Sciweavers

ACSAC
2002
IEEE

Thirty Years Later: Lessons from the Multics Security Evaluation

14 years 5 months ago
Thirty Years Later: Lessons from the Multics Security Evaluation
Almost thirty years ago a vulnerability assessment of Multics identified significant vulnerabilities, despite the fact that Multics was more secure than other contemporary (and current) computer systems. Considerably more important than any of the individual design and implementation flaws was the demonstration of subversion of the protection mechanism using malicious software (e.g., trap doors and Trojan horses). A series of enhancements were suggested that enabled Multics to serve in a relatively benign environment. These included addition of “Mandatory Access Controls” and these enhancements were greatly enabled by the fact the Multics was designed from the start for security. However, the bottom-line conclusion was that “restructuring is essential” around a verifiable “security kernel” before using Multics (or any other system) in an open environment (as in today’s Internet) with the existence of well-motivated professional attackers employing subversion. The lessons...
Paul A. Karger, Roger R. Schell
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where ACSAC
Authors Paul A. Karger, Roger R. Schell
Comments (0)