Trust in cyberspace

Summary of contents
INTRODUCTION

• Trustworthy Networked Information Systems
• What Erodes Trust
• This Study in Context
• Scope of This Study
• References

• Network Design
• The Public Telephone Network
• Network Services and Design
• Authentication
• The Internet
• Network Services and Design
• Authentication (and other Security Protocols)
• Findings
  
• Network Failures and Fixes
• Environmental Disruption
• Link Failures
• Congestion
• Findings
  
• Operational Errors
• Findings
  
• Software and Hardware Failures
• Finding
• Malicious Attacks
• Attacks on the Telephone Network
• Routing Attacks
• Database Attacks
• Facilities
• Findings
  
• Attacks on the Internet
• Name Server Attacks
• Routing System Attacks
• Protocol Design and Implementation Flaws
• Findings
  
• Emerging Issues
• Internet Telephony
• Finding
• Is the Internet Ready for "Prime Time"?
• Findings
  
• References

• Introduction
• Background
• The Role of Software
• Development of a Networked Information System
• System Planning, Requirements, and Top-level Design
• Planning and Program Management
• Requirements at the Systems Level
• Background
• The System Requirements Document
• Notation and Style
• Where to Focus Effort in Requirements Analysis and Documentation
• Top-Level Design
• Critical Components
• The Integration Plan
• Project Structure, Standards, and Process
• Barriers to Acceptance of New Software Technologies
• Findings
  
• Building and Acquiring Components
• Component-level Requirements
• Component Design and Implementation
• Programming Languages
• Systematic Reuse
• Commercial Off-the-Shelf Software
• The Changing Role of COTS Software
• General Problems with COTS Components
• Interfacing Legacy Software
• Findings
  
• Integrating Components into a Trustworthy System
• System Integration
• System Assurance
• Review and Inspection
• Formal Methods
• Testing
• System Evolution
• Findings
  
• References

• Introduction
• Evolution of Security Needs and Mechanisms
• Access Control Policies
• Shortcomings of Formal Policy Models
• A New Approach
• Findings
  
• Identification and Authentication Mechanisms
• Network-based Authentication
• Cryptographic Authentication
• Token-based Mechanisms
• Biometric Techniques
• Findings
• Cryptography and Public-Key Infrastructure
• Findings
  
• The Key-Management Problem
• Key-Distribution Centers
• Certification Authorities
• Actual Deployments of Large-scale Key-Distribution Centers and
• Certification Authorities
• Public-Key Infrastructure
  
• Findings
• Network Access Control Mechanisms
• Closed User Groups
• Virtual Private Networks
• Firewalls
• Limitations of Firewalls
• Guards
• Findings
  
• Foreign Code and Application-level Security
• The ActiveX Approach
• The Java Approach
• Findings
  
• Fine-grained Access Control and Application Security
• Findings
  
• Language-based Security: Software Fault Isolation and
• Proof-carrying Code
• Findings
  
• Denial of Service
• Findings
  
• References

• Replication and Diversity
• Amplifying Reliability
• Amplifying Security
• Findings
  
• Monitor, Detect, Respond
• Limitations in Detection
• Response and Reconfiguration
• Perfection and Pragmatism
• Findings
  
• Placement of Trustworthiness Functionality
• Public Telephone Network
• Internet
• Minimum Essential Information Infrastructure
• Findings
  
• Nontraditional Paradigms
• Finding
• References

• Risk Management
• Risk Assessment
• Nature of Consequences
• Risk Management Strategies
• Selecting a Strategy
• Findings
  
• Consumers and Trustworthiness
• Consumer Costs
• Direct Costs
• Indirect Costs
• Failure Costs
• Imperfect Information
• Issues Affecting Risk Management
• Some Market Observations
• Findings
  
• Producers and Trustworthiness
• The Larger Marketplace and the Trend Toward Homogeneity
• Risks of Homogeneity
• Producers and Their Costs
• Costs of Integration and Testing
• Identifying the Specific Costs Associated with Trustworthiness
• Time to Market
• Other Issues
• The Market for Trustworthiness
• Supply and Demand Considerations
• Findings
  
• Standards and Criteria
• The Character and Context of Standards
• Standards and Trustworthiness
• Security-based Criteria and Evaluation
• Findings
  
• Cryptography and Trustworthiness
• Export Controls
• Key Recovery
• Factors Inhibiting Widespread Deployment of Cryptography
• Cryptography and Confidentiality
• Findings
  
• Federal Government Interests in NIS Trustworthiness
• Public-Private Partnerships
• The Changing Market-Government Relationship
• Findings
  
• The Roles of the NSA, DARPA, and other Federal Agencies in NIS
• Trustworthiness Research and Development
• National Security Agency
• Partnerships with Industry
• R2 Program
• Issues for the Future
• Findings
  
• Defense Advanced Research Projects Agency
• Issues for the Future
• Findings
• References

• Protecting the Evolving Public Telephone Network and the Internet
• Meeting the Urgent Need for Software That Improves Trustworthiness
• Reinventing Security for Computers and Communications
• Building Trustworthy Systems from Untrustworthy Components
• Social and Economic Factors That Inhibit the Deployment of Trustworthy Technology
• Implementing Trustworthiness Research and Development

• A Study Committee Biographies
• B Briefers to the Committee
• C Workshop Participants and Agendas
• D List of Position Papers Prepared for the Workshops
• E Trends in Software
• F Some Related Trustworthiness Studies
• G Some Operating System Security Examples
• H Types of Firewalls
• I Secrecy of Design
• J Research in Information System Security and Survivability Funded by the NSA and DARPA
• K Glossary