images/random_pagetops/pic-6.jpg; images/random_pagetops/pic-9.jpg;
 

IA Resources

This section of the CIFA website contains resources for those interested in doing introductory research in IA as well as basic archives and standards to find additional material. This is divided into the following sections:

Classics

Landwehr, C.E., (1981) Formal Models for Computer Security , Computing Surveys, Vol. 13 (3)

A Guide to Understanding Security Modeling in Trusted Systems , The National Computer Security Center

Bell D.E., La Padula L.J., (1976) Secure Computer System: Unified Exposition and Multics Interpretation , United States Air Force

La Padula L. J., (1996) Secure Computer Systems: Mathematical Foundations , MITRE Technical Reports

La Padula L. J., (1996) Secure Computer Systems: A Mathematical Model , MITRE Technical Reports

Burrows, M., Abadi, M., Needham, R., (1989, 1990) A Logic of Authentication , Systems Research Center of Digital Equipment Corporation, Palo Alto, California

Clark, D.D., Wilson, D.R., (1987) A Comparison of Commercial and Military Computer Security Policies , IEEE

McLean, J., (1990) The Specification and Modeling of Computer Security , Computer, Vol. 23(1), pg 9-16

McLean, J. (1994) Security Models , Encyclopedia of Software Engineering (ed. John Marciniak), Wiley & Sons, Inc.

McLean, J. (1990) Security Models and Information Flow , Proceedings of 1990 IEEE Symposium on Research in Security and Privacy, IEEE Press (IEEE Computer Society Outstanding Paper Award)

McLean, J. (1985) A Comment on the 'Basic Security Theorem' of Bell and LaPadula , Information Processing Letters, vol. 20, no. 2

Department of Defense Trusted Computer System Evaluation Criteria , December 1985

Top of page

Archives & Standards

An Introduction to Computer Security: The NIST Handbook, Special Publication 800-12, National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce

Generally Accepted Principles and Practices for Securing Information Technology Systems, by Marianne Swanson and Barbara Guttman, National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce (September 1996)

Generally Accepted System Security Principles, International Information Security Foundation (1999)
http://www.issa.org/gaisp/gaisp.html
http://www.issa.org/gaisp/gaisp.html

Information Security Guideline for NSW Government - Part 1 Information Security Risk Management, Office of Information & Communications Technology, Department of Commerce, NSW Government, Australia (1997)

Information Security Guideline for NSW Government - Part 2 Examples of Threats and Vulnerabilities, Office of Information & Communications Technology, Department of Commerce, NSW Government, Australia (1997)

Information Security Guideline for NSW Government - Part 3 Information Security Baseline Controls, Office of Information & Communications Technology, Department of Commerce, NSW Government, Australia (1997)

Guide to Information Technology Security Services: Recommendations of the National Institute of Standards and Technology, by Tim Grance, Joan Hash, Marc Stevens, Kristofor O'Neal, and Nadya Bartol, Special Publication 800-35, Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 (October, 2003)

Guide to Selecting Information Technology Security Products: Recommendations of the National Institute of Standards and Technology, by Timothy Grance, Marc Stevens, and Marissa Myers, Special Publication 800-36, Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 (October, 2003)

Guideline on Network Security Testing: Recommendations of the National Institute of Standards and Technology, by John Wack, Miles Tracy, and Murugiah Souppaya, NIST Special Publication 800-42, Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 (October, 2003)

Security Considerations in the Information System Development Life Cycle: Recommendations of the National Institute of Standards and Technology, by Tim Grance, Joan Hash, Marc Stevens, Special Publication 800-64, Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 (October, 2003)

Guide for Developing Security Plans for Information Technology Systems, by Marianne Swanson, Federal Computer Security Program Managers' Forum Working Group, National Institute of Standards and Technology, NIST Special Publication 800-18, (December 1998)

Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology, by Gary Stoneburner, Alice Goguen, and Alexis Feringa, NIST Special Publication 800-30 (2001)

Intrusion Detection Systems, by Rebecca Bace and Peter Mell, NIST Special Publication on Intrusion Detection Systems.

Wireless Network Security: 802.11, Bluetooth and Handheld Devices, by Tom Karygiannis and Les Owens, Special Publication 800-48, Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 (November, 2002)

Introduction to Public Key Technology and the Federal PKI Infrastructure, by D. Richard Kuhn, Vincent C. Hu, W. Timothy Polk, and Shu-Jen Chang, National Institute of Standards and Technology (February 2001)

Underlying Technical Models for Information Technology Security: Recommendations of the National Institute of Standards and Technology, by Gary Stoneburner, NIST Special Publication 800-33, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930 (2001)

Contingency Planning Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology, by Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas, NIST Special Publication 800-34 (2002)

Top of page