Abstract
Our computer technology has outpaced our security paradigms. The more we interconnect via common graphical interfaces, the more vulnerable we are to hackers, viruses and Trojan horses. Because incremental improvements in security technology will never permit us to catch up, this paper explores radical new ways to meet the security needs of today and tomorrow.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
National Computer Security Center (NCSC), Trusted Computer System Evaluation Criteria DOD-STD-025, 1975.
Common Criteria Editorial Board representing USA, Canada, France, UK, and Germany (CC), Common Criteria for Information Technology Security Evaluation (CC), to be published in quarter 1 1996.
Kuhn, Thomas, The Structure of Scientific Revolutions, 2nd Edition, University of Chicago Press, Chicago, 1970.
Hosmer, Hilary, “The Multipolicy Paradigm”, Proceedings of the 15th National Computer Security Conference, Baltimore, MD, 1992.
Communications Security Establishment (CSE), The Canadian Trusted Computer Product Evaluation Criteria Version 3.0e, Jan 1993.
Commission of the European Community (CEC), Information Technology Security Evaluation Criteria Version 1.2, June 1991.
Cugini, Janet, Janet, The Common Criteria: On the Road to International Harmonization, Computer Standards and Interfaces, 17, 1995.
Waldrop, Mitchell, Complexity, The Emerging Science at the Edge of Order and Chaos, Simon and Schuster, 1992.
Joint Security Commission (JSC), Redefining Security Washington, D.C., February 1994.
Department of Defense (DoD), Defense Information System Security Program, Department of Defense (DOD) Goal Security Architecture (DGSA) Version 1.0, August, 1993.
LaFountain, Steve, and Lynne Ambuel, “Protection Profiles and the Common Criteria”, Tutorial, Annual Computer Security Applications Conference, December 12, 1995.
Denning, Dorothy, “A New Paradigm For Trusted Systems”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R.I. Sept. 22–24, 1992, IEEE Press, 1993.
Desmedt, Yvo, “Computer Security By Redefining What A Computer Is,” Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R.I. Aug. 2–5, 1993, IEEE Press 1993.
Robinson, Clarence, “Molecular Biology Computation Captures International Research”, Signal, AFCEA’s International Journal, February 1996.
Meadows, Catherine, “Applying the Dependability Paradigm to Computer Security”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, La Jolla, CA, August 22–25, 1995, IEEE Press 1995.
Laprie, J-C. “Dependability: A Unifying Concept for Reliable, Safe, Secure Computing,” LAAS-CNRS, Toulouse, Esprit Basic Research Project 6362, PDCS Technical Report Series, April 1992.
Zadeh, Lofti, Fuzzy Sets and Applications: Selected Papers by L.A. Zadeh, ed. by Yager, Ovchinnikov, Tong, and Nguyen, published by John Wiley and Sons, 1987.
Hosmer, Hilary H. “Security is Fuzzy! Applying Fuzzy Logic to the Multipolicy Paradigm”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R.I., 1993, reprinted in Computer Security Journal, Volume XI, Number 2, Fall 1995.
Schmucker, Kurt, Fuzzy Sets, Natural Language Computation, and Risk Analysis, Computer Security Press, 1984.
W.G. deRu and JHP Eloff, “Reinforcing Password Authentication with Typing Biometrics”, Information Security - the Next Decade, Proceedings of IFIP SEC ’85 Conference, Capetown, South Africa, edited by H.P. Eloff and Sebastiaan H. Von Solms, published by Chapman and Hall, 1995.
McLean, John, “New Paradigms For High Assurance Software”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R.I. 1992, IEEE Press 1993.
Eckert, Claudia, “Matching Security Policies to Application Needs”, Information Security - the Next Decade, Proceedings of IFIP SEC ’85 Conference, Capetown, South Africa, edited by H.P. Eloff and Sebastiaan H. Von Solms, published by Chapman and Hall, 1995.
Nelson, Ruth, D. Becker, J. Brunell and J. Heimann. Heimann,“Mutual Suspicion for Network Security,” Proceedings of the 13th National Computer Security Conference, Baltimore, MD, September 1990.
Nelson, Ruth, and Hilary Hosmer, “Security for Infinite Networks”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, La Jolla, CA. Aug. 22–25, 1995, IEEE Press 1995.
Hilborn, Gene, “Information Domains Metapolicy”, Proceedings of the 18th National Information Systems Security Conference, Baltimore, October 1995.
Hosmer, Hilary, “Integrating Security Policies”, Proceedings of the Third RADC MLS DBMS Workshop Castile, NY. June 1990, MITRE Technical Paper MTP 385.
Hosmer, Hilary H. “The Multipolicy Model, A Working Paper”, Proceedings of the Fourth RADC Workshop on Multilevel Secure Database Systems, Little Compton, Rhode Island, June 1991.
Hosmer, Hilary H., “Metapolicies I”, ACM SIGSAC Data Management Workshop, San Antonio, TX, December 1991, ACM SIGSAC Review 1992.
Hosmer, Hilary H, Hilary H., “Shared Sensitivity Labels”, Database Security, Status and Prospects, North-Holland, 1991.
Hosmer, Hilary, “The Multipolicy Machine: A New Paradigm For Multilevel Secure Systems,” Proceedings of Standard Security Label for GOSIP, an Invitational Workshop April 1991, NISTIR 4614 June 1991.
Hosmer, Hilary, “The Multipolicy Paradigm for Trusted Systems”, Proceedings of the 1992 New Security Paradigms Workshop, Little Compton, R.I. Sept. 22–24, 1992. IEEE Press, 1993.
Hosmer, Hilary, “Metapolicies II”, Proceedings of the 15th National Computer Security Conference, Baltimore, MD, 1992.
Hosmer, Hilary, “Multipolicy System Composition,” Proceedings of the 16th National Computer Security Conference, Baltimore, MD, 1993.
Campen, Alan, editor, The First Information War, AFCEA International Press, 1992.
Schwartau, Winn, Information Warfare Thunder’s Mouth Press, 1994.
Power, Richard, Current and Future Danger: A CSI Primer on Computer Crime and Information Warfare, Computer Security Institute, 1995.
Tate, Paul, “Risk! The Third Factor”, Datamation, April 15, 1988, reprinted in Barry Boehm’s Software Risk Management, IEEE Computer Society Press, 1989.
Fletcher, Sharon, “The Risk-Based Information Security Design Paradigm”, Proceedings of the IFIP SEC ’84 Conference, May 23–27, 1994, Curacao, NA.
Howe, Donald, “Information System Security Engineering: A Spiral Approach to Revolution”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R. I. 1992.
Booysen, H.A.S. and J.H.P. Eloff, “A Methodology for the Development of Secure Application Systems”, Information Security - the Next Decade, Proceedings of IFIP SEC ’85 Conference, Capetown, South Africa, edited by H.P. Eloff and Sebastiaan H. Von Solms, published by Chapman and Hall, 1995.
Boehm, B.W. “A Spiral Model of Software Development and Enhancement”, IEEE Computer, May 1988.
Fletcher, S. K., R. Halbgewachs, R.M. Jansma, M.D. Murphy, J.J. Lim, and G.D. Wyss, “Software Risk Management and Assurance”, Proceedings of the ACM SIGSAC New Security Paradigms Workshop, Little Compton, R. I. 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Hosmer, H.H. (1996). New Security Paradigms: Orthodoxy and Heresy. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_6
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive