Chat with us, powered by LiveChat Strategies in Using Source Material? Outcomes addressed in this activity:? Unit Outcomes:? Apply introductory skills with the online library. Prepare correctly-written quotes, paraphra | WriteDen

Strategies in Using Source Material? Outcomes addressed in this activity:? Unit Outcomes:? Apply introductory skills with the online library. Prepare correctly-written quotes, paraphra

 

Strategies in Using Source Material 

Outcomes addressed in this activity: 

Unit Outcomes: 

  • Apply introductory skills with the online library.
  • Prepare correctly-written quotes, paraphrases, and summaries with an understanding of plagiarism avoidance.
  • Prepare APA-standard in-text citation and reference entries for professional journal articles and web sources.
  • Apply additional document formatting skills. 

Course Outcome: 

IT513-1: Illustrate information technology ideas with professional language and attribution.

Purpose 

You will practice various methods to use and identify source material in this Assignment, including quoting, paraphrasing, and summarizing. Complete the Unit 2 Reading before beginning work. 

Assignment Instructions and Requirements 

Go to the Academic Tools tab in this course and select the Library link. Then select the link that indicates resources for this course. Direct links to article pages are found in this location. Choose any two articles from the list, depending on your interest or curiosity. Should a link not work, report it to your instructor and then choose a different one from the list. 

Part 1: Quoting 

Required source: A professional journal article from the list presented in the Library section of the classroom as explained above. 

Your writing must follow the rules for formal writing style as explained in the Unit 1 reading. 

Quotation 1: Placing the citation within the quote

  • Choose a meaningful statement of 25–39 words from the article and quote it properly, starting your sentence with According to or a similar introduction, and inserting proper citation as explained in the Reading. 

Quotation 2: Citation at the end of a quote

  • Choose a different meaningful statement of 25–39 words from the same article and quote it without introduction, using in-text citation after the end-quotation mark. 

Required adjustment:

  • Edit just one of your two quotes using brackets, an ellipsis, or [sic] correctly. These techniques are explained in the Reading. 

Reference entry:

  • Provide a full APA-standard reference entry for the journal article at the end of your document (last page). Hint: Use the library system to find the reference entry and then make corrections if necessary, as explained in the Reading. You may have to look at the article itself for volume, issue, and page numbers. 

Part 2: Paraphrasing and Summarizing 

Required source: Choose a different journal article from the Library list. It is recommended that you pick an article from the list that is relatively easy for you to understand for this section, especially if you are rather new to the technology field. 

Paraphrase:

  • Choose a paragraph or short section of the article.
  • Write a one paragraph, 175–225 word paraphrase. Do not include any quotes. Write formally, following the rules presented in the Unit 1 reading.
  • Follow the paraphrase with proper in-text citation. 

Summary:

  • Read through the entire article.
  • Write a one paragraph, 200–250 word summary (overview) of the article. Do not include any quotes, and write formally.
  • Follow the summary with proper in-text citation.

 Reference entry:

  • Provide a full APA-standard reference entry for the article on the last page of your document. 

Formatting Requirements 

  • Please see the Unit Reading to understand how these actions should be accomplished. Again, do not use a ready-made template; as an IT professional, you must be able to accomplish formatting on your own:
    • Header with correctly written Running head and page numbers.
    • Appropriate content for the cover page, including a descriptive paper title.
    • The title reiterated on the top line of the first body page, centered and not bold.
    • Subheadings (Quotes, Paraphrase, and Summary), properly centered and bold.
  • Also include the same parameters as learned in the Unit 1 assignment:
    • 1" margins on all sides.
    • The entire paper properly double-spaced.
    • The first lines of paragraphs indented ½" using the indent tool.
    • All font the same size and style: Times New Roman size 12. 

Directions for Submitting Your Assignment 

  • Name your Word® document with the following convention: IT513-Unit2-LastName-FirstName (using your own name).
  • Make sure you read all instructions carefully and review the rubric before submitting to the Dropbox for Unit 2. 

Reminders 

  • Proofread your work for grammar, spelling, punctuation, capitalization, and formality.
  • Ensure that your work is not copied from sources. Copying does not prove an understanding of the material, and plagiarism will not be tolerated. In accordance with the University's Academic Integrity policy, your assignment will be automatically submitted to TurnItIn.

20 COMMUNICATIONS OF THE ACM | NOVEMBER 2016 | VOL. 59 | NO. 11

V viewpoints

Privacy and Security Cyber Defense Triad for Where Security Matters Dramatically more trustworthy cyber security is a choice.

confident that from the standpoint of technology there is a good chance for secure shared systems in the next few years. However, from a practical stand- point the security problem will remain as long as manufacturers remain com- mitted to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs, and as long as the illusory results of penetra- tion teams are accepted as a demon- stration of computer system security, proper security will not be a reality.”8

Current Approaches Aren’t Working Our confidence in “security kernel” technology was well founded, but I never expected decades later to find the same denial of proper security so widespread. Although Forbes reports spending on information security reached $75 billion for 2015, our ad- versaries are still greatly outpacing us. With that large financial incentive for vested interests, resources are mostly devoted to doing more of what we knew didn’t work then, and still doesn’t.

I N THE EARLY days of computers, security was easily provided by physical isolation of ma- chines dedicated to security do- mains. Today’s systems need

high-assurance controlled sharing of resources, code, and data across domains in order to build practical systems. Current approaches to cyber security are more focused on saving money or developing elegant techni- cal solutions than on working and protecting lives and property. They largely lack the scientific or engi- neering rigor needed for a trustwor- thy system to defend the security of networked computers in three dimen- sions at the same time: mandatory ac- cess control (MAC) policy, protection against subversion, and verifiability— what I call a defense triad.

Fifty years ago the U.S. military rec- ognized subversiona as the most seri- ous threat to security. Solutions such as cleared developers and technical

a As characterized by Anderson, et al.,2 “System subversion involves the hiding of a software or hardware artifice in the system that creates a ‘backdoor’ known only to the attacker.”

development processes were neither scalable nor sustainable for advanc- ing computer technology and growing threats. In a 1972 workshop, I pro- posed “a compact security ‘kernel’ of the operating system and supporting hardware—such that an antagonist could provide the remainder of the sys- tem without compromising the protec- tion provided.” I concluded: “We are

DOI:10.1145/3000606 Roger R. Schell

The security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security.

NOVEMBER 2016 | VOL. 59 | NO. 11 | COMMUNICATIONS OF THE ACM 21

viewpoints

V I

M A

G E

B Y

A L

I C

I A

K U

B I

S T

A /A

N D

R I

J B

O R

Y S

A S

S O

C I

A T

E S

of “malware,” a preferred attack for many of the most serious breaches. An IBM executive a few years ago de- scribed the penetrate-and-patch cycle as “an arms race we cannot win.”5

Why does cyber security seem so difficult? Today’s emphasis on sur- veillance and monitoring tries to discover that an adversary has found and exploited a vulnerability to pen- etrate security and cause damage—or worse, subverted the security mecha- nism itself. Then that hole is patched. But science tells us trying to make a system secure in this way is effectively non-computable. Even after fixing known flaws, uncountable flaws re- main. Recently, Steven Lipner, for- merly of Microsoft, wrote a Commu- nications Privacy and Security column advocating technical “secure develop- ment processes.”6 But, similar to sur- veillance, “as new classes of vulner- abilities … are discovered, the process must be updated.”

This paradigm has for decades been known as “penetrate and patch.” The defender needs to find and patch most (if not all) of the holes, while the adver- sary only needs to find and exploit one

remaining hole. Even worse, a witted adversary has numerous opportunities to subvert or sabotage a computer’s protection software itself to introduce insidious new flaws. This is an example

Figure 1. Cyber security defense triad.

V e

rifi a

b ility

Secure Systems

L im

it S u

b ve

rsio n

M a

n d

a to

ry A C

˲ Subversion is tool for choice for witted adversary

˲ Only label-based MAC policy can enforce secure information flow

˲ Security kernel (reference monitor) is only known verifiable protection technology

22 COMMUNICATIONS OF THE ACM | NOVEMBER 2016 | VOL. 59 | NO. 11

viewpoints

These systems did not survive long after the end of the Cold War, and much of the “institutional memory” is now lost. But fortunately, some security kernel products were main- tained and this original equipment manufacturer (OEM) technology is still commercially available today. And many commodity processors (for example, those that implement the Intel IA32 architecture) still include the hardware segmentation and pro- tection rings essential to efficient se- curity kernels. High assurance of no security patches is truly a paradigm shift. What alternative approach comes close?

Mark Heckman of the University of San Diego and I recently published a paper focused on techniques for applying those Reference Monitor properties, leveraging the fact that “associated systematic security engi- neering and evaluation methodology was codified as an engineering stan- dard in the Trusted Computer System Evaluation Criteria (TCSEC)”4 created by NSA. However, the TCSEC didn’t in- clude administration and acquisition mandates to actually use this knowl- edge to create a market in the face of entrenched vested interests. I refer in- terested readers to our paper for more details on the triad components sum- marized here.

˲ Mitigating software subversion. Several cyber security professionals have concluded that subversion “is the attack of choice for the professional attacker.”2 The primary means for software subversion are Trojan horses and trap doors (commonly called mal- ware). Under the seven well-defined se- curity classes in the TCSEC, only Class A1 systems substantially deal with the problems of subversion.

˲ Mandatory access control (MAC) policy. The reference monitor is fun- damentally about access control. All access control policies fall into two classes: Discretionary Access Control (DAC) and MAC. Only a label-based MAC policy can, with high assurance, enforce secure information flow. Even in the face of Trojan horses and other forms of malicious software, MAC policies can protect against unau- thorized modification of information (integrity), as well as unauthorized disclosure (confidentiality).

Cyber Defense Triad for Secure Systems All three defense triad components are critical for defense of both confiden- tiality and integrity of information— whether the sensitive information is personally identifiable information, financial transactions (for example, credit cards), industrial control sys- tems in the critical infrastructure, or something else that matters. Although not sufficient for perfect security, all three are practically necessary. These dimensions can be thought of as three strong “legs of a stool,” as illustrated in Figure 1.

Security for cyber systems built without a trustworthy operating sys- tem (OS) is simply a scientific impos- sibility. NIST has emphasized, “se- curity dependencies in a system will form a partial ordering … The partial ordering provides the basis for trust- worthiness reasoning.”3 Proven sci- entific principles of the “Reference Monitor” model enable engineering a verifiably secure OS on which we can build secure cyber systems.

For a Reference Monitor implemen- tation to work, it must ensure three fundamental properties. First, it must validate enforcement of the security policy for every reference to informa- tion. Second, it must be tamper-proof, that is, it cannot be subverted. Lastly, it must be verifiable, so we have high

assurance it always works correctly. These three fundamental properties are directly reflected in the cyber de- fense triad.

As illustrated in Figure 2, a Refer- ence Monitor controls access by sub- jects to information in objects. A secu- rity kernel is a proven way to implement a reference monitor in a computer. Whenever a user (or program acting on behalf of a user) attempts to access in- formation in the computer system, the Reference Monitor checks the user’s clearance against a label indicating the sensitivity of that class of data. Only au- thorized users are granted access.

Applying the Cyber Defense Triad The flawed foundation of current sys- tems is evident in the unending stream of OS security patches that are today considered part of best practices. But we can choose a better alternative. At least a half-dozen security kernel- based operating systems have been produced that ran for years (even de- cades) in the face of nation-state ad- versaries without a single reported security patch.7 These successes were not unexpected. As a 1983 article put it, “the security kernel approach provides controls that are effective against most internal attacks—including some that many designers never consider.”1 That is a fundamentally different result than penetrate and patch.

Figure 2. Reference monitor.

˲ A subject security attributes, for example, label for clearance

˲ Object security attributes, for example, label for classification

˲ Segments ˲ Directories ˲ Passive data

repositories

˲ Record of all security- related user events

˲ Active entities ˲ User Processes ˲ Gain access to

information on user’s behalf

Authorization Database

Reference MonitorSubjects Objects

Audit Trail

NOVEMBER 2016 | VOL. 59 | NO. 11 | COMMUNICATIONS OF THE ACM 23

viewpoints

Lipner asserts that this reference monitor approach is “not able to cope with systems large enough to be use- ful.”6 Heckman and I respond that “this quite widely-spread assertion has been repeatedly disproven by counter- examples from both real systems and research prototypes.”4 The paper gives numerous examples of how, by leverag- ing MAC, complex integrated systems can be composed from logically distinct hardware and software components that may have various degrees of secu- rity assurance or no assurance at all.

˲ Verifiability. The Reference Moni- tor implementation defined as a securi- ty kernel is the only proven technology for reliably achieving verifiable protec- tion. It does not depend on unproven elegant technical solutions, such as open source for “source code inspec- tion” or “gratuitous formal methods.”2 Security kernels have been shown to be effective for systematic, repeatable, systems-oriented security evaluation of large, distributed, complex systems.

Lipner in his paper6 asks a critical, but largely unanswered, question: How can customers have any assurance that they are getting a secure system? His answer is limited to development process improvements that don’t ad- dress fundamentally what it means for a system to be “secure.” Heckman, by contrast, details how the Reference Monitor approach, with its strong defi- nition of “secure system,” can answer precisely that question.4

What Should We Do Then? It can be expected to take 10–15 years and tens of millions of dollars to build and evaluate a high-assurance secu- rity kernel. However, once completed, a general-purpose security kernel is highly reusable for delivering a new secure system in a couple of years. It is economical to use the same ker- nel in architectures for a wide variety of systems, and the TCSEC’s Ratings Maintenance Phase (RAMP) allows the kernel to be re-verified using the latest technology, without the same invest- ment as the original evaluation. Heck- man summarizes several real-world ex- amples where, “This is demonstrated by OEM deployments of highly secure systems and products, ranging from enterprise ‘cloud technology’ to gener- al-purpose database management sys-

tems (DBMS) to secure authenticated Internet communications, by applying commercially available security kernel technology.”4 Heckman additionally describes completed research proto- types in the past few years for things like source-code compatible secure Linux and a standards-compliant high- ly secure Network File Service (NFS).

A first necessary step is to identify where high-assurance security mat- ters for a system. As just one example, several U.S. government leaders have expressed concern that we face an exis- tential cyber security threat to industri- al control systems (ICS) in the critical infrastructure, such as the power grid. Use of an integrity MAC security ker- nel can within a couple of years make our critical infrastructure dramatically more trustworthy. The U.S. government has a unique opportunity to change the cyber security game and should aggres- sively engage ICS manufacturers by sponsoring prototypes and providing a market using proven commercial secu- rity kernel OEM technology. Otherwise, costs may soon be measured in lives in- stead of bits or dollar signs.

References 1. Ames Jr, S.R., Gasser, M., and Schell, R.R. Security

kernel design and implementation: An introduction. Computer 16, 7 (1983), 14–22.

2. Anderson, E.A., Irvine, C.E., and Schell, R.R. Subversion as a threat in information warfare. J. Inf. Warfare 3 (2004), 51–64.

3. Clark, P., Irvine, C. and Nguyen, T. Design Principles for Security. NIST Special Publication 800-160, September 2016, pp. 207-221; http://csrc.nist.gov/publications/ drafts/800-160/sp800_160_final-draft.pdf

4. Heckman, M.R. and Schell, R.R. Using proven reference monitor patterns for security evaluation. Information 7, 2 (Apr. 2016); http://dx.doi.org/10.3390/ info7020023

5. Higgins, K.J. IBM: The security business ‘has no future.’ Information Week Dark Reading, (4/10/2008); http://www.darkreading.com/ibm-the-security- business-has-no-future/d/d-id/1129423

6. Lipner, S.B. Security assurance. Commun. ACM 58, 11 (Nov. 2015), 24–26.

7. Schell, R.R. A University Education Cyber Security Paradigm Shift. Presented at the National Initiative for Cybersecurity Education (NICE), (San Diego, CA, Nov. 2015); https://www.fbcinc.com/e/nice/ncec/ presentations/2015/Schell.pdf

8. Schell, R.R., Downey, P.J. and Popek, G.J. Preliminary Notes on the Design of Secure Military Computer Systems. ESD, Air Force Systems Command, Hanscom AFB, MA. [MCI-73-1], Jan 1973; http://csrc. nist.gov/publications/history/sche73.pdf

Roger R. Schell ([email protected]) is president of Aesec Corporation, and is currently a Distinguished Fellow at the University of San Diego Center for Cyber Security Engineering and Technology. Previously he was a Professor of Engineering Practice at University of Southern California.

The author wishes to thank Michael J. Culver, Mark R. Heckman, and Edwards E. Reed for their valuable feedback on an early draft of this Viewpoint.

Copyright held by author.

Calendar of Events November 2–4 VRST ‘16: 22th ACM Symposium on Virtual Reality Software and Technology Garching bei München, Germany, Co-Sponsored: ACM/SIG, Contact: Gudrun J. Klinker, Email: [email protected]

November 6–9 ISS ‘16: Interactive Surfaces and Spaces Surfaces Niagara Falls, ON, Canada, Sponsored: ACM/SIG, Contact: Mark Hancock, Email: [email protected]

November 6–9 SIGUCCS ‘16: ACM SIGUCCS Annual Conference Denver, CO, Sponsored: ACM/SIG, Contact: Laurie J. Fox, Email: [email protected]

November 7–10 ICCAD ‘16: IEEE/ACM International Conference on Computer-Aided Design Austin, TX, Co-Sponsored: Other Societies, Contact: Frank Liu, Email: [email protected]

November 12–16 ICMI ‘16: International Conference on Multimodal Interaction Tokyo, Japan, Sponsored: ACM/SIG, Contact: Yukiko Nakano, Email: [email protected]

November 13–16 GROUP ‘16: 2016 ACM Conference on Supporting Groupwork Sanibel Island, FL, Sponsored: ACM/SIG, Contact: Stephan Lukosch, Email: [email protected]

Copyright of Communications of the ACM is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.

,

20 COMMUNICATIONS OF THE ACM | NOVEMBER 2016 | VOL. 59 | NO. 11

V viewpoints

Privacy and Security Cyber Defense Triad for Where Security Matters Dramatically more trustworthy cyber security is a choice.

confident that from the standpoint of technology there is a good chance for secure shared systems in the next few years. However, from a practical stand- point the security problem will remain as long as manufacturers remain com- mitted to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs, and as long as the illusory results of penetra- tion teams are accepted as a demon- stration of computer system security, proper security will not be a reality.”8

Current Approaches Aren’t Working Our confidence in “security kernel” technology was well founded, but I never expected decades later to find the same denial of proper security so widespread. Although Forbes reports spending on information security reached $75 billion for 2015, our ad- versaries are still greatly outpacing us. With that large financial incentive for vested interests, resources are mostly devoted to doing more of what we knew didn’t work then, and still doesn’t.

I N THE EARLY days of computers, security was easily provided by physical isolation of ma- chines dedicated to security do- mains. Today’s systems need

high-assurance controlled sharing of resources, code, and data across domains in order to build practical systems. Current approaches to cyber security are more focused on saving money or developing elegant techni- cal solutions than on working and protecting lives and property. They largely lack the scientific or engi- neering rigor needed for a trustwor- thy system to defend the security of networked computers in three dimen- sions at the same time: mandatory ac- cess control (MAC) policy, protection against subversion, and verifiability— what I call a defense triad.

Fifty years ago the U.S. military rec- ognized subversiona as the most seri- ous threat to security. Solutions such as cleared developers and technical

a As characterized by Anderson, et al.,2 “System subversion involves the hiding of a software or hardware artifice in the system that creates a ‘backdoor’ known only to the attacker.”

development processes were neither scalable nor sustainable for advanc- ing computer technology and growing threats. In a 1972 workshop, I pro- posed “a compact security ‘kernel’ of the operating system and supporting hardware—such that an antagonist could provide the remainder of the sys- tem without compromising the protec- tion provided.” I concluded: “We are

DOI:10.1145/3000606 Roger R. Schell

The security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security.

NOVEMBER 2016 | VOL. 59 | NO. 11 | COMMUNICATIONS OF THE ACM 21

viewpoints

V I

M A

G E

B Y

A L

I C

I A

K U

B I

S T

A /A

N D

R I

J B

O R

Y S

A S

S O

C I

A T

E S

of “malware,” a preferred attack for many of the most serious breaches. An IBM executive a few years ago de- scribed the penetrate-and-patch cycle as “an arms race we cannot win.”5

Why does cyber security seem so difficult? Today’s emphasis on sur- veillance and monitoring tries to discover that an adversary has found and exploited a vulnerability to pen- etrate security and cause damage—or worse, subverted the security mecha- nism itself. Then that hole is patched. But science tells us trying to make a system secure in this way is effectively non-computable. Even after fixing known flaws, uncountable flaws re- main. Recently, Steven Lipner, for- merly of Microsoft, wrote a Commu- nications Privacy and Security column advocating technical “secure develop- ment processes.”6 But, similar to sur- veillance, “as new classes of vulner- abilities … are discovered, the process must be updated.”

This paradigm has for decades been known as “penetrate and patch.” The defender needs to find and patch most (if not all) of the holes, while the adver- sary only needs to find and exploit one

remaining hole. Even worse, a witted adversary has numerous opportunities to subvert or sabotage a computer’s protection software itself to introduce insidious new flaws. This is an example

Figure 1. Cyber security defense triad.

V e

rifi a

b ility

Secure Systems

L im

it S u

b ve

rsio n

M a

n d

a to

ry A C

˲ Subversion is tool for choice for witted adversary

˲ Only label-based MAC policy can enforce secure information flow

˲ Security kernel (reference monitor) is only known verifiable protection technology

22 COMMUNICATIONS OF THE ACM | NOVEMBER 2016 | VOL. 59 | NO. 11

viewpoints

These systems did not survive long after the end of the Cold War, and much of the “institutional memory” is now lost. But fortunately, some security kernel products were main- tained and this original equipment manufacturer (OEM) technology is still commercially available today. And many commodity processors (for example, those that implement the Intel IA32 architecture) still include the hardware segmentation and pro- tection rings essential to efficient se- curity kernels. High assurance of no security patches is truly a paradigm shift. What alternative approach comes close?

Mark Heckman of the University of San Diego and I recently published a paper focused on techniques for applying those Reference Monitor properties, leveraging the fact that “associated systematic security engi- neering and evaluation methodology was codified as an engineering stan- dard in the Trusted Computer System Evaluation Criteria (TCSEC)”4 created by NSA. However, the TCSEC didn’t in- clude administration and acquisition mandates to actually use this knowl- edge to create a market in the face of entrenched vested interests. I refer in- terested readers to our paper for more details on the triad components sum- marized here.

˲ Mitigating software subversion. Several cyber security professionals have concluded that subversion “is the attack of choice for the professional attacker.”2 The primary means for software subversion are Trojan horses and trap doors (commonly called mal- ware). Under the seven well-defined se- curity classes in the TCSEC, only Class A1 systems substantially deal with the problems of subversion.

˲ Mandatory access control (MAC) policy. The reference monitor is fun- damentally about access control. All access control policies fall into two classes: Discretionary Access Control (DAC) and MAC. Only a label-based MAC policy can, with high assurance, enforce secure information flow. Even in the face of Trojan horses and other forms of malicious software, MAC policies can protect against unau- thorized modification of information (integrity), as well as unauthorized disclosure (confidentiality).

Cyber Defense Triad for Secure Systems All three defense triad components are critical for defense of both confiden- tiality and integrity of information— whether the sensitive information is personally identifiable information, financial transactions (for example, credit cards), industrial control sys- tems in the critical infrastructure, or something else that matters. Although not sufficient for perfect security, all three are practically necessary. These dimensions can be thought of as three strong “legs of a stool,” as illustrated in Figure 1.

Security for cyber systems built without a trustworthy operating sys- tem (OS) is simply a scientific impos- sibility. NIST has emphasized, “se- curity dependencies in a system will form a partial ordering … The partial ordering provides the basis for trust- worthiness reasoning.”3 Proven sci- entific principles of the “Reference Monitor” model enable engineering a verifiably secure OS on which we can build secure cyber systems.

For a Reference Monitor implemen- tation to work, it must ensure three fundamental properties. First, it must validate enforcement of the security policy for every reference to informa- tion. Second, it must be tamper-proof, that is, it cannot be subverted. Lastly, it must be verifiable, so we have high

assurance it always works correctly. These three fundamental properties are directly reflected in the cyber de- fense triad.

As illustrated in Figure 2, a Refer- ence Monitor controls access by sub- jects to information in objects. A secu- rity kernel is a proven way to implement a reference monitor in a computer. Whenever a user (or program acting on behalf of a user) attempts to access in- formation in the computer system, the Reference Monitor checks the user’s clearance against a label indicating the sensitivity of that class of data. Only au- thorized users are granted access.

Applying the Cyber Defense Triad The flawed foundation of current sys- tems is evident in the unending stream of OS security patches that are today considered part of best practices. But we can choose a better alternative. At least a half-dozen security kernel- based operating systems have been produced that ran for years (even de- cades) in the face of nation-state ad- versaries without a single reported security patch.7 These successes were not unexpected. As a 1983 article put it, “the security kernel approach provides controls that are effective against most internal attacks—including some that many designers never consider.”1 That is a fundamentally different result than penetrate and patch.

Figure 2. Reference monitor.

˲ A subject security attributes, for example, label for clearance

˲ Object security attributes, for example, label for classification

˲ Segments ˲ Directories ˲ Passive data

repositories

˲ Record of all security- related user events

˲ Active entities ˲ User Processes ˲ Gain access to

information on user’s behalf

Authorization Database

Reference MonitorSubjects Objects

Audit Trail

NOVEMBER 2016 | VOL. 59 | NO. 11 | COMMUNICATIONS OF THE ACM 23

viewpoints

Lipner asserts that this reference monitor approach is “not able to cope with systems large enough to be use- ful.”6 Heckman and I respond that “this quite widely-spread assertion has been repeatedly disproven by counter- examples from both real systems and research prototypes.”4 The paper gives numerous examples of how, by leverag- ing MAC, complex integrated systems can be composed from logically distinct hardware and software components that may have various degrees of secu- rity assurance or no assurance at all.

˲ Verifiability. The Reference Moni- tor implementation defined as a securi- ty kernel is the only proven technology for reliably achieving verifiable protec- tion. It does not depend on unproven elegant technical solutions, such as open source for “source code inspec- tion” or “gratuitous formal methods.”2 Security kernels have been shown to be effective for systematic, repeatable, systems-oriented security evaluation of large, distributed, complex systems.

Lipner in his paper6 asks a critical, but largely unanswered, question: How can customers have any assurance that they are getting a secure system? His answer is limited to development process improvements that don’t ad- dress fundamentally what it means for a system to be “secure.” Heckman, by contrast, details how the Reference Monitor approach, with its strong defi- nition of “secure system,” can answer precisely that question.4

What Should We Do Then? It can be expected to take 10–15 years and tens of millions of dollars to build and evaluate a high-assurance secu- rity kernel. However, once completed, a general-purpose security kernel is

HOW OUR WEBSITE WORKS

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of 
HIGH QUALITY & PLAGIARISM FREE.

Step 1

To make an Order you only need to click ORDER NOW and we will direct you to our Order Page at WriteDen. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
 Deadline range from 6 hours to 30 days.

Step 2

Once done with writing your paper we will upload it to your account on our website and also forward a copy to your email.

Step 3
Upon receiving your paper, review it and if any changes are needed contact us immediately. We offer unlimited revisions at no extra cost.

Is it Safe to use our services?
We never resell papers on this site. Meaning after your purchase you will get an original copy of your assignment and you have all the rights to use the paper.

Discounts

Our price ranges from $8-$14 per page. If you are short of Budget, contact our Live Support for a Discount Code. All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Please note we do not have prewritten answers. We need some time to prepare a perfect essay for you.