The U.S Government has launched a program to expand security and privacy protection for electronic communications while preserving the Government’s ability to conduct authorized wire taps. Despite attacks from civil libertarians, the approach is the best way to balance individual privacy with the social good.

Unlike many would-be players in the field of Internet commerce, First Virtual (tm) chose to announce its payment system only after it was fully operational and to operate it initially with relatively little publicity hype, while learning from the experience of its use. In its first year of operation, it has experienced exponential growth, and the company has gained substantial experience with and insight into the nature of Internet Commerce. In this paper, the First Virtual team discusses the lessons we have learned from a year’s experience with the actual operation of an Internet commerce system, and the prospects for the future.

The goal of this paper is to describe a case study of a computer security evaluations effort conducted on a system known as the Office Automation Network (OAN). The OAN is representative of many of today’s networked systems by being a heterogeneous mix of system components connected to open systems such as the Internet. The OAN differs from the typical systems in that security was a design and implementation objective, and that it was subjected to an extensive six month evalutation effort by an experienced vulnerablility testing team. The vulnerablility testing yielded some surprising results which demostrated that it is possible in today’s environment to have an Automated Information System (AIS) connected to open systems such as the Internet and still have an effective security posture.

The importance of software testing and its implications with respect to reliablity cannot be overemphasized. To quote Deutsch(1); “The development of software systems involves a series of production activities where opportunities for injection of human fallibilities are enormous. Errors may begin to occur at the very inception of the process where the objectives…my be erroneously or imperfectly specified, as well as (errors that occur in) later design and development stages…Because of human inability to perform and communicate with perfection, software development is accompanied by a quality assurance activity”. Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design, and coding. The increase visibility of software as a system element and the attendant “costs” associated with a software failure are motivating forces for well-planned, thorough testing. It is not unusual for a software development organization to expend 40 of total project effort on testing. In the extreme, testing of human-rated software (e.g. flight control or nuclear reactor monitoring) can cost 3-5 times as much as all other software engineering steps combined! In this chapter we discuss three interrelated topics. The first, software testing, is a planned step in the software engineering process. Like other steps, deliverables derived from testing become part of the software configuration. Testing invariably leads to the second topic of disscussion-debugging. More an art than a science, debugging diagnoses program errors and corrects them. The results of testing can also lead to a consideration of reliablity, the third topic. We strive to guarantee the same time developing failure prediction models to help anticipate problems. At the time of this writing, we must rely on a series of thorough test steps as the only practical “guarantee” of software reliablilty.

The Ice-Pick package is a window driven program that provides a multi-layered approach to network testing. The automated tool is used to identify frquently exploited security problems present on well known UNIX based operating systems. Information provided by testing is used to determine what protective mechanisms need to be implemented by network administrators. The paper deals with two issues of primary concern, the user’s legal basis for performing vulnerabliity identification testing, and the consequences of unauthorized use or release of the software itself. It is essential for self protection that the tester understands what he or she can legally do with a tool such as Ice-Pick. The issue of trust can also effect users. Trusting each user to protect Ice-Pick against unauthorized release is essential for absolute control of the technology involoved. The structure of this document allows traceablility from top level law through applicable Navy regulation. The most important points are the understanding of what monitoring involves, and knowing what the Ice-Pick test tool can be used for. The use of other pentration type testing tools, such as SATAN, will not be discussed, nor will the regulatory requirements of non-Navy organizations. However, the discussion can be applied to using similar test tools in other organizations.

Today’s information systems are vulnerable to Information Warfare attacks. Absent a constant vigilance and administration, any secure system will become more vulerable over time. Client/server architechures, remote accesses, trusted networks, and heterogeneous environments exacerbate the problem. This report discusses an on-going research and development project to develop a software architecture for a vulnerablity assessment, responsibilities, communicating with a centralized computer.

High Power Electromagnetic Pulse generation techniques and High Power Microwave technology have matured to the point where practical E-bombs (Electromagnetic bombs) are becoming technically feasible, with new applications in both Strategic and Tactical Information Warfare. The development of conventional E-bomb devices allows their use in non-nuclear confrontations. This paper discusses aspects of the technology base, weapon delivery techniques and proposes a doctrinal foundation for the use of such devices in warhead and bomb applications

The Defense Information Systems Security Program (DISSP) was initiated at the request of the Assistant Secretary of Defense (Command, Communications and Intelligence). The Defense Information Systems Agency (DISA) and the National Security Agency (NSA) agree to cooperate in achieving eight security objectives. These objectives were in the areas of: Security policy Architecture Standards and Protocols Accreditation Procedures Technology Transition Planning Organizational Improvement Products and Services Availability Accordingly, a DISSP Office was established and among its responsibilities was the development of the Department of Defense (DoD) Goal Security Architecture (DGSA). The DISSP has since become a part of the Center for Information System Security (CISS) in DISA. The CISS assists DoD organizations in the transition of exsisting systems, and in the development of new systems in accordance with the DGSA. Concurrent with the develpment of the DGSA, efforts were underway within the DISA to define information system archtectures for the Defense Information System (DIS). These efforts focused under the Technical Architecture Framework for Information Management (TAFIM). The TAFIM is intended to be generic and sufficiently flexible in its definition so that specific systems may be developed or modified to satisfy mission goals. The TAFIM is thereby a “goal information system architecture” and has, as Volume 6, incorporated teh DGSA as its “goal security archtecture”.

For the 1996 Summer Study, JASON was asked to come up with ideas that DARPA might issue to the world as Grand Challenges-ideas needing substantial technological innovation, requiring years to bring to fruition, but not simply massive engineering projects, which would have real impact on the future. We quote from the informal guidance JASON received from DARPA: “The idea is to come up with a problem that is especially concise in description and especially rich in challenge. It should have a certain frivolity so as not to be too applied but ye not silly. For instance, the mechanical hummingbird is a good example…In each case the solution requires as much clevernes as science..these challenges (should) also yield value far beyond the solution of the specific problem. These should not be like high-performance computing or human genome or going to the moon or cure for HIV. Those are initiatives-big, important, multidisciplinary..directed effort problems.” In this report, we discuss briefly a number of ideas for Grand Challenges, in some cases going into a moderate amount of detail. We cannot furnish the actual solutions; if we could, the ideas would not qualify as the kind of challenge we seek. But what we now know and given a certain amount of cleverness, insight, and hard work.

Profitablility of organizations is ultimately dependent on the effectiveness with which they exchange, gather, process, retrieve, link, control, share, manage, and above all, protect their data and information. All these processes, however require that the right informations be made available to the right person or persons at the right place and at the right time. Costly lessons learnt with regard to information security controls introduced over the past number of years made it abundantly clear that it was vital, especially in commercial evironment, circumspectly and descreetly to apply counter-measures for the protection of information…

Should an organization inform law-enforcement officials when it discovers evidence of unauthorized activity in its information systems processing operations? Deciding how to answer that question depends on some considerations. Information systems security professionals should address the issue before to decide how to resolve it arises. Building in law-enforcement agency personnel can create problems for the organization. A criminal investigationmy drap on for some time. During this time, much of the organization’s information systems security resources could be tied up in responding to requests for information, helping with teh investigation, and then appearing in court. However, not informing the appropriate law- enforcement officials may lead to other types of problems for the organization. These problems could include civil or criminal litigation, denial by its insurers of recompense for incurred losses, and the imposition of penalties for breach of statutory requirments.