kolstad@sauron.Columbia.NCR.COM (Kai.Kolstad) (09/24/90)
_________________________________________________________________ I I I SECURITY INFORMATION NEEDED - CAN YOU HELP? I ----------------------------------------------------------------- I am beginning my thesis work on the "Architectures for Security in Distributed Systems". If you are interested in this area, or can direct me to documentation in this area, please read on. I will define the type of work and articles I am researching and the areas that I need information on. EMAIL OF ARTICLES, INFORMATION, COMMENTS ARE VERY WELCOME. In the world of standards two major security standards/requirements are evolving; 1) "National Computer Security Center", NCSC-TG-005 Version 1, Trusted Network Interpretation of the trusted computer system evaluation criteria, 31 July 1987. 2) ISO/TC97/SC21/WG1 Ad Hoc Group on Security," ISO 7498/Part 2 Security Architecture,"N1528, Sept 1986. The first reference extends "The Trusted Systems Evaluation Criteria (DOD 5200.28-STD)" to trusted network systems and components. The second reference is concerned with secure transfer between systems. a) I have reviewed these two major standards, but I do not have visibility into these standards' results/further activity since 1987. What has happened in the world of secure Open Systems since these standards were created? b) These two standards complement each other - have they given birth to other requirements? c) Will today's security standards meet the needs of the next decade of massive parallel architectures with extensive Interprocess Communication and Inter CPU communication? d) How do the above standards with different origins evolve toward a common target? e) Is there a framework that compares concepts and terminology in the DOD and ISO standards? f) Please let me know about articles that may focus my scope. What is the easiest and fastest way to obtain these articles? Also, I would appreciate help with the standards that exist. Have they been replaced by other, perhaps better standards or updates. g) My 1987 & 1986 are the latest I can obtain. Are they obsolete? Please feel free to let me know if I in my ignorance have lost focus on essential needs for the standardization of security in distributed systems. You can email me at the following address: --------------------------------------------------------------- Who: Kai Kolstad Where: kolstad@sauron.Columbia.NCR.COM Phone: (803) 791-6624 ---------------------------------------------------------------