References

AMPH87

Abrams, Marshall, Podell, and Harold. Computer and Network Security. Catalog No. EH0255-0. IEEE Computer Society Press, 1987.

Ank92

R. Ankney. Security Services in Message Handling Environments. The Messaging Technology Report, 1(5), June 1992.

ANS85

Financial Institution Key Management (Wholesale) Standard. American National Standard X9.17, American National Standards Institute, 1985.

ANS86

Financial Institution Message Authentication (Wholesale). Technical Report X9.9, American National Standards Institute, 1986.

ANS89

Database Language - SQL with Integrity Inhancements. American National Standard X3.135, American National Standards Institute, 1989.

ANS92

Database Language SQL. American National Standard X3.135-1992, American National Standards Institute, 1992.

ATT90

AT&. UNIX System V Release 4 Network User's and Administrator's Guide, 1990.

Bel89

Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, 9(2):32-48, April 1989.

bel90

Integrated Information Systems Architecture Seminar. Bell Atlantic, February 22 1990.

Bel92

Steven M. Bellovin. There Be Dragons. In USENIX Security Symposium III Proceedings, pages 1-16. USENIX Association, September 14-16 1992.

CA-92

CERT Advisory: Altered System Binaries Incident. CERT, June 22 1992.

CA-93

CERT Advisory: Anonymous FTP Activity. CERT, July 14 1993.

CB94

William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security. Addison-Wesley, Reading, MA, 1994.

CCI88a

X.400, Message handling system and service overview. CCITT, 1988.

CCI88b

X.402, Message handling systems: Overall architecture. CCITT, 1988.

CCI88c

X.411, Message handling systems - Message transfer system: Abstract service definition and procedures. CCITT, 1988.

CCI88d

X.509, The Directory - Authentication Framework. CCITT, 1988.

Cha92

D. Brent Chapman. Network (In)Security Through IP Packet Filtering. In USENIX Security Symposium III Proceedings, pages 63-76. USENIX Association, September 14-16 1992.

Che90

William R. Cheswick. The Design of a Secure Internet Gateway. In USENIX Summer Conference Proceedings. USENIX Association, June 1990.

CM89

D. Rush C. Mitchell, M. Walker. CCITT/ISO Standards for Secure Message Handling. IEEE Journal on Selected Areas in Communications, 7(4), May 1989.

Com86

Federal Communications Commission. Computer Inquiry III. FCC, June 1986.

Cou89

National Research Council. Growing Vulnerability of the Public Switched Networks. National Academy Press, 1989.

Cou90

National Security Telecommunications Advisory Council. Report of the Network Security Task Force. National Security Telecommunications Advisory Council, 1990.

CTC93

The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) Version 3.0e. Canadian System Security Centre, Communications Security Establishment, Government of Canada, January 1993.

Cur92

D. Curry. UNIX System Security. Addison-Wesley Publishing Company, Inc., 1992.

Dol88

S.E. Dolan. Open Network Architecture from an Operational Perspective. In IEEE Globecom. IEEE, 1988.

Dwo91

F.S. Dworak. Approaches to Detecting and Resolving Feature Interactions. In Proceedings, IEEE Globecom. IEEE, 1991.

Fah92

Paul Fahn. Answers to Frequently Asked Questions About Today's Cryptography. RSA Laboratories, 1992.

FC92

Federal Criteria for Information Technology Security Version 1.0. National Institute of Standards and Technology and National Security Agency, December 1992.

FIP85

Computer Data Authentication. Federal Information Processing Standards Publication FIPS 113, National Bureau of Standards (U.S.), May 30 1985.

FIP90

Database Language SQL. Federal Information Processing Standard 127-1, National Institute of Standards and Technology, 1990.

FIP92

Key Management Using ANSI X9.17. Federal Information Processing Standards Publication 171, National Institute of Standards and Technology, April 27 1992.

FIP93a

Database Language SQL. Federal Information Processing Standard 127-2, National Institute of Standards and Technology, January 1993.

FIP93b

Portable Operating System Interface (POSIX) - System Application Program Interface [C Language]. Federal Information Processing Standard 151-2, National Institute of Standards and Technology, May 12 1993.

FIP93c

Draft Digital Signature Standard (DSS). Federal Information Processing Standard, National Institute of Standards and Technology, February 1 1993.

FIP93d

Draft Standard Security Label for Information Transfer. Federal Information Processing Standard, National Institute of Standards and Technology, September 30 1993.

FIP94

Security Requirements for Cryptographic Modules. Federal Information Processing Standards Publication 140-1, National Institute of Standards and Technology, January 11 1994.

Fis93

G. Fisher. Application Portability Profile (APP) The U.S. Government's Open System Environment Profile OSE/1 Version 2.0. NIST Special Publication 500-187. National Institute of Standards and Technology, June 1993.

For94

Warwick Ford. Computer Communications Security. Prentice-Hall, Englewood Cliffs, NJ, 1994.

GS91

S. Garfinkel and G. Spafford. Practical Unix Security. O'Reilly & Associates, Inc., 1991.

Hel90

Dan Heller. XView Programming Manual. O'Reilly & Associates, Inc., 1990.

iee86

Helping Computers Communicate. IEEE Spectrum, March 1986.

ISO90a

Information Technology - Portable Operating System Interface (POSIX) - Part 1: System Application Program Interface (API) [C Language]. ISO/IEC 9945-1, 1990.

ISO90b

Remote Database Access - Part 1: Generic Model. ISO/JTC1/SC21 N4282, Information Processing Systems - Open Systems Interconnect, 1990.

ISO90c

Remote Database Access - Part 2: SQL Specialization. ISO/JTC1/SC21 N4281, Information Processing Systems - Open Systems Interconnect, 1990.

ISO92

ISO-ANSI Working Draft Database Language SQL (SQL3). ISO/IEC JTC1/SC21 N6931, ISO/IEC, July 1992.

ITS91

Information Technology Security Evaluation Criteria (ITSEC). Department of Trade and Industry, London, June 1991. Harmonized Criteria of France, Germany, the Netherlands, and the United Kingdom;.

JS92

Saqib Jang and Vipin Samar. Network Information Service Plus (NIS+): An Enterprise Naming Service. Solaris 2.0 White Papers, SunSoft, 1992.

Klu92

H.M. Kluepfel. A Systems Engineering Approach to Security Baselines for SS7. Technical Report TM-STS-020882, Bellcore, 1992.

Koh91

J.T. Kohl. The Evolution of the Kerberos Authentication Service. In Proceedings - Spring 1991 EurOpen Conference, 1991.

Koh92

J.T. Kohl. The Kerberos Network Authentication Service (V5), RFC, Revison #5. MIT, April 1992.

Kuh91

D.R. Kuhn. IEEE's POSIX: Making Progress. IEEE Spectrum, December 1991.

LeF92

William LeFebvre. Restricting Network Access to System Daemons Under SunOS. In USENIX Security Symposium III Proceedings, pages 93-104. USENIX Association, September 14-16 1992.

Lin90

J. Linn. Practical Authentication for Distributed Computing. In 1990 Security and Privacy Symposium. IEEE CS Press, May 1990.

Nec92

James Nechvatal. A Public-Key Certificate Management System. National Institute of Standards and Technology, May 1992.

NIS91a

Advanced Athentication Technology. NIST Computer Systems Laboratory Bulletin, NIST, November 1991.

NIS91b

Public-Key Cryptography. NIST Special Publication 800-2. National Institute of Standards and Technology, April 1991.

OB91

Karen Olsen and John Barkley. Issues in Transparent File Access. NIST Special Publication 500-186. National Institute of Standards and Technology, April 1991.

PI93

W. Timothy Polk and Lawrence E. Bassham III. Security Issues in the Database Language SQL. NIST Special Publication, 800-8. National Institute of Standards and Technology, August 1993.

POS92a

Draft Guide to the POSIX Open Systems Environment. P1003.0/D16, IEEE, 1992.

POS92b

Draft Standard for Information Technology - Portable Operating System Interface (POSIX) - Amendment: Protection, Audit and Control Interfaces. P1003.1e/D13, IEEE, November 1992.

POS92c

Draft Standard for Information Technology - Portable Operating System Interface (POSIX) - Part 2: Shell and Utilities - Amendment: Protection and Control Utilities. P1003.2c/D13, IEEE, November 1992.

POS93

Draft Standard for Transparent File Access Amendment to Portable Operating System Interface (POSIX). P1003.1f/D8, IEEE, November 1993.

PR91

Holbrook P. and J. Reynolds. RFC 1244: Security Policy Handbook. prepared for the Internet Engineering Task Force, 1991.

Ran92

Marcus Ranum. An Internet Firewall. In World Conference on Systems Management and Security, 1992.

Ran93

Marcus Ranum. Thinking About Firewalls. In SANS-II Conference, April 1993.

Rap93

Raptor Systems Incorporated. Eagle Network Security Management System, User's Guide, 1993.

Ros90

Marshall T. Rose. The Open Book. Prentice-Hall, 1990.

Ros91

David S. H. Rosenthal. Inter-Client Communication Conventions Manual. MIT X Consortium, 1991. MIT X Consortium Standard. X Version 11, Release 5.

RS89

J. Gettys R.W. Scheifler. The X Window System. ACM Transactions on Graphics, 5(2), 1989.

Rus91

G. T. Russell, Deborah & Gangemi Sr. Computer Security Basics. O'Reilly & Associates, Inc., 1991.

Sch91

Robert Scheifler. X Security. MIT X Consortium, 1991. MIT X Consortium Standard. X Version 11, Release 5.

SH88

G. Giridharagopal S. Homayoon. ONA: Demands on Provisioning and Performance. In IEEE Globecom. IEEE, 1988.

Sim88

L. Simpson. Open Network Architecture: OAM Perspective, an RBOC's View. In IEEE Globecom. IEEE, 1988.

SMS87

J.I. Schiller S.P. Miller, B.C. Neuman and J.H. Saltzer. Kerberos Authentication and Authorization System. Section E.2.1, MIT Project Athena, December 21 1987.

SQ92

Carl-Mitchell S. and John S. Quarterman. Building Internet Firewalls. UnixWorld, pages 93-102, February 1992.

SUN90a

Sun Microsystems Inc. Network Programming Guide, Revision A March 27 1990.

SUN90b

Sun Microsystems Inc. System & Network Administration, Revision A March 27 1990.

TA91

J.J. Tardo and K. Alagappan. SPX: Global Authentication Using Public Key Certificates. In Proc. IEEE Symp. Research in Security and Privacy. IEEE CS Press, 1991.

TCS85

Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, National Computer Security Center, December 1985.

TDI91

Trusted Database Management System Interpretation. NCSC-TG 021, National Computer Security Center, April 1991.

TNI90

Trusted Network Interpretation. NCSC-TG 005, National Computer Security Center, August 1990.

Ven92

Wietse Venema. TCP Wrapper: Network Montoring, Access Control and Booby Traps. In USENIX Security Symposium III Proceedings, pages 85-92. USENIX Association, September 14-16 1992.

WL92

T.Y.C. Woo and Simon S. Lam. Authentication for Distributed Systems. IEEE CS Press, 1992.

Woo87

J. P. L Woodward. Security Requirements for System High and Compartmented Mode Workstations. Technical Report MTR 9992, Revision 1, The MITRE Corporation, Bedford, MA, November 1987. Also published by the Defense Intelligence Agency as document DDS-2600-5502-87.

• ISO Protocol Security Standardization Projects