Security and Privacy in Computer Systems

Last updated

Security and Privacy in Computer Systems is a paper by Willis Ware that was first presented to the public at the 1967 Spring Joint Computer Conference. [1] [2] [3]

Contents

Significance

Ware's presentation was the first public conference session about information security and privacy in respect of computer systems, especially networked or remotely-accessed ones. [4] [5] [6] [7]

The IEEE Annals of the History of Computing said that Ware's 1967 Spring Joint Computer Conference session, together with 1970's Ware report, marked the start of the field of computer security. [8] [9]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. Those constraints and restrictions are often asserted as a security policy.

<span class="mw-page-title-main">Time-sharing</span> Computing resource shared by concurrent users

In computing, time-sharing is the sharing of a computing resource among many tasks or users. It enables multi-tasking by a single user or enables multiple user sessions.

In telecommunications, packet switching is a method of grouping data into packets that are transmitted over a digital network. Packets are made of a header and a payload. Data in the header is used by networking hardware to direct the packet to its destination, where the payload is extracted and used by an operating system, application software, or higher layer protocols. Packet switching is the primary basis for data communications in computer networks worldwide.

<span class="mw-page-title-main">ARPANET</span> Early packet switching network (1969–1990), one of the first to implement TCP/IP

The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first computer networks to implement the TCP/IP protocol suite. Both technologies became the technical foundation of the Internet. The ARPANET was established by the Advanced Research Projects Agency (ARPA) of the United States Department of Defense.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

<span class="mw-page-title-main">Donald Davies</span> Welsh computer scientist (1924–2000)

Donald Watts Davies, was a Welsh computer scientist who was employed at the UK National Physical Laboratory (NPL).

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

<span class="mw-page-title-main">Lawrence Roberts (scientist)</span> American electrical engineer and Internet pioneer

Lawrence Gilman Roberts was an American engineer who received the Draper Prize in 2001 "for the development of the Internet", and the Principe de Asturias Award in 2002.

<span class="mw-page-title-main">Computer network</span> Network that allows computers to share resources and communicate with each other

A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.

SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments.

The American Federation of Information Processing Societies (AFIPS) was an umbrella organization of professional societies established on May 10, 1961, and dissolved in 1990. Its mission was to advance knowledge in the field of information science, and to represent its member societies in international forums.

<span class="mw-page-title-main">Willis Ware</span> American computer scientist, engineer and social critic

Howard George Willis Ware, popularly known as Willis Howard Ware was an American computer pioneer who co-developed the IAS machine that laid down the blueprint of the modern day computer in the late 20th century. He was also a pioneer of privacy rights, social critic of technology policy, and a founder in the field of computer security.

<span class="mw-page-title-main">NPL network</span> Historical network in England pioneering packet switching

The NPL network, or NPL Data Communications Network, was a local area computer network operated by a team from the National Physical Laboratory (NPL) in London that pioneered the concept of packet switching.

<span class="mw-page-title-main">Stephen J. Lukasik</span> American physicist (1931–2019)

Stephen Joseph Lukasik was an American physicist who served in multiple high-level defense and scientific related positions for advancing the technologies and techniques for national defense and the detection and control of diverse types of weapons of mass destruction, especially nuclear devices. He was the second longest serving Director of DARPA - the Defense Advanced Research Projects Agency – during which numerous new technologies including packet and internet protocols were developed. He was also the first chief scientist of the Federal Communications Commission where he created its Office of Science and Technology and which facilitated the commercial deployment of new technology that included spread spectrum technology.

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

Security Controls for Computer Systems, commonly called the Ware report, is a 1970 text by Willis Ware that was foundational in the field of computer security.

References

  1. Kaplan, Fred (2020-12-18). "A Hack Foretold". Slate. Retrieved 2020-12-18. In April 1967, just before the ARPANET's rollout, an engineer named Willis Ware wrote a paper called 'Security and Privacy in Computer Systems' ... warning that once users could access data from multiple locations, people with certain skills could hack into a network—and after hacking into one part of the network, they could roam at will. Stephen Lukasik, ARPANET's supervisor, took Ware's paper to his team and asked what they thought. The team was annoyed. They begged Lukasik not to saddle them with a security requirement. ... Let's do this step by step, the team said. It had been hard enough to get the system to work; the Russians wouldn't be able to match it for decades. It did take decades—about three decades—for the Russians, then the Chinese and others, to develop their own systems along with the technology to hack America. Meanwhile, vast systems and networks would sprout up throughout the U.S. and much of the world, without any provisions for security. Some provisions would be backfitted later, but the vulnerability that Ware and the later studies observed was built into the technology. That's the root of the problem we're seeing today.
  2. "AFIPS Spring Joint Computing Conference 1967: Atlantic City, NJ, USA". DBLP.
  3. Willis H. Ware (1967), Security and Privacy in Computer Systems , pp. 279–282, doi:10.1145/1465482.1465523, Wikidata   Q104882139
  4. Carpenter-Huffman, P.; Rapp, Marjorie L. (1972). Testing in innovative systems. RAND Corporation. Ware organized the first session on data privacy/security ever held at a computer conference - "Security and Privacy in Computer Systems" at the 1967 Spring Joint Computer Conference (SJCC), April 1967.
  5. Turn, R.; Ware, W. H. (July 1976). Privacy and security issues in information systems (PDF). RAND Corporation. Archived (PDF) from the original on June 1, 2022. The first apprehension with computer security began In the 1950s with concern over degaussing of magnetic tapes and preventing dissemination of classified information via electromagnetic emanations. By the mid—1960s time—sharing and multiprogramming allowed computer systems to serve many users simultaneously, and on-line programming, job execution, and data file manipulations could be performed from remotely located terminals. In such systems, as first discussed at the 1967 Spring Joint Computer Conference, security problems are different; there are many vulnerabilities which can be exploited by maliciously motivated users or by intruders from outside the system to perpetrate a variety of threats.
  6. "Computer Security". Rutgers Journal of Computers and the Law. 5: 221. 1975. The earliest concerns arose in connection with computer applications in the military, where large databases and remote access to central computing files first emerged. With good reason, much of the information on how to make military systems secure remains classified. Such expertise was first brought to civilians during the 1967 Spring Joint Computer Conference.
  7. Ware, Willis H. (2008). RAND and the information evolution : a history in essays and vignettes (PDF). RAND Corporation. ISBN   978-0-8330-4513-3. From this milieu, the topic of computer security—later to be called information-system security and currently also referred to as protection of the national information infrastructure—moved from the world of classified defense interests into public view for the first time. A few people—Bob Patrick, Pat Haverty, and Willis Ware among others—all then at the RAND Corporation ... had, in the late 1950s and early 1960s, been talking about the growing dependence of the country and its institutions on computer technology. It concerned them that the installed systems might not be able to protect themselves and their data against intrusive and destructive attacks. While there had been a few papers at the conferences on social effects of burgeoning computer technology, they decided that it was time to more directly bring the security aspect of computer systems to the attention of the technology and user communities. A fortuitous enabling event was the development within the National Security Agency (NSA) of a remote-access time-sharing system with a full set of security-access controls, running on a UNIVAC 494 machine, and serving terminals and users not only within the headquarters building at Fort George G. Meade, Maryland, but also worldwide. Willis Ware knew of the existence and details of the system. It proved possible to have a paper about the NSA system presented in a public forum, and, with two others from RAND to help—Harold Petersen and Rein Turn—plus Bernard Peters of NSA, a group of papers was organized and offered to the SJCC conference management as a ready-made additional paper session to be chaired by Ware. The conference accepted the offer, and the session was presented at the Atlantic City (N.J.) Convention Hall in 1967.
  8. Misa, Thomas J. (October–December 2016). "Computer Security Discourse at RAND, SDC, and NSA (1958-1970)". IEEE Annals of the History of Computing. IEEE Computer Society. 38 (4): 12–25. doi:10.1109/MAHC.2016.48. ISSN   1058-6180. S2CID   17609542. The 1967 Spring Joint Computer Conference session organized by Willis Ware and the 1970 Ware Report are widely held by computer security practitioners and historians to have defined the field's origin.
  9. Yost, Jeffrey R. (October–December 2016). "Computer Security, Part 2" (PDF). IEEE Annals of the History of Computing. IEEE Computer Society. 38 (4): 10–11. doi:10.1353/ahc.2016.0040. S2CID   35453662. Archived from the original (PDF) on 2019-02-20. The 1970 (Willis H.) Ware Report and the 1967 Spring Joint Computer Conference (SJCC) Ware-led 'Computer Security and Privacy' session are focal points of historians and computer security scientists and are generally considered the beginning of multilevel computer security.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.