DOCSLIB.ORG

DDN (Defense Data Network) Protocol Implementations and Vendors Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

AND ill PROTOCOL IPLEENTTIONS VENDORS(DEFENSE GUIDE(U) DTA SRINETUORK) INTERNATIONRL MENLO PAIRKCA DDE 7D-AIL?3 66 NETUORKDON INFORNATION CENTER 0 JACOBSEN ET AL. AUG 6 UNCLSSIFIEDNIC-5 6C20C2-4 -C S /G 9/2 NL /: * '....." 1114I 'III a, 12.01.8 'v MICROCOPY RESOLUTION EST CHART NATIONAL BUREAU OF STANDARDS-]963-A ,, . , [0 32. 33-6 ., • . -.. .... , . .. • -., ...u ,, - - . .. , jz_* ", . v .', .. " ' _ .' .. ,' j . ._..'." _Il_.gi,_, -.' PN "7. .. 5.002 .NIC -\......-' DEFENSE COMMUNICATIONS AGENCY (0 DDN PROTOCOL IMPLEMENTATIONS AND VENDORS GUIDE AUGUST 1986 DTIC Sl SELECTE"OCT15 ,S 4D "o.- - '.-.',-7-% C 4* d .~~ ~~..*. ~ . .- ~ ~:.:*:.:.NT L 4. ,,-.,.'ATM;.2i2dj RiP2009 for public Memo, ~ ~ Si s"-ibu-o" Ulimitod 86 9 19 032 REPORT DOCUMENTATION PAGE la. REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS 2a. SECURITY CLASSIFICATION AUTHORITY 3. DISTRIBUTION/ AVAILABILITY OF REPORT Distribution statement A 2b. DECLASSIFICATION /DOWNGRADING SCHEDULE Approved for public release Distribution unlimited I .'z- 4. PERFORMING ORGANIZATION REPORT NUMBER(S) S. MONITORING ORGANIZATION REPORT NUMBER(S) •-'-', NIC 50002 %. 6a. NAME OF PERFORMING ORGANIZATION 6b. OFFICE SYMBOL 7a. NAME OF MONITORING ORGANIZATION SRI International (If applicable) Defense Data Network DDN Network Info, Ctr- Program Management Office 6c. ADDRESS (City, State, and ZIP Code) 7b. ADDRESS (City, State, and ZIP Code) Menlo Park, CA 94025 McLean, VA 22102 Sa. NAME OF FUNDING /SPONSORING 8b. OFFICE SYMBOL 9. PROCUREMENT INSTRUMENT IDENTIFICATION NUMBER ORGANIZATION (fapplicable) 8c. ADDRESS(City, State, and ZIP Code) 10. SOURCE OF FUNDING NUMBERS PROGRAM PROJECT TASK WORK UNIT ELEMENT NO. NO. NO. ACCESSION NO. - 11. TITLE (Indude Security Classification) DDN Protocol Implementations and Vendors Guide (Unclassified) 12. PERSONAL AUTHOR(S) Jacobsen, Ole; Perillo, Francine, eds. 13a. TYPE OF REPORT 13b. TIME COVERED 14. DATE OF REPORT (Year, Afonth, Day) S. PAGE COUNT FROM TO 860800 SUPPLEMENTARY NOTATION -16. 17. COSATI CODES 18. SUBJECT TERMS (Continue on reverse If necessary and identify by block number) FIELD GROUP SUB-GROUP .jTransmission Control Protocol/ Internet Protocol; TCP/IP; Vendors Guide1 TCP/IP implementations; Defense Data Network 'C DDN; DDN prot46l suite '- - 19. ABSTRACT (Continue on reverse if necessaty and identify by block num=be. -. p Information regarding implementations and products compatible Defense Defense Data Network (DDN) suite of data communication withprotocols the Department is provided of C" in this guide, formerly called the TCP/IP Implementations and Vendors Guide. A new section for this edition suppl~es background information about DDN protocol policy, and about the protocols themselves, including qualification testing and evaluation procedures, ,r.. and how to obtain pertinent documentation. The latter two sections list software implementations alphabetically, y machine type, and hardware implementations alphabeticall - by documentation,company. Information and distributor/ about products includes The guide does nottheir specifically contact person, endorse history, or recommend *%I- any product. - 20. DISTRIBUTION/I AVA!LINBILITY OF ABSTRACT 21. ABSTRACT SECURITY CLASSIFICATION T" 22a. NAMF O JnSr)SlfylJ INDIVIDUAL ?.TEPtligf?&AeCo)12c0 IEYBO DD FORM 1473,804 MAR 83 APR edition may be used until exhausted. SECURITY CLASSIFICATION OF THIS PAGE ,, All other editions are obsolete. UNCLASSIFIED N UNCLASSIFIED -" *hU URl CLANIPICATION OP TNll PAGE Elizabeth Redfield SRI International DDN Network Inforamation Center EJ 292 333 Ravenswood Ave. Menlo Park, CA 94025 fk •% * 0 7 .'_t .,_ " ....... ...... ...... r~li, .[, ,,,i'.' ,. ,,,il.• , .,,,.,......%,, -.,,. ,.%,.,;_' ' ... ..' .' ._ ,..,. .?.. 'z,.".. '..., °% % 4 - ~~~UNCLASSIFIED -"U-r:j ,YI O H DEFENSE COMMUNICATIONS AGENCY DDN PROTOCOL IMPLEMENTATIONS AND VENDORS GUIDE AUGUST 1986 Editors: Ole Jacobsen Francine Perillo .*:.:.: e- .. I. "14. .-.....-,... 1L It is the intent of the DDN Network Information Center (NIC) to make the DDN Protocol Implementations and Vendors Guide widely available to DDN users at minimal cost. The Guide may be obtained in hardcopy or machine-readable form from several sources. Military users may obtain hardcopy from either the Defense Technical Information Center (DTIC) or the NIC. (Either the NIC or DTIC can provide the ordering number.) Non-military users such as contractors, systems personnel, and researchers may obtain hardcopy from the NIC by sending $20.00 ($23.00 overseas) to the DDN Network Information Center, SRI International, Room EJ291, 333 Ravenswood Avenue, Menlo Park, CA 94025. Copies are available online to DDN users who have access to the file transfer services, FTP or KERMIT, using pathname NETINFO:VENDORS-GUIDE.DOC. The online file is updated on a continual basis. The hardcopy version is published twice a year in February and August. DDN Protocol Implementations and Vendors Guide. Printed and bound in the United States of America. % Published by the DDN Network Information Center, SRI International, Menlo Park, CA 94025. Date: August, 1986 1 4 q, . ,. ~t.. P ~ . ~ .~.~ P ~ ~ .P ~_ _ _ _ _ _ _ NOTICE The DDN Protocol Implementation and Vendors Guide is for informational purposes only. Inclusion of , an implementation or product in this Guide does not constitute an endorsement or an official recommendation on the part of the Defense Communications Agency (DCA), the Defense Advanced Research Projects Agency (DARPA), the DDN Network Information Center (NIC), or the Department of Defense (DoD). Omission of any vendor or implementor has no significant implication, other than that the NIC had no information about that product or implementation, or that the information was not forthcoming by the time of publication. Anyone planning to use the hardware or software described in this Guide is advised to thoroughly investigate the suitability, quality, costs, available support, and other related details pertaining to any given selection, and to make sure that products or implementations being considered for use on the Defense Data Network (DDN) comply with the official DoD Military Standard (MIL-STD) protocols.- 4.:t.-v .. .. ti . -, ",, . 46.4-. " IOTIC "TAB 5 " J U~nannounlced [ ,. , ,. .. Avaii~lor : o Dist' ibutio -i ig 4 A a db it Co e -v iI .- r-- h 9W, -C 4% it. ~*'~1 C'. UP*? it- 4% 4% kt * ,~44i 4.. p U -C -C 6 a p)J %' % hr by' 4 t I iv V.. *9.~~% s%%A~' v ~ ~ J$V%%#%~- ;~ s'Z&;. & :§:~kKkkKk~2:%4 ACKNOWLEDGEMENTS e The DDN Protocol Implementations and Vendors Guide was prepared by the DDN Network Information Center (NIC)for the Defense Communications Agency Defense Communications System (DCA DCS) Office "ider contract number DCA-200-84-C-0024, CDRLs E009 and E009A. The Guide was compiled with the assistance of many people, most of whom are cited as contacts for the products and implementations listed within this document. The NIC gratefully acknowledges their contributions. ' .'., %. 'N *: / %"% ....b.:'- V 9 '.'. , .9 v.,, % 1. viI ~~&L~~t ~7-r-gi-TWI1N'T. WWWWT W~IVT.yTWj -. WV j IM* -7 7.W.~~i47 Table of Contents INTRODUCTION ....................................................... I I. BACKGROUND ...................................................... 3 1.1. The DoD Protocol Suite ............................................................ 3 1.1.1. DoD Protocol Selection and Announcement Procedures ............................ 3 1.1.2. OSD Directives .............................................................. 3 1.2. The Defense Data Network (DDN) ................................................... 3 1.2.1. DDN Configuration Management .............................................. 4 1.2.2. DDN Protocol Qualification Testing ............................................ 4 1.2.3. Product Testing and Certification .............................................. 4 1.3. Obtaining Protocol Documentation .................................................. 4 1.3.1. Military Standards ......................................................... 4 1.3.2. RFCs ...................................................................... 5 1.3.3. DDN Protocol Handbook ..................................................... 5 1.3.4. Blacker Front End Interface Control Document .................................. 5 1.3.5. DDN X.25 Host Interface Specification ....................................... 1.3.6. DDN Subscriber Interface Guide .......................................... .6 1.3.7. DDN Subscriber Security Guide ............................................... 6 1.3.8. Interconnection of a Host and an IMP, BBN Report No. 1822 ....................... 6 1.3.9. DTIC Document Ordering Information....................................... 1.3.10. NIC Document Ordering Information ......................................... 7 1.3.11. NIC Shipping Information ................................................... 7 2. TCP/IP SOFTWARE IMPLEMENTATIONS BY MACHINE TYPE .......... 9 - 2.1. Apple ........................................................................... 9 2.1.1. Stanford Ethernet Appletalk Gateway .......................................... 9 2.1.2. Apple Macintosh IP ................................................... 11 2.2. AT&T................................................................. 12 2.2.1. AT&T 3B Series ............................................................. 12 2.3. Bolt Beranek and Newman ......................................................... 13 , 2.3.1. BBN.C 70 .................................................................
Recommended publications
  • UNIX and Computer Science Spreading UNIX Around the World: by Ronda Hauben an Interview with John Lions

    UNIX and Computer Science Spreading UNIX Around the World: by Ronda Hauben an Interview with John Lions

    Winter/Spring 1994 Celebrating 25 Years of UNIX Volume 6 No 1 "I believe all significant software movements start at the grassroots level. UNIX, after all, was not developed by the President of AT&T." Kouichi Kishida, UNIX Review, Feb., 1987 UNIX and Computer Science Spreading UNIX Around the World: by Ronda Hauben An Interview with John Lions [Editor's Note: This year, 1994, is the 25th anniversary of the [Editor's Note: Looking through some magazines in a local invention of UNIX in 1969 at Bell Labs. The following is university library, I came upon back issues of UNIX Review from a "Work In Progress" introduced at the USENIX from the mid 1980's. In these issues were articles by or inter- Summer 1993 Conference in Cincinnati, Ohio. This article is views with several of the pioneers who developed UNIX. As intended as a contribution to a discussion about the sig- part of my research for a paper about the history and devel- nificance of the UNIX breakthrough and the lessons to be opment of the early days of UNIX, I felt it would be helpful learned from it for making the next step forward.] to be able to ask some of these pioneers additional questions The Multics collaboration (1964-1968) had been created to based on the events and developments described in the UNIX "show that general-purpose, multiuser, timesharing systems Review Interviews. were viable." Based on the results of research gained at MIT Following is an interview conducted via E-mail with John using the MIT Compatible Time-Sharing System (CTSS), Lions, who wrote A Commentary on the UNIX Operating AT&T and GE agreed to work with MIT to build a "new System describing Version 6 UNIX to accompany the "UNIX hardware, a new operating system, a new file system, and a Operating System Source Code Level 6" for the students in new user interface." Though the project proceeded slowly his operating systems class at the University of New South and it took years to develop Multics, Doug Comer, a Profes- Wales in Australia.
  • CRAY X-MP Series of Computer Systems

    CRAY X-MP Series of Computer Systems

    For close to a decade, Cray Research has been the industry leader in large-scale computer systems. Today, about 70 percent of all supercomputers installed worldwide are Cray systems. They are used in advanced scientific and research Eaboratories around the world and have gained strong acceptance in diverse industrial environments. No other manufacturer has Cray Research's breadth of success and experience in supercomputer development. The company's initial product, the CRAY-I Computer System, was first installed in 1976and quickly became the standard for large-scale scientific computers -and the first commercially successful vector processor. For some time previously, the potential advantages of vector processing had been understood, but effective practical implementation had eluded computer architects. The CRAY-1 broke that barrier, and today vectorization techniques are used commonly by scientists and engineers in a wide variety of disciplines. The field-proven GRAY X-MP Computer Systems now offer significantly more power tosolve new and bigger problems while providing better value than any other systems available. Large memory size options allow a wider range of problems to be solved, while innovative multiprocessor design provides practical opportunities to exploit multitasking, the next dimension of parallel processing beyond vectorization. Once again, Cray Research, has moved supercomputing forward, offering new levels of hardware performance and software techniques to serve the needs of scientists and engineers today and in the future. Introducing the CRAY X-MP Series of Computer Systems Announcing expanded capabilities to serve the needs of a broadening marketplace: the CRAY X-MP Series of Computer Systems. The CRAY X-MP Series now comprises nine models, ranging from a uniprocessor version with one million words of central memory to a top-end system with four processors and a 16-million-word memory.
  • Allan Unix Newsletter

    Allan Unix Newsletter

    allan Unix User Gro Newsletter ~folume 5 rnber 1 The Australian UNIX* Users Group Newsletter Volume V Number i CONTENTS Editorial 2 Survey Responses 2 New Newsletters 3 Next AUUG Meeting 3 Books 4 Book Review 6 Nets 8 AUNET Directory Ii Netnews 28 Clippings 34 Symposium on UNIX 38 Review of August 1983 AUUG Meeting 39 From the EUUG Newsletter 49 From ;login: 61 USENIX Technical Sessions at UNIFORUM 65 Letters 95 February 1984 AUUG Meeting Details 102 Copyright (c) 1984. AUUGN is the journal of the Australian UNIX User Group, Copying without fee is permitted provided that copies are not made or distributed for commercial advantage and credit to the source is given. Abstracting with credit is permitted, No other reproduction is permitted without the prior permission of the Australian UNIX User Group, * UNIX is a trademark of Bell Telephone Laboratories, AUUGN Vol V No i Editorial Do you have the feeling you have missed something in the last few years? Have your doors been blowing closed more often because you cannot find those old AUUGN issues? Well, have no fear, the editor who brought you volumes two and three has returned to bring you volume five. I would like to take this opportunity to apologise to all our regular subscribers for the problems they may have experienced in dealing with the editors of AUUGN during 1982 and 1983. Particular apologies must go to subscribers like the CSIRO, who paid for volume IV and received nothing. Well, enough of problems, on to the good stuff! In This Issue You will notice the appearance of a few new departments in this volume.
  • User-Level Window Managers for UNIX

    User-Level Window Managers for UNIX

    User-LevelWindowManagers for UNIX Robert J.K. Jacob NavalResearch Laboratory Washington, D.C. 20375 ABSTRACT Wm manages a collection of windows on a display terminal. Each windowhas its ownshell or other interactive program, running in parallel with those in the other win- dows. This permits a user to conduct several interactions with the system in parallel, each in its own window. The user can move from one windowtoanother,re-position a window, orcreate or delete a windowatany time without losing his or her place in anyof the windows. Windows can overlap or completely obscure one another; obscured win- dows can be "lifted" up and placed on top of the other windows. This paper describes howsuch a windowmanager for UNIX† is implemented as a set of user processes, without modifications to the UNIX kernel. It shows howthe sim- ple, but well-chosen facilities provided by the original (Version 6) UNIX kernel are suffi- cient to support wm.Inaddition, subsequent versions of wm exploit features of the kernel introduced into newer versions of UNIX to provide faster and more sophisticated window operations, still implemented entirely at the user level. Introduction This paper describes the design of a display windowmanager for UNIX implemented entirely as a set of user processes, without modifications to the UNIX kernel. It shows howthe simple facilities provided by the original (Version 6) UNIX kernel are sufficient to support such a windowmanager.Inaddition, more recent versions of the windowmanager exploit features of the kernel introduced into newer versions of UNIX to provide faster and more sophisticated operations in windows, still implemented entirely outside the kernel.
  • CBCE"1Jum11m(] CD~Cbul1 Ij0d~

    CBCE"1Jum11m(] CD~Cbul1 Ij0d~

    TOP SECRET OJalUOCDOJallb ~l!CBC!JWOU~ UJl]l!OJCB~ ll~WU l]l!~~l]l! l]f,J Wl5£ill!ll5 ~ W(lJ~~l1WllJC!l CBCE"1Jum11m(] CD~CBUl1 iJ0D~ 86-36 PARTIAL MACHINE TRANSLATION: FINAL REPORT (U) .. J . ~ .•• 1 TRACKS IN THE SANDS OF TIME (U)•••••••••••••••••Fred Mason •••••••• 0 ••••••••• 12 NSA-CROSTIC NO. 39 (U) •••••••••••••••••••••••••• David H. Willimas.~.•• •••••· •• 14 REVIEW: THE AMERICAN MAGIC (U) ...... _.......... ·I V··· . .; ......... 16 SHELL GAME (U) •••••••••••••••••••••••••••••••••• w. E. s ••••.•• ,/ .• .,,,~ ••... i ••. 20 WORD PROCESSING IN A4 (U)................... •.• • t ••• • ••..•• •i ••• • 22 BOOKBREAKERS' FORUM ON MACHINE AIDS (U)........ I••••••• •• •••• 27 PERSONAL COMPUTER APPLICATION (U) • • • • • • • • • • • • • • t ••••• 28 THIS 9QCUAIENT CQNT.~INS CQ9EWQR9 l\ft.:F8RIAb Sln\SSIFIEB BY NS1t/eSSM 123•2 TOP SECRET ItEVImf 6'M 16 Apt 2612 DP=classifiect and Approyeci for RP-lease o ... ..- t;JSA on 1 0-1 ?-201? pursuant to EC) 135 -:;- o M O R C::asR # $4 7 'j %"") DOCID: 4033690 Published by Pl. Techniques and Standards. for the Personnel of Operations Editorial VOL. IX. No. 4 APRIL 1982 By now it seems safe to announce that :.., J ~ · CRYPTOLOG is once again coming out on a '•;:. PUBLISHER monthly schedule. That was our objective bac~ in October, but there were a lot of questions BOARD OF EDITORS about whether it could be done. Editor-in-Chief • ._I______ _. (7119/8322s) Production ••••••••••• ~... ________I (3369s) We decided at the outset not to make any promises about publication schedules. These days there are so many people promising so Collection ...................l ___ .....,_~I (8555s) much, and yesterday's promises have a way of fading unfulfilled beneath the flood of ever Cryptanalysis ••••••••••• ~..
  • Network Driver for Micro Os Xv6

    Network Driver for Micro Os Xv6

    NETWORK DRIVER FOR MICRO OS XV6 A Project Presented to the faculty of the Department of Computer Science California State University, Sacramento Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in Computer Science by Anmoldeep Singh Sandhu SPRING 2020 © 2020 Anmoldeep Singh Sandhu ALL RIGHTS RESERVED ii NETWORK DRIVER FOR MICRO OS XV6 A Project by Anmoldeep Singh Sandhu Approved by: __________________________________, Committee Chair Dr. Jinsong Ouyang __________________________________, Second Reader Dr. Jingwei Yang ____________________________ Date iii Student: Anmoldeep Singh Sandhu I certify that this student has met the requirements for format contained in the University format manual, and this thesis is suitable for electronic submission to the library. Credit is awarded for the Project. __________________________, Graduate Coordinator ___________________ Dr. Jinsong Ouyang Date Department of Computer Science iv Abstract of NETWORK DRIVER FOR MICRO OS XV6 by Anmoldeep Singh Sandhu The network driver is one of the primary requirements for any operating system. Xv6 is a micro-operating system based on version 6 Unix. The latest version of xv6 does not have support for the ethernet driver or the four-layer UDP/IP model. Our work extends the xv6 operating system to support a functioning network driver with the capability of handling a packet burst. This Project also adds support for UDP/IP and Ethernet protocol to the xv6 operating system. _______________________ Committee Chair Dr. Jinsong Ouyang _____________________ Date v ACKNOWLEDGMENTS I am thankful to Dr. Ouyang for providing me the opportunity to learn new skills in the field of driver development. Dr. Ouyang showed trust in me in carrying out this Project.
  • UC ONLINE* Berkeley's Multiloop Computer Control Program

    UC ONLINE* Berkeley's Multiloop Computer Control Program

    ti Na classroom UC ONLINE* Berkeley's Multiloop Computer Control Program ALAN S. FOSS course, my colleagues, because there is seldom a sec­ University of California ond. Not everyone will agree with that of course, and Berkeley, CA 94720 those that do will ask, "How?" ULTILOOPS ABOUND. They are all around us. HERE'S HOW We invent these intricate control systems and M Imagine that you have a computer program that apply them to distillation columns, fired heaters, reac­ permits the user to configure any multiloop control tors, steam systems. They are the "brains" and "nerv­ system he desires for a particular process, say the ous system" of chemical processes. Processes need system shown in Figure 1 for a distillation column. them to operate and to operate safely. And suppose such a control system accepts process That's news? Not at all. Everyone has known it for "measurements" from a dynamic simulation of the col­ generations. Everyone, that is, except the students in umn and delivers its "commands" to that same simula­ our process control courses here in the States.** tion. With the keyboard command That's got to change! And the change has to be made in the first course in process control-the first YC, KP = 10, KI = 20, FREQ = 5 the user sets the proportional- and integral-gain pa- Reflux, L Feed Z,F,Q Author Alan Foss writes that "ofter a quarter of a century of search­ ing for ways to tell Californians about process control, I om still search­ ing. The article published here reports one of the 'finds' along the way.
  • Defense Data Network (DDN) Comply with the Official Dod Military Standard (MIL-STD) Protocols

    Defense Data Network (DDN) Comply with the Official Dod Military Standard (MIL-STD) Protocols

    LIBRARY KB:~50002 RESEARCH REPORTS DIVISION NAVAL POSTGRADUATE SCHOOL MONTEREY, CALfFORNIA 93940 DEFENSE COMMUNICATIONS AGENCY // <2--«y" ^DN PROTOCOL IMPLEMENTATIONS AND VENDORS GUIDE AUGUST 1987 [M^ V. 7 i-" ^n^^^^^TK. DEFENSE COMMUNICATIONS AGENCY DDN PROTOCOL IMPLEMENTATIONS AND VENDORS GUIDE AUGUST 1987 Editor Francine Perillo Additional copies of this document may be obtained from the DDN Network Information Center, SRI International, 333 Ravenswood Avenue, Room EJ291, Menio Park, CA 94025. Price is $30.00 domestic, $35 overseas. Copies may also be obtained from the Defense Technical Information Center (OTIC), Cameron Station, Alexandria, VA 22314. It is the intent of the DDN Network Information Center (NIC) to make the DDN Protocol Implementations and Vendors Guide widely available to subscribers of the DDN. The Guide may be obtained in hardcopy or machine-readable form. Hardcopy is available from the NIC for $30.00 ($35.00 overseas) to cover the costs of reproduction and handling. Send check or purchase order to the DDN Network Information Center, SRI International, Room EJ291, 333 Ravenswood Avenue, Menlo Park, CA 94025. Copies are available online to DDN users who have access to the file transfer services, FTP or KERMIT, using pathname NETINFO:VENDORS-GUIDE.DOC. The online file is updated on a continual basis. The hardcopy version is published twice a year in February and August. DDN Protocol Implementations and Vendors Guide. Printed and bound in the United States of America. Published by the DDN Network Information Center, SRI International, Menlo Park, CA 94025. Date: August, 1987 u NOTICE The DDN Protocol Implementation and Vendors Guide is for informational purposes only.
  • DDN (Defense Data Network) Protocol Implementations and Vendors Guide

    DDN (Defense Data Network) Protocol Implementations and Vendors Guide

    D-RI92 196 DON (DEFENSE DATA NETUORK) PROTOCOL IMPLEMENTATIONS AND 1/'4 VENDORS OIJIDE(U) SRI INTERNATIONAL MENLO PARK CA DON NETUORK INFORMATION CENTER D J OAKLEY ET AL. FEB ES F/ 25/ L NIC- 2 C2ES-S?-C-20 W U:CLAS SIFIED smmhhomhhhhhm smmhmmhhhhhhhu mhhhmmhhhhmhh ! -11, R""-F, "'lP TEST CHART - U" " . I-".. " -"-" '..-G ,-" ,,-.-,-.- --.-- ".:- " " ""I'" "".-" -6 *, .-. ,,, ,.- 'L, . ,•,.. " ,. p . UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAG REPORT DOCUMENTATION PAGE I&. REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS 12a. SECURITY CLASSIFICATION AUTHORITY 3. DISTRIBUTION/AVAILABIUTY OF REPORTb _____________________________________ Distribution Statement A. 2b. DECLASSIFICATION I DOWNGRADING SCHEDULE Approved for public release. Distribution unlimited. 4. PERFORMING ORGANIZATION REPORT NUMBER(S) 5. MONITORING ORGANIZATION REPORT NJUMBER(S) NIC 50002 Ea. NAME OF PERFORMING ORGANIZATION 6b. OFFICE SYMBOL 7a. NAME OF MONITORING ORGANIZATION SRI International (If applicable) Defense Data Network DDN Network Information CentIr Defense CommunicationF Svstem 6c. ADDRESS (City, State, and ZIP Code) 7b. ADDRESS (City,' State, "n ZIP Code) Menlo Park, CA 94025 McLean,VA 22102 Ba. NAME OF FUNDING /SPONSORING 8b. OFFICE SYMBOL 9. PROCUREMENT INSTRUMENT IDENTIFICATION NUMBER ORGANIZATIONI (ifapplicable) 8c. ADDRESS (CIty. State, and ZIP Code) 10. SOURCE OF FUNDING NUMBERS ELEMENT NO. NO. NO. IACCESSION NO. 11. TITLE (Include Security Classificati on) DDN Protocol Implementations and Vendors Guide .. ,,--. 12. PERSONAL. AUTHOR(S) Oakley, Daniel; Perillo, Francine, eds. __________________ 13a. TYPE OF REPORT 13b. TIME COVERED 14. DATE OF REPORT (Year, Month, Day) S. PAGE COUNT FROM _____TO ____ 880200 20 16. SUPPLEMENTARY NOTATION . FIELD GROUP SUB-GROUP Transmission Control Protocol/ Internet Protocol; TCP/IP; 17. COSATCODESVe18. sC TERMS;(CI impleeencsaiond; DeensebokNetwer) Dat ; DDN; DDN protocol suite.
  • An X86/64 Separation Kernel for High Assurance

    An X86/64 Separation Kernel for High Assurance

    Muen - An x86/64 Separation Kernel for High Assurance Reto Buerki Adrian-Ken Rueegsegger August 29, 2013 University of Applied Sciences Rapperswil (HSR), Switzerland ii Abstract Computer systems are used to store and protect highly sensitive data. At the same time the resources and determination of attackers have increased significantly. Therefore, systems capable of safeguarding critical information must conform to rigorous quality standards to establish trust in the correct functioning. Attaining high assurance for today's monolithic operating systems is exceptionally hard since they tend to be large and include complex functionality. This fact is highlighted by regular security updates provided by operating system vendors. Thus, they are a weak foundation for building secure systems. In contrast, microkernels can be well suited as a basis for systems with strict demands on robustness. They are by definition small, which is a precondition for rigorous verification of correctness. Additionally, they lend themselves to the construction of component-based systems where the incorrect behavior of one partition does not impact the whole system. A separation kernel (SK) is a specialized microkernel that provides an execution environment for multiple components that can only communicate according to a given policy and are otherwise isolated from each other. Hence, the isolation also includes the limitation of potential side- and covert channels. SKs are generally more static and smaller than dynamic microkernels, which minimizes the possibility of kernel failure and should ease the application of formal verification techniques. Recent addition of advanced hardware virtualization support for the Intel x86 architecture has the potential of greatly simplifying the implementation of a separation kernel which can support complex systems.
  • Reflections on UNIX Vulnerabilities

    Reflections on UNIX Vulnerabilities

    Reflections on UNIX Vulnerabilities Matt Bishop Department of Computer Science University of California at Davis Davis, CA 95616-8562 [email protected] Abstract—The UNIX operating system was developed in composition, or even the proper definition of policy. Instead, a friendly, collaborative environment without any particular it focuses on a particular category of security holes or predefined objectives. As it entered less friendly environments, vulnerabilities for the UNIX1 operating system. Because of expanded its functionality, and became the basis for commer- cial, infrastructure, and home systems, vulnerabilities in the the natural evolution of systems over the years that this paper system affected its robustness and security. This paper presents spans, I construe the terms “UNIX” and “UNIX operating a brief history of UNIX vulnerabilities, beginning with a report system” liberally, to include UNIX-like systems such as written in 1981–1983, but never published. It examines how the Linux. nature of vulnerabilities has (and has not) changed since then, A report I wrote in 1981, and expanded in 1983, motivates and presents some thoughts on the future of vulnerabilities in 2 the UNIX operating system and its variants and other UNIX- this reflection. That report presented several UNIX security like systems. vulnerabilities, and discussed their causes and how to fix them or, where no fixes were available, how to ameliorate Keywords-UNIX security; vulnerabilities; security policy; history; future them. It was circulated among computer security researchers, system administrators, and developers of UNIX systems, but was never published. I. INTRODUCTION This paper examines UNIX vulnerabilities, and their im- In 1981, computer security was not considered a main- pact on UNIX security, in three periods that are roughly stream subdiscipline of computer science.
  • Andrew S. Tanenbaum: the Impact of MINIX

    Andrew S. Tanenbaum: the Impact of MINIX

    COMPUTINGCOLUMN SECTION CONVERSATIONS TITLE Andrew S. Tanenbaum: The Impact of MINIX Charles Severance, University of Michigan Andrew S. Tanenbaum describes the motivation, development, and market impact of the MINIX operating system. he story of the evolution when teaching courses about OSes. crashing at random. The functionality of Unix and Unix-like At first, Tanenbaum used a booklet was there, but it would run for 15 min- operating systems written by John Lions ( John Lions’ utes and then crash. T is very convoluted. Commentary on Unix 6th ed., with Modern Unix-like OSes generally Source Code; Peer-to-Peer Communi- Tanenbaum knew he was close, derive from AT&T/BSD Unix or some cations, 1976) to teach his classes: but he had trouble solving that “one variation of Linux. But in the begin- last bug” so he wrote software to ning, there was only AT&T Unix, I was teaching a course on operating emulate the PC hardware: and if you trace the moment where systems using version 6 Unix; John the Linux-like OSes flickered to life, Lions wrote a book describing it line by I ran my operating system on a sim- you’ll find the MINIX OS. line that was very popular at universi- ulator for the PC that was entirely MINIX’s original purpose was ties. The bean counters at AT&T didn’t deterministic and reproducible, and simply to support university courses like this: having every computer sci- then after it crashed, I ran it again and that attempted to teach OSes. Es- ence student in the world learn about looked at the last 100,000 instructions sentially, it was a set of floppy disks its product was a horrible idea.