It has now been twenty years since the Bell-LaPadula [1] security model was developed, providing the basis for
nearly all computer security work. Nine years later, specific
recommendations for implementing a "secure" computing system, based upon
the Bell-LaPadula model, were published by the US Department of Defense in
the Orange Book [2]. Two years after that, the
Computer Security Act of 1987 [3] was enacted, making
subversion of US "government interest" computers illegal. What has the
last 20 years of research and the last nine years of legal support added to
the overall security of systems? Certainly a great number of technical
advances have been made, particularly in the areas highlighted in this
issue: authentication, intrusion detection, and secure voting. But, are
we any closer to obtaining "real" security for our computers and networks?
Unfortunately, the answer seems to be no. Computer security incidents are on the rise, directly proportional to the growth of the Internet. More than 93.6% of all companies surveyed report at least one major security incident, and 43.3% of those companies have been victims more than 25 times [4]. While many technologies, such as firewalls, intrusion detection systems, audit reduction tools, and network security scanners can and should be implemented to better defend a site, these tools simply make the intruder's job more time-consuming, not necessarily more difficult. Further, requiring an intruder to spend extra time attacking a network is not a deterrent; in fact, many intruders may welcome the extra challenge and will try even harder to "win."
So, if a defensive tool simply buys a site some time, effective ways for the site to utilize the time would seem to be the critical question. Very little work has been done in the area of response tools. These tools need to be developed to help an investigator monitor the intruder, determine the extent of damage, collect any of the intruder's tools, and most importantly, track the intruder back to the the source machine and make a positive identification. Until more work has been done in these areas, the number of security incidents will continue to grow.
With the current purely defensive security paradigm, intruders have almost no risk of being caught. In the few cases where an intruder has been caught, the combination of luck, timing, arrogance on the part of the intruder, rare technical ability on the part of the pursuer, and high-profile interest is the only reason pursuers were successful [5]. Until potential intruders fear retribution (either legal or otherwise), the situation will only deteriorate. Worst of all, this is the situation now, in the early stages of Internet commerce and world-wide interconnectivity. Consider 5 or 10 years into the future when doing business over the Internet is commonplace, and organizations are so interconnected that critical resources are placed online.
So what should be done next? (1) Continue work on defensive and offensive tools to secure and defend a site, (2) organize better laws and response teams to aid in the capture and prosecution of intruders, and (3) educate the entire Internet community. Every person, from the general user to the advanced applications programmer, should know what types of holes make systems or applications vulnerable to attack and the enormous liability data loss can mean to a company or individual. We hope that this issue will educate readers on the types of issues that are currently being dealt with in the field of computer security.
Copyright 1996 by Michael Neuman and Diana Moore
Last Modified:
Location: www.acm.org/crossroads/xrds2-4/intro.html