IA Resources
This section of the CIFA website contains resources for those interested in doing introductory research in IA as well as basic archives and standards to find additional material. This is divided into the following sections:
Classics
Landwehr, C.E., (1981) Formal Models for Computer Security , Computing Surveys, Vol. 13 (3)
A Guide to Understanding Security Modeling in Trusted Systems , The National Computer Security Center
Bell D.E., La Padula L.J., (1976) Secure Computer System: Unified Exposition and Multics Interpretation , United States Air Force
La Padula L. J., (1996) Secure Computer Systems: Mathematical Foundations , MITRE Technical Reports
La Padula L. J., (1996) Secure Computer Systems: A Mathematical Model , MITRE Technical Reports
Burrows, M., Abadi, M., Needham, R., (1989, 1990) A Logic of Authentication , Systems Research Center of Digital Equipment Corporation, Palo Alto, California
Clark, D.D., Wilson, D.R., (1987) A Comparison of Commercial and Military Computer Security Policies , IEEE
McLean, J., (1990) The Specification and Modeling of Computer Security , Computer, Vol. 23(1), pg 9-16
McLean, J. (1994) Security Models , Encyclopedia of Software Engineering (ed. John Marciniak), Wiley & Sons, Inc.
McLean, J. (1990) Security Models and Information Flow , Proceedings of 1990 IEEE Symposium on Research in Security and Privacy, IEEE Press (IEEE Computer Society Outstanding Paper Award)
McLean, J. (1985) A Comment on the 'Basic Security Theorem' of Bell and LaPadula , Information Processing Letters, vol. 20, no. 2
Department of Defense Trusted Computer System Evaluation Criteria , December 1985
Archives & Standards
An
Introduction to Computer Security: The NIST Handbook,
Special Publication 800-12, National Institute of Standards
and Technology, Technology Administration, U.S. Department
of Commerce
Generally
Accepted Principles and Practices for Securing Information
Technology Systems, by Marianne Swanson and Barbara
Guttman, National Institute of Standards and Technology,
Technology Administration, U.S. Department of Commerce
(September 1996)
Generally
Accepted System Security Principles, International
Information Security Foundation (1999)
http://www.issa.org/gaisp/gaisp.html
http://www.issa.org/gaisp/gaisp.html
Information Security Guideline for NSW Government -
Part
1 Information Security Risk Management, Office of
Information & Communications Technology, Department
of Commerce, NSW Government, Australia (1997)
Information Security Guideline for NSW Government -
Part
2 Examples of Threats and Vulnerabilities, Office
of Information & Communications Technology, Department
of Commerce, NSW Government, Australia (1997)
Information Security Guideline for NSW Government -
Part 3 Information Security Baseline Controls, Office
of Information & Communications Technology, Department
of Commerce, NSW Government, Australia (1997)
Guide
to Information Technology Security Services: Recommendations
of the National Institute of Standards and Technology,
by Tim Grance, Joan Hash, Marc Stevens, Kristofor O'Neal,
and Nadya Bartol, Special Publication 800-35, Computer
Security Division Information Technology Laboratory
National Institute of Standards and Technology Gaithersburg,
MD 20899-8930 (October, 2003)
Guide
to Selecting Information Technology Security Products:
Recommendations of the National Institute of Standards
and Technology, by Timothy Grance, Marc Stevens, and
Marissa Myers, Special Publication 800-36, Computer
Security Division Information Technology Laboratory
National Institute of Standards and Technology Gaithersburg,
MD 20899-8930 (October, 2003)
Guideline
on Network Security Testing: Recommendations of
the National Institute of Standards and Technology,
by John Wack, Miles Tracy, and Murugiah Souppaya, NIST
Special Publication 800-42, Computer Security Division
Information Technology Laboratory National Institute
of Standards and Technology Gaithersburg, MD 20899-8930
(October, 2003)
Security
Considerations in the Information System Development
Life Cycle: Recommendations of the National Institute
of Standards and Technology, by Tim Grance, Joan Hash,
Marc Stevens, Special Publication 800-64, Computer Security
Division Information Technology Laboratory National
Institute of Standards and Technology Gaithersburg,
MD 20899-8930 (October, 2003)
Guide
for Developing Security Plans for Information Technology
Systems, by Marianne Swanson, Federal Computer Security
Program Managers' Forum Working Group, National Institute
of Standards and Technology, NIST Special Publication
800-18, (December 1998)
Risk
Management Guide for Information Technology Systems:
Recommendations of the National Institute of Standards
and Technology, by Gary Stoneburner, Alice Goguen, and
Alexis Feringa, NIST Special Publication 800-30 (2001)
Intrusion
Detection Systems, by Rebecca Bace and Peter Mell,
NIST Special Publication on Intrusion Detection Systems.
Wireless
Network Security: 802.11, Bluetooth and Handheld
Devices, by Tom Karygiannis and Les Owens, Special Publication
800-48, Computer Security Division Information Technology
Laboratory National Institute of Standards and Technology
Gaithersburg, MD 20899-8930 (November, 2002)
Introduction
to Public Key Technology and the Federal PKI Infrastructure,
by D. Richard Kuhn, Vincent C. Hu, W. Timothy Polk,
and Shu-Jen Chang, National Institute of Standards and
Technology (February 2001)
Underlying
Technical Models for Information Technology Security:
Recommendations of the National Institute of Standards
and Technology, by Gary Stoneburner, NIST Special Publication
800-33, Computer Security Division, Information Technology
Laboratory, National Institute of Standards and Technology,
Gaithersburg, MD 20899-8930 (2001)
Contingency
Planning Guide for Information Technology Systems: Recommendations
of the National Institute of Standards and Technology,
by Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance,
Joan Hash, and Ray Thomas, NIST Special Publication
800-34 (2002)
