electronic Data Banks in the Report No. 1842, House Key Words: Congress, PA, Private Sector . Resolution Committee on Government (73)22, Council of Europe, Operations, U.S. Congress, privacy. Slrassbourg, France, 26 Washington, DC, May 2, September 1973. 1968.

Key Words: privacy, policy. Key Words: Congress, privacy.

10-13 CrF-72 GOL-76 HUN-74 Privacy and Computers, Goldstein. R.C., H.H. Seward, Hunt, M.K.. and R. Turn Report of A Task Force of and R.L. Nolan Privacy and Security in Departments of A Methodology for Evaluating Databank Systems: An

Communication and Justice, Alternative Technical and Annotated Bibliography . R- Information Canada, Ottawa, Information Management 1361-NSF, The Rand 1972. Approaches to Privacy Corporation. Santa Monica,

Requirements , TN 906, CA. 1974. Key Words: privacy, foreign. National Bureau of Standards, Gaithersburg, MD, June 1976. Key Words: privacy, DUN-67 awareness. Dunn, E.S., Jr. Key Words: privacy, methods. "The Idea of National Data KIR-79 Center and the Issue of HAR-67 Kirby, M.D. Personal Privacy," American Harrison, A. "Developing International

Statistician, February 1967, The Problem of Privacy in the Rules to Privacy," Computer

pp. 21-27. Computer Age: An Annotated Networks , June 1979, pp. 149-

Bibliography , RM-5495- 163. Key Words: privacy, threats, PR/RC, The Rand methods. Corporation, Santa Monica, Key Words: privacy, policy, CA, December 1967. foreign, laws. FLA-79 Flaherty. D.H. Key Words: privacy, LIN-77 Privacy and Government awareness. Linowes, D.F. (Chrmn.) Data Banks: International Personal Privacy in an

Perspective , Mansell HAR-69 Information Society , Report of Publishing, London, 1979. Harrison, A. the Privacy Protection Study The Problem of Privacy in the Commission, Government Key Words: book, privacy, Computer Age: An Annotated Printing Office, Washington,

foreign. Bibliography, Vol. 2 , RM- DC, 1977. 5495/1 -PR/RC, The Rand FON-77 Corporation, Santa Monica, Key Words: privacy, general, Fong, E. CA, December 1969. PA, policy, laws. A Data Base Management Approach to Privacy Act Key Words: privacy, LIN-78

Compliance. SP 500-10, awareness. Lindrop, N. (Chrmn.) National Bureau of Standards. Report of the Committee on Gaithersburg. MD, June HOF-69 Data Protection, Cmnd. 7341, 1977. Hoffman, L.J. Her Majesty's Stationery "Computers and Privacy: A Office, London, December Key Words: privacy, PA. Survey," ACM Computing 1978.

methods. Surveys , June 1969, pp. 85- 103. Key Words: privacy, general, GOL-75 policy, foreign. Goldstein. B. Key Words: privacy, general.

The Cost of Privacy . MAS-79 Honeywell Information HON-75 Masuda, Y, Systems, Brighton, MA, Hondius, F.W. "Privacy in the Future 1975. Emerging Data Protection in Information Society,"

Europe , North-Holland Computer Networks , June Key Words: book, privacy, Publishing Co., Amsterdam, 1979, pp. 164-170. design. 1975. Key Words: privacy, general. Key Words: privacy, foreign.

10-14 MIL-69 ONL-76 STA-79 MiUer. A.R. Privacy and the Computer. Stadler, G. "Personal Privacy in the OnLine Conferences, Ltd., "Survey of National Data Computer Age: The Uxbridge, England, 1976. Legislation," Computer

Challenge of a New Networks , June 1979, pp. 174- Technology in an Key Words: proceedings, 186. Information-Oriented privacy, policy, foreign, laws. Society," Michigan Law Key Words: privacy, Iwas,

Review , April 1969, pp. ONL-78 foreign. 1089-1247. Transnational Data Regulation, Proceedings of Brussels Conf., STE-79 Key Words: threats, privacy, OnLine Conferences, Ltd., Steinmueller, W., policy, requirements. Uxbridge. England, 1978. "Legal Problems of Computer Networks: A Methodical

MIL-71 Key Words: proceedings. Survey," Computer Networks , MiUer, A. TDF, privacy, foreign. June 1979, pp. 187-198.

The Assault on Privacy , University of Michigan Press, ROO-79 Key Words: privacy, laws, Ann Arbor, MI, 1971. Rooms, P.L.P, and networks. J.D. Rooms Key Words: book, privacy, "Problems of Data Protection TUR-76 policy, threats, laws. Law for Private Multinational Turn, R., and W.H. Ware Commimications Networks," "Privacy and Security Issues in

MUR-72 Computer Networks , June Information Systems," IEEE

Murray, J.A., (Ed.) 1979, pp. 205-218. Trans, on Computers , Infonnation Processing and December 1976, pp. 1353- the Right of Privacy: A Key Words: TDF, privacy, 1361. Crossroads Oecision for laws. general. North Americans , University Key Words: privacy, of Windsor Press, Windsor, ROS-89 Canada, 1972. Rosenberg, J.M. TUR-77 The Death of Privacy, Turn, R. Key Words: proceedings, Random House, New York, "Privacy Protection in privacy, policy, foreign. 1969. Information Systems," in Yovits, M.C. (Ed.), Advances

OEC-76 Key Words: book, privacy, in Computers , Vol. 16, 1977, Policy Issues in Data threats. pp. 221-335.

Protection and Privacy , Proc, 1974 OECD Seminar in SIE-76 Key Words: privacy, general. Paris, Organization for Sieghart, P. Economic Cooperation and Privacy and Computers, TUR-79 Development, Paris, 1976. Latimer, London, 1976. Turn R. (Ed.) Transborder Data Flows, Vol. Key Words: proceedings, Key Words: book, privacy, 1: Concerns for Privacy and

privacy, policy, foreigiL general. Free Flow of Information , AFIPS Press, Reston, VA, OEC-79 SMI-79 1979. Transborder Data Flows and Smith, R.E. — to Protect Key Words: TDF, policy, the Protection of Privacy , Privacy How Proc. 1977 OECD What's Left of It, Anchor general. Symposium in Vienna, Press/Doubleday, New York, (>ganization for Economic 1979. UCL-68 Cooperation and 'The Computerization of Development, Paris, 1979. Key Words: book, privacy, Government Files: What general. Impact on Individual?," UCLA September 1968, Key Words: proceedings, Law Review , privacy, TDF, poUcy, foreign. pp. 1371-1498.

Key Words: privacy, threats.

10-15 WAR-73 WES-72 WES-79 Ware, W.H. (Chmn.) Westin, A.F., and MA. Baker Westin, A.F. Records. Computers, and Databanks in a Free Societv . Computers. Personnel Rights of Citizens. HEW Quadrangle Books, New York, Administration, and Citizen Secretary's Advisory Commit, 1972. Rights . SP 500-50, National on Automated Personal Data Bureau of Standards, Systems, Dept. of Health, Key Words: privacy, general. Gaithersburg, MD, DC, July Education and Welfare, 1979. Washington, DC, July 1973. WES-76 Westin, A.F. Key Words: privacy, policy, Key Words: privacy, policy. Computers. Health Records, employment and Citizen Rights . NBS WES-67 Monog. 157, National Bureau YOU-72 Westin, A.F. of Standards, Gaithersburg, Younger, K. (Chrmn.) Privacy and Freedom . MD, December 1976. Report to the Committee on Atheneum Publishers, New Privacy. Cmnd. 5012, York, Her 1967. Key Words: privacy, medical. Majesty's Stationery Office, London, July 1972. Key Words: privacy, general.

Key Words: privacy, foreign.

10-16 Appendix A: Periodicals

This appendix contains a list of the periodicals cited in this bibliography.

Assets Protection . Computer Law and Security Computers & Security (^arterly. Paul D. Shaw, Editor. Report Bimonthly. Paul Evans, Editor. Assets Protection Publishing, Stephen Saxby, Editor. Elsevier Science Publishing PO Box 5323, Madison, WI Eclipse Publications Ltd., 18-20 Ltd., Mayfield House, 256 53705. 608-231-3817 (Vol. 5 Highbury Place, London, N5 Bradbury Road, Oxford 0X2 in 1989). IQP, U.K., Tel:01 -354-5858. 7DH, U.K. (Vol. 8 in 1989). Ed: 0703-593404 (Vol. 5 in Auerbach Data Security 1989). Computers & Society Quarterly. Management Bimonthly. Richard S. Rosenberg, Editor. Rich Mansfield, Editor. Computer/Law Joumal Quarterly. Newsletter, ACM Special Auerbach Information Michael D. Scott, Editor. Interest Group on Computers Management Series, Auerbach Center for Computer/Law, PO and Society (SIG/CAS), 11 Publishers Inc., a Warren, Box 3549, Manhattan Beach, West 42nd Street, New York, Gorham & Lamont company. CA 90266. 213-470-6361 (Vol. NY 10036. Ed: 604-228-4142 One Perm Plaza, New York, 9 in 1989). (Vol. 19 in 1989). NY 10119. 212-971-5000 (Vol. 9 in 1989). Computer Security Newsletter COM-SAC: Computer Security, Bimonthly. Auditing and Controls (Quarterly. IEEE Cipher (Quarterly. Russell Kay, Editor. J.F. Koimg, Editor. Newsletter of the IEEE Computer Computer Security Institute, Management Advisory Society's Technical Committee on 360 Church Street, Northboro, Publicat., PO Box 81151, Security and Privacy. MA 01532. 508-393-2600 (No. WeUesley Hills, MA 02181. Dave Bailey, Editor. 90 in Oct. 1989). 617-235-2895 (Vol. 16 in IEEE Computer Society, 1730 1989). Massachusetts Ave. N.W., Computer Sectnity Digest Washington, DC 20036-1903. Monthly. Corporate Security Digest Weekly. 505-846-4600 (Vol. 10 in Jack Bologna and Tim Betty B. Borsage, Editor. 1989). Schabeck, Editors. 3918 Prosperity Ave., Suite Computer Protection Systems, 318, Fairfax, VA COM-AND. Computer Audit Inc., 150 Nortii Main St., 22031-3334. 703-573-1600 News and Developments Plymouth, MI 48170. (Vol. 3 in 1989). Bimonthly. 313-459-8787 (Vol. 7 in 1989). J.F. Kuong, Editor. CPR-J: Contingency Planning & Management Advisory Computer Security Joumal Recovery Joumal Quarterly. Publicat., PO Box 81151. Irregular. J.F. Koung and CM. Winters, WeUesley Hills, MA 02181. Russel Kay, Editor. Editors. 617-235-2895 (Vol. 7 in Computer Security Institute, Contingency Planning & 1989). 360 Church Street, Northboro, Recovery Institute and MA 01532. 508-393-2600 (Vol. Management Advisory

Computer Control Quarterly . 5 in 1989). Publications, PO Box 81151, K.J. Fitzgerald, Editor. WeUesley HUls, MA 02181. 26 Washington Avenue, East Computer Security Products 617-235-2895 (Vol. 3 in Malvem, Victoria, 3145 Report Quarterly. 1989). Australia. (Vol. 9 in 1989). Paul D. Shaw, Editor. The Territorial Imperative Inc., Cryptologia Quarterly. Computer Fraud and Security PO Box 5323, Madison, WI David Kahn, et al.. Editors. Bulletin Monthly. 53705. 608-231-3817 (New in Rose-Huhnan Institute of Michael Comer, Editor. 1986). Technology, Terre Haute, IN Elsevier Science Publishing 47803. 812-877-1511 (Vol. 13 Ltd., Mayfield House, 256 in 1989). Bradbury Road, Oxford 0X2 7DH, U.K. (Vol. 11 in 1989).

A-1 Cryptosystem Journal Irregular. EDP Auditor Quarterly. International Computer Law Tony Patti, Editor. William E. Perry, Editor. Advisor Monthly. 9755 Oatley Lane, Burke, EDP Auditors Association, 373 Michael Scott, Editor. VA 22015. 703-451-6664 S. Schmale Rd, Carol Stream, Law and Technology Press, (Vol. 2 in 1989). IL 60187. 312-653-0950 (Vol. PO Box 3280, Manhattan 18 in 1989). Beach, CA 90266. Data Processing Auditing Report 213-470-9976 (Vol. 3 in Monthly. EDP Security BuUetin/Securite de 1989). Belden Menkus, Editor. L'informatique Irregular. John Wiley & Sons. 600 3rd Linda Kirk, Editor. ISAC Info Gnformation Security Avenue, New York, NY EDP Security Branch, Royal and Access Control) Bi-monthly. 10158. 212-692-6000 (Vol. Canadian Mounted Police, 1200 Isolation Systems Inc., 14800 11 in 1989). Vanier Parkway, Ottawa, KIA Quorum Drive, Dallas, TX OR2 Canada. 613-993-8783 75240. 214-404-0897 (Vol. 1 Data Processing & in 1989). Communications Security lACR Newsletter Quarterly. Quarterly. Newsletter of the International ISPNews: INFOSecurity Product Paul D. Shaw, Editor. Association for Cryptologic News Bimonthly. Assets Protection Publishing, Research. 498 Concord Street, PO Box 5323, Madison, WI G.B. Agnew, Editor. Farmington, MA 01701. 53705. 608-231-3817 (Vol. Editor: Dept. of Electrical 508-879-7999 (New in 1990). 13 in 1989). Engineering, University of Waterloo, Waterloo, Ontario ISSA Access Quarterly. Datapro Reports on Information N@L 3G1, Canada. Cherie G. Smith, Editor. Security Monthly. 519-885-1211 Ext. 3041 (Vol. 6 Information Systems Security Kristen A. Noakes-Fry, in 1989). Association, Inc., PO Box Editor. 9457, Newport Beach, CA Datapro Research Information Age Quarterly. 92658. 714-250-4772 (Vol. 2 Corporation, 600 Delran J. Hayes, Editor. in 1989). Parkway, Dekan, NJ 08075. Butterworth Scientific Ltd., PO 609-764-0100. Box 63, Westbury House, Bury Journal of Cryptology Irregular. Street, Guilford, Surrey GU2 Ernest F. Brickell, Data Security Letter 9 times a 5BH, England. (Vol. 11 in Editor-in-Chief. year. 1989). International Association of Theresa F. Lunt, Editor. Cryptologic Research. Springer Berson & Limt, PO Box Information Privacy Verlag New York, Inc., 175 1593, Palo Alto, CA 94302. See Information Age Fifth Ave.. New York, NY 415-325-3662 (Vol. 3 in 10010. 212-460-1612 (Vol. 1 1989). Information Security Advisor in 1989). Monthly. Disaster Recovery Journal Sanford Sherizen, Editor. Journal of Information Systems Quarterly. Auerbach Publishers, Inc. A Security Quarterly. Richard Arnold, Warren, Groham and Lamont Gregory W. Therklasen, Editor-in-Chief. Company, 210 South Street, Peter S. Browne, and 5712 Meramar Drive, St. Boston, MA 02111. WiUiam H. Murray. Louis, MO 63129. 212-971-5271. Consulting Editors. 314-846-1001 (Vol. 2 in Auerbach Publishers. A 1989) Information Security Monitor Division of Gorham & Jack Smith, Editor. Lamont, Inc., 210 South EDPACS: EDP Audit, Control IBC Technical Services Ltd., Street, Boston, MA and Security Newsletter Monthly. 57/61 Mortimer Street, IBC 02111-9990. 800-950-1217 Belden Menkus, House, Canada Road, Byfleet, (New in 1989) Editor-in-Chief. Surrey, KT14 7JL, U.K. Warren, Gorham & Lamont, Journal of Security Administration One Penn Plaza, New York, Lntemal Auditor Bimonthly. Semiannual. NY 10119. (Vol. 17 in Institute of Internal Auditors, Norman R. Bottom, Editor. 1989). 149 Maitland Avenue, London House Press, 1550 Altamonte Springs, PL 32701. Northwest Highway, Park 305-830-7600. Ridge, IL 60068. 305-279-9437 (Vol. 11 in 1989).

A-2 PIN: Personal Identification News Security, Audit & Control Review Software Law Journal Quarterly. 11 times a year. Quarterly. Michael D. Scott, Editor. Ben Miller and George Tom Richards, Editor. Center for Computer/Law, PO Warfel, Editors. ACM Special Interest Group on Box 3549, Manhattan Beach, Warfel & Miller. Inc., PO Security, Audit and Control CA 90266. 213-470-6361 Box 11018. Washington. DC (SIG/SAC), 11 West 42nd (Vol. 2 in 1989). 20008. 301-652-9050 (Vol. 5 Street, New York. NY 10036. in 1989). 817-565-3110 (Vol. 6 in 1989). Software Protection Monthly. Michael Scott, Editor. Privacy Journal Monthly. Sectirity Letter Biweekly. Law and Technology Press, Robert E. Smith. Editor. Robert McCrie, Editor. PO Box 3280, Manhattan PO Box 15300. Washington Security Letter, 166 East 96th Beach. CA 90266. DC 20003. 202-547-2865 St., New York, NY 10128. 213-470-9976 (Vol. 8 in (Vol. 15 in 1989). 212-348-1553 (Vol. 20 in 1989). 1989). Privacy Times Bi-weekly. Transnational Data Report Evan Hendricks. Editor. Security Management Monthly. Monthly. PO Box 21501. Washington, American Association for Timothy G.Donovan. Editor. DC 20009. 202-526-2415 Industrial Security (ASIS), 1655 Transnational Data Reporting (Vol. 7 in 1986). North Fort Myer Drive, Suite Service. Inc.. PO Box 2039, 1200, Arlington. VA 22209. Springfield, VA 22152. Quality Assurance Quest Monthly. 703-522-5800 (Vol. 33 in 202-488-3434 (Vol. 12 in W.E. Perry. Editoi 1989). 1989). Quality Assurance Institute. Suite 350. Dr. Phillips Blvd. Security Systems Administration The EDP Auditor Journal Orlando, FL 32819. Monthly. The EDP Auditors Foimdation, 407-363-1111 (Vol. 9 in Thomas S. Kapinos. Editor. PO Box 88180. Carol Stream. 1989). PTN Publishing Co.. 101 IL. 60188-0180. Crossways Park West, Risk Analysis Quarterly. Woodbury. NY 11797. Virus Bulletin Monthly. Journal of the Society for Risk 516-496-8000 (Vol. 18 in Edward Wilding. Editor. Analysis. 1989). Virus Bulletin. Ltd.. Curtis Travis. Editor-in-Chief. Haddenham. Aylesbury, HP17 Plenum Publishing Co.. 233 Security World Monthly. 8JD, U.K. +44 844 290396, or Spring Street, New York, Kerrigan Lyndon, Editor. PO Box 875, 454 Main Street, 10013. (Vol. 9 in 1989). Cahners Publishing Co.. Ridgefield, CT 06877. Cahners Plaza, 1350 E. Touchy 203-431-8720 (Vol. 1 in Rutgers Computer and Technology Avenue, PO Box 5080, Des 1989).

Law Journal . Semiannual. Plaines, IL 60018. Frances Bouchoux, Editor-in- 312-635-8800 (Vol. 26 in Chief. 1989). Rutgers Law School, 15 Washington Street, Newark. NJ 07102. 201-648-5549 (Vol. 12 in 1986).

Security Monthly. Cahners Publishers. 44 Cook Street, Denver. CO 80206. 303-388-4511 (New in 1989).

A-3

Appendix B: List of Key Words

This appendix contains a list of all the keywords used in each of the sections.

Section 1 : General

awareness, book, crime, computer virus, Congress, contingency, ethics, general, government, guidelines, hackers, integrity, international, laws, legislation, PC [personal computer], physical, policy, risk, software piracy, techniques, threats, virus, vulnerabilities.

Section 2 : Management

auditing, awareness, book, certification, computer virus, control [access control], denial [of service], general, government, guidelines, hackers, hardware, integrity, management, methods [mechanisms, procedures], PC [personal computer, microcomputer], personnel, physical, policy, proceedings, recovery [operational, disaster], requirement, risk [management], software, techniques, theory, virus [worm], vulnerabilities.

Section 3 : Foundations

authentication, capability, case [specific description], control, covert channel, database, discretionary, flow, formal, inference [non-inference], integrity, LAN [local area network], methods, models, MLS [multi-level security], network [also distributed system], policy, proceedings, safety, specification, take-grant [specific access control model], theory, trusted [systems], verification, virus.

Section 4 : Access Control

control [access], architecture, authentication [identification], book, capability [for access control], case [case study], design, discretionary, government, guidelines, hardware, integrity, management, mandatory, methods, OS [operating system], passwords, proceedings PC [personal computer], safety, software, techniques, trusted [system].

Section 5 : Trusted Systems

architecture, authentication, book, capability, case [case study], certification, control, covert channel, criteria, cryptography, denial [of service], design, discretionary, general, government, guidelines, integrity, kemel, methods, MLS, models, network, OS [operating system], proceedings, specifications, software, TCB [trusted computing base], threat, techniques, theory, trusted [system], verification.

B-1 Section 6 : Database Security auditing, authentication, case [case study, example], control [access control], criteria, database [files, records], design, discretionary, distributed, encryption, government, guidelines, inference, integrity, kernel, DBMS [database management system], mandatory, methods, models, MLS, network [distributed], policy, privacy, proceedings, relational, requirements, software, statistical [databank], techniques, theory, trusted, verification, views [of database].

Section 7 : Communication and Network Security architecture, auditing, authentication, book, case [case study], controls, criteria, crypto [cryptography], DES [data encryption standard], design, distributed, EM [electronic mail], general, government, guidelines, hardware, keys [cryptographic], LAN [local area network], management, methods, MLS, models, network [also distributed system], OS [operating system], OSI [open systems interconnect], PC [personal computer, terminal], physical, policy, proceedings, protocols, public-key [cryptography], requirements, RSA [Rivest-Shamir-Adleman public-key algorithm], software, standards, techniques, threats [also covert channels], trusted [system], verification [also assurance], vulnerabilities.

Section 8 : Cryptography algorithms, analysis [also crypto-analysis], authentication [identification], book, check-sum, codes, complexity, DES [data encryption standard], design, evaluation, hardware, integrity, keys [cryptographic keys, management], knapsack [public-key algorithm], methods, proceedings, protocols, public-key [cryptographic method], oblivious [transfer protocol], one-way [functions], poUcy, random, RSA, research, signatures [digital], software, techniques, theory, threats, trap-door [functions], verification, vulnerabilities, zero [zero-information protocol].

Section 9 : Privacy ("privacy" is implicit in all entries). analysis, book, case [case study], confidentiality. Congress, credit [data], criminal [justice records], databank, design, EFTS [electronic funds transfer system], employment [records], FOI [freedom of information], foreign [countries other than the U.S.], general, government, guidelines, identifier, laws [legislation], management, matching, medical [records], oversight [of laws], PA [U.S. Privacy Act of 1074], proceedings, profiling, protection [of rights], records, requirements, rights [individual], social [sciences], statistical [data, databanks], surveillance, threats, TDF [transborder dataflow], use.

B-2

oV.S. GOVERNMENT PRINTING OmCE: l990.28l.6l^23^e9 1. PUBLICATION OR REPORT NUMBER NIST-114A U.S. DEPARTMENT OF COMMERCE (REV. 3-89) NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY NIST/SP-800/1 PERFORMING ORGANIZATION REPORT NUMBER BIBLIOGRAPHIC DATA SHEET 3. PUBLICATION DATE December 1990 TITLE AND SUBTITLE Bibliography of Selected Computer Security Publications January 1980 - October 1989

5. AUTHOR(S) Rein Turn, compiler; Lawrence E. Bassham III, editor

6. PERFORMING ORGANIZATION (IF JOINT OR OTHER THAN NIST, SEE INSTRUCTIONS) 7. CONTRACT/GRANT NUMBER 43NANB922203 U.S. DEPARTMENT OF COMMERCE Rein Turn Associates NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 8. COVERED GAITHERSBURG, MD 20899 15239 Earlham St. TYPE OF REPORT AND PERIOD 1989 Pacific Palisades, CA January 1980-October 9. SPONSORING ORGANIZATION NAME AND COMPLETE ADDRESS (STREET, CITY, STATE, ZIP)

Same as item #6

10. SUPPLEMENTARY NOTES

DOCUMENT D ESCRIBES A COMPUTER PROGRAM; SF-1B5, FIPS SOFTWARE SUMMARY, IS ATTACHED.

11. ABSTRACT (A 200-WORD OR LESS FACTUAL SUMMARY OF MOST SIGNIFICANT INFORMATION. IF DOCUMENT INCLUDES A SIGNIFICANT BIBLIOGRAPHY OR LITERATURE SURVEY, MENTION IT HERE.)

This bibliography cites selected books and articles on computer security published from January 1980 through October 1989. To have been selected, an article had to be

' substantial in content and have been published in professional or technical journals,

! magazines, or conference proceedings. Only very substantial articles from the popular

! or trade press were included. English language articles from foreign journals were included as available. The citations are listed under nine categories. A tenth category of pre-1980 publications is also provided, as well as an appendix containing addresses of all journals and magazines referenced in the bibliography.

NAMES; AND SEPARATE KEY WORDS BY SEMICOLONS) 12. KEY WORDS (6 TO 12 ENTRIES; ALPHABETICAL ORDER; CAPITALIZE ONLY PROPER access controls; auditing; communications security; computer crime; computer security; confidentiality; crytography; disaster recovery; integrity; privacy; risk management; trusted computing base.

14. NUMBER OF PRINTED PAGES 13. AVAILABIUTY Y UNUNITED 200 SERVICE (NTIS). FOR OFFICIAL DISTRIBUTION. DO NOT RELEASE TO NATIONAL TECHNICAL INFORMATION 15. PRICE ORDER FROM SUPERINTENDENT OF DOCUMENTS, U.S. GOVERNMENT PRINTING OFFICE, WASHINGTON, DC 20402. ORDER FROM NATIONAL TECHNICAL INFORMATION SERVICE (NTIS), SPRINGFIELD, VA 22161.

ELECTRONIC FORM !

1 ANNOUNCEMENT OF NEW PUBLICATIONS ON COMPUTER SECURITY

Superintendent of Documents Government Printing Office Washington, DC 20402

Dear Sir:

Please add my name to the annoimcement list of new publications to be issued in the series: National Institute of Standards and Technology Special Publication 800-.

Name

Company

Address

City State Zip Code

(Notification key N-503)

/ i 1 A. Technical Publications

Periodical

Journal of Research of the National Institute of Standards and Technology—Reports NIST research and development in those disciplines of the physical and engineering sciences in which the Institute is active. These include physics, chemistry, engineering, mathematics, and computer sciences. Papers cover a broad range of subjects, with major emphasis on measurement methodology and the basic technology underlying standardization. Also included from time to time are survey articles on topics closely related to the Institute's technical and scientific programs. Issued six times a year.

Nonperiodicals

Monographs—Major contributions to the technical literature on various subjects related to the Institute's scientific and technical activities. Handbooks—Recommended codes of engineering and industrial practice (including safety codes) de- veloped in cooperation with interested industries, professional organizations, and regulatory bodies. Special Publications—Include proceedings of conferences sponsored by NIST, NIST annual reports, and other special publications appropriate to this grouping such as wall charts, pocket cards, and bibliographies. Applied Mathematics Series—Mathematical tables, manuals, and studies of special interest to physi- cists, engineers, chemists, biologists, mathematicians, computer programmers, and others engaged in scientific and technical work. National Standard Reference Data Series—Provides quantitative data on the physical and chemical properties of materials, compiled from the world's literature and critically evaluated. Developed un- der a worldwide program coordinated by NIST under the authority of the National Standard Data Act (Public Law 90-396). NOTE: The Journal of Physical and Chemical Reference Data (JPCRD) is published quarterly for NIST by the American Chemical Society (ACS) and the American Insti- tute of Physics (AIP). Subscriptions, reprints, and supplements are available from ACS, 1155 Six- teenth St., NW., Washington, DC 20056. Building Science Series—Disseminates technical information developed at the Institute on building materials, components, systems, and whole structures. The series presents research results, test methods, and performance criteria related to the structural and environmental functions and the durability and safety characteristics of building elements and systems. Technical Notes—Studies or reports which are complete in themselves but restrictive in their treat- ment of a subject. Analogous to monographs but not so comprehensive in scope or definitive in treatment of the subject area. Often serve as a vehicle for final reports of work performed at NIST under the sponsorship of other government agencies. Voluntary Product Standards—Developed under procedures published by the Department of Com- merce in Part 10, Title 15, of the Code of Federal Regulations. The standards establish nationally recognized requirements for products, and provide all concerned interests with a basis for common understanding of the characteristics of the products. NIST administers this program as a supplement to the activities of the private sector standardizing organizations. Consumer Information Series—Practical information, based on NIST research and experience, cov- ering areas of interest to the consumer. Easily understandable language and illustrations provide use- ful background knowledge for shopping in today's technological marketplace. Order the above NIST publications from: Superintendent of Documents, Government Printing Office, Washington, DC 20402. Order the following NIST publications—FIPS and NISTIRs—from the National Technical Information Service, Springfield, VA 22161. Federal Information Processing Standards Publications (FIPS PUB)—Publications in 'this series col- lectively constitute the Federal Information Processing Standards Register. The Register serves as the official source of information in the Federal Government regarding standards issued by NIST pursuant to the Federal Property and Administrative Services Act of 1949 as amended, Public Law 89-306 (79 Stat. 1127), and as implemented by Executive Order 11717 (38 FR 12315, dated May 11, 1973) and Part 6 of Title 15 CFR (Code of Federal Regulations). NIST Interagency Reports (NISTIR)—A special series of interim or final reports on work performed by NIST for outside sponsors (both government and non-govemment). In general, initial distribu- Service, tion is handled by the sponsor; public distribution is by the National Technical Information Springfield, VA 22161, in paper copy or microfiche form. U.S. Department of Commerce National Institute of Standards and Technology (formerly National Bureau of Standards) Gaithersburg, MD 20899

Official Business Penalty for Private Use $300