`
`) O O N
`
`LO
`
`O V l
`
`\
`(\l
`(‘0
`
`O O
`
`CS-1030
`
`Cisco Systems, Inc. v. Finjan, Inc.
`
`CS-1030
`Cisco Systems, Inc. v. Finjan, Inc.
`
`

`

`I I i E .- DEFENSE TECHNICAL INFORMATION CENTER
`
`
`Infirmflnfirthbrfzmauumiq
`
`DTIC® has determined on “g I] 0 lglyfl
`
`that this Technical Document has the
`
`Distribution Statement checked below. The current distribution for this document can
`be found in the DTIC® Technical Report Database.
`
`E DISTRIBUTION STATEMENT A. Approved for public release; distribution is
`unlimited.
`
`|:I © COPYRIGHTED; U.S. Government or Federal Rights License. All other rights
`
`and uses except those permitted by cepyright law are reserved by the copyright owner.
`
`[:1 DISTRIBUTION STATEMENT B. Distribution authorized to U.S. Government
`
`agencies only (fill in reason) (date of determination). Other requests for this document
`shall be referred to (insert controlling DoD office)
`
`El DISTRIBUTION STATEMENT 0. Distribution authorized to U.S. Government
`
`Agencies and their contractors (fill in reason) (date of determination). Other requests for
`this document shall be referred to (insert controlling DOD office)
`
`El DISTRIBUTION STATEMENT D. Distribution authorized to the Department of
`
`Defense and U.S. DoD contractors only (fill in reason) (date of determination). Other
`requests shall be referred to (insert controlling DoD office).
`
`El DISTRIBUTION STATEMENT E. Distribution authorized to DoD Components only
`
`(fill in reason) (date of determination). Other requests shall be referred to (insert
`controlling DoD office).
`
`[I DISTRIBUTION STATEMENT F. Further dissemination only as directed by
`
`(insetting controlling DoD office) (date of determination) or higher DoD authority.
`
`Distribution Statement F is atso used when a document does not contain a distribution
`
`statement and no distribution statement can be determined.
`
`El DISTRIBUTION STATEMENT X. Distribution authorized to U.S. Government
`
`Agencies and private individuals or enterprises eligible to obtain export-controlled
`technical data in accordance with DoDD 5230.25; (date of determination). DoD
`Controlling Office is (insert controlling DoD office).
`
`
`
`

`

`Welcome!
`
`The National Computer Security Center (NCSC) and the National Computer
`
`Systems Laboratory (NCSL) are pleased to welcome you to the Thirteenth Annual
`
`National Computer Security Conference. We believe that the Conference will
`
`stimulate a vital and dynamic exchange ofin‘formation and foster an understanding
`
`ofemerging technologies.
`
`The theme for this year's conference, ”lnformation Systems Security: Standards --
`
`The Key to the Future, ” reflects the continuing importance of the broader
`
`in formation systems security issues facing us. At the heart of these issues are two
`
`items which will receive special emphasis this week -- ln formation Systems Security
`
`Criteria (and how it affects us) and Education, Training, and Awareness. We are
`
`working together, in the Government, industry, and Academe, in cooperative efforts
`
`to improve and expand the state-of-the-art technology to information systems
`
`security. This year we are pleased to present a new track by the in formation security
`
`educators. These presentations will provide you with some cost-effective as well as
`
`innovative ideas in developing your own on-site information-systems-security
`
`education programs. Additionally, we will be presenting an educationalprogram
`
`which addresses the automated information security responsibilities. This
`
`educational program will refresh us with the perspectives of the past, and Will
`
`project directions of the future.
`
`We firmly believe that security awareness and responsibility are the cornerstone
`
`ofany in formation security program. For our collective success, we ask thatyou
`
`reflect on the ideas and in formation presented this week," then share this
`
`information with your peers, your management, your administration, and your
`
`customers. By sharing this information, we will develop a stronger knowledge base
`
`for tomorrow's foundations.
`
`National Computer Systems Laboratory
`
`National Camputer Security Center
`
`rm
`
`AGH
`PATRICK R.
`Director
`
`‘ ”flaw
`
`JAMES H. BURROWS
`Director
`
`
`
`
`
`
`

`

`Conference Referees
`
`Dr. Marshall Abrams
`
`James P. Anderson
`Jon Arneson
`
`Devolyn Arnold
`James Arnold
`
`Al Arsenault
`
`Victoria Ashby
`Elaine Barker
`
`Dr. D. Elliott Bell
`
`Greg Bergren
`James Birch
`
`Earl Boebert
`
`Dr. Dennis Branstad
`
`Dr. John Campbell
`Dr. Steve Crocker
`
`Dr. Dorothy Denning
`Donna Dodson
`
`Greg Elkmann
`Ellen Flahaven
`
`Dan Gambel
`
`Dain Gary
`Bill Geer
`
`Virgil Gibson
`Dennis Gilbert
`Irene Gilbert
`Dr. Virgil Gligor
`Capt James Goldston, USAF
`Dr. Jeshua Guttman
`Dr. Grace Hammonds
`Douglas Hardie
`Ronda Henning
`Jack Holleran
`Jim Houser
`Russ Housley
`Dr. Dale Johnson
`Carole Jordan
`Sharon Keller
`Leslee LaFountain
`Steve LaFountain
`Paul Lambert
`
`Carl Landwehr
`Robert Lau
`
`The MITRE Corporation
`James P. Anderson Company
`National Institute of Standards 8: Technology
`National Computer Security Center
`National Computer Security Center
`National Computer Security Center
`The MITRE Corporation
`National Institute ofStandards & Technology
`Trusted In formation Systems, Inc.
`National Computer Security Center
`Secure Systems, incorporated
`Secure Computing Technology Corporation
`National Institute of Standards a Technology
`National Computer Security Center
`Trusted Information Systems, Inc.
`Digital Equipment Corporation
`National Institute of Standards 8. Technology
`National Security Agency
`National Institute of Standards 8: Technology
`Grumann Data Systems
`Mellon National Bank
`
`National Computer Security Center
`Grumann Data Systems
`National Institute ofStandards and Technology
`National Institute of Standards and Technology
`University ofMaryland
`National Computer Security Center
`The MITRE Corporation
`AGCS, Inc.
`Unisys Corporation
`Harris Corporation
`National Computer Security Center
`National Computer Security Center
`XEROX
`The MITRE Corporation
`Defense Investigative Service
`National Institute of Standards & Technology
`National Computer Security Center
`National Computer Security Center
`Motorola GEG
`
`Naval Research Laboratory
`National Computer Security Center
`
`ii
`
`

`

`Dr. Theodore Lee
`
`Nina Lewis
`
`Steve Lipner
`Terry Losonsky
`Dr. Vic Maconachy
`Barbara Mayer
`Frank Mayer
`Vin McLellan
`
`Catherine A. Meadows
`
`Dr. JOnathan Millen
`
`William H Murray
`Eugene Myers
`Ruth Nelson
`
`Dr. Peter Naumann
`
`Steven Padilla
`Nick Pantiuk
`
`Donn Parker
`
`Rich Petthia
`
`Dr. Charles Pfleeger
`Jerrold Powell
`Maria Pozzo
`
`Michael Rinick
`
`Ken Rowe
`
`Prof Ravi Sandhu
`
`Marv Schaefer
`
`Dr. Roger Schell
`Dan Schnackenberg
`Miles Smid
`
`Suzanne Smith
`
`Brian Snow
`
`Prof. Gene Spafford
`Dr. Dennis Steinauer
`
`Freddie Stewart
`
`Dr. Cliff Stoll
`
`Marianne Swanson
`
`Mario Tinto
`
`Ann Todd
`
`Eugene Troy
`LTC Ray Vaughn, USA
`Grant Wagner
`.Iill Walsh
`
`Wayne Weingaertner
`Roger Westman
`Roy Wood
`
`Trusted Information Systems, Inc.
`University ofCaIifornia, Santa Barbara
`Digital Equipment Corporation
`National Security AgenCy
`National Security Agency
`Trusted In formation Systems, Inc.
`Sparta
`Boston University
`Naval Research Laboratory
`The MITRE Corporation
`Independent ConsuItant
`National Computer Security Center
`GTE
`
`SRI International
`
`Trusted information Systems, Inc.
`Grumann Data Systems
`SRI In ternationai
`
`Software Engineering Institute
`Trusted In formation Systems, Inc.
`Department of the Treasury
`University of California, Los Angeles
`Central Intelligence Agency
`National Computer Security Center
`George Mason University
`Trusted Information Systems, Inc.
`GEMINI
`
`Boeing Aerospace
`National Institute ofStandards a Technology
`Los Alamos National Laboratory
`National Security Agency
`Purdue University
`National Institute ofStandards & Technology
`ANSER
`
`Harvard - Smithsonian Center for Astrophysics
`National Institute ofStandards 8 Technology
`National Computer Security Center
`National Institute ofStandards & Technology
`National Institute ofStandards & Technology
`National Camputer Security Center
`National Computer Secwity Center
`INCO, Inc.
`
`National Computer Security Center
`INCO, Inc.
`
`National Computer Security Center
`
`iii
`
`

`

`Thirteenth National Computer Security Conference
`October 1-4, 1990
`Washington, DC
`
`Table of Contents
`
`ii Conference Referees
`
`VOLUME I
`
`TRACK A - Research & Development
`
`1 UNIX System V with 82 Securit
`Craig Rubin, AT&T Bell La oratories
`
`10 Covert'Storage Channel Analysis: AWprked Example
`Timothg Levin, Albert Tao, Gemini Computers
`Steven adilla, Trusted Information Systems
`
`20 Verification of the CBO Microcode Usin the
`State Delta Verification System (5 VS)
`Jeffrey Cook, The Aerospace Corporation
`
`32 Data Categorization and Labeling (Executive Summary)
`Dennis Branstad, National Institute of Standards and Technology
`
`34
`
`Information Categorization andProtection (Executive Summary)
`Warren Schmidt, Sears Technology Serv1ces, Inc.
`
`37 Security Labels in Open Systems Interconnection (Executive Summary)
`Russell Housley, XEROX Special Information Systems
`
`44 Security Labeling in Unclassified Networks (Executive Summary)
`Noel Nazario, National Institute of Standards and Technology
`
`49 Key Mana ement Systems Combining X9.17 and Public Key Techniques
`Ion
`raff, Cylink
`
`_
`62 Electronic.Docu'mentAuthorization .
`Addison Fischer, Fischer International Systems Corporation
`
`_
`72 The Place of Biometrics in a User Authentication Taxonomy
`Alex Conn, John Parodi, Michael Taylor, Digital Equipment Corporation
`
`80 Non-For eable Personal Identification System Using Cryptography
`an Biometrics
`Glenn Rinkenberger, Ron Chandos,
`Motorola Government Electronics Group
`
`90 An Audit Trail Reduction Paradigm Based on Trusted Processes
`Zavdi Lichtman, John Kimmins, Bell Communications Research
`
`99 The Computerwatch Data Reduction Tool
`Cheri Dowell, Paul Ramstedt, AT&T Bell Laboratories
`
`iv
`
`

`

`Thirteenth National Computer Security COnference
`October 1-4, 1990
`
`109 Analysis of Audit and Protocol Data Using Methods from Artificial Intelligence
`Winfried R. E. Weiss, Adalbert Baur, Siemens AG
`
`115 A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks
`J. R. Win er, Planning Research Corporation
`
`125 A Neural Network Approach Towards Intrusion Detection
`Richard Simonian, Ronda Henning, Jonathan Reed, Kevin Fox,
`Harris Corporation
`
`135 A Generalized Framework for Access Control: An Informal Description
`Marshall Abrams, Kenneth Eggers, Leonard LaPaduIa, Ingrid Olson,
`The MITRE CorporatIOn
`
`144 Automated Extensibility in THETA
`Joseph McEnerney, Randall Brown, D. G. Weber,
`Odyssey Research Assocrates
`Rammohan Varadarajan, Informix Software, Inc.
`
`.
`154 Controlling Security Overrides
`Lee Badger, Trusted Information Systems, Inc.
`
`165 Lattices, Policies, and Im lementations
`D. Elliott BeII,Trus ed Information Systems, Inc.
`
`TRACK B - Systems
`
`172 The Role of ”System Build" in Trusted Embedded Systems
`T. Vickers Benzel, M. M. Bernstein, R. J. Feiertag,
`Trusted Information Systems,
`J. P. Alstad, C. M. Brophy, Hughes Aircraft Company
`
`182 Combining Security, Embedded Systems and Ada Puts the Emphasis
`on the RTE
`F. Maymir-Ducharme, M. Armstrong, IIT Research Institute,
`D. Preston, Catholic University
`
`189 Disclosure Protection of Sensitive Information
`Gene Troy, National Institute of Standards and Technology
`Ingrid Olson, MITRE
`M i an Kuchta, Department of National Defence System Security Centre
`
`201 Considerations for VSLANTM Integrators and DAAs
`Greg King, Verdix Corporation
`
`211 Introduction to the Gemini Trusted Network Processor
`Michael Thompson, Roger ScheIl, Albert Tao, Timothy Levin,
`Gemini Computers
`
`218 An Overview of the USAFE Guard System
`Lorraine Gagnon, Logicon Inc.
`
`228 Mutual Suspicion for Network Security
`Ruth Nelson, David Becker, Jennifer Brunell, John Heimann,
`GTE Government Systems
`
`

`

`Thirteenth National Corn puter Security Conference
`
`October 1-4, 1990
`
`237 A Security Policy for Trusted Client-Server Distributed Networks
`Russell Housley, Sammy Migues, Xerox Special Information Systems
`
`243 Network Security and the Graphical Re resentation Model
`Jared Dreicer, Laura Stolz W. Ant ony Smith,
`Los Alamos National Laboratory
`
`.
`253 Testinla a Secure Operating Sistem .
`ichael Johnston, Vasrli
`i Sotiriou, TRW Systems Integration Group
`
`266 An Assertion-Mapping Approach to Software Test Design
`Greg Bullough, James Loomis, Peter Weiss, Amdah Corporation
`
`277 Security Testin : The Albatross of Secure System Integration?
`Susan Wa ter, Grumman Data Systems
`
`286 Low Cost Outboard Crypto raphic Supgort for SILS and SP4
`B. J. Herbison, Digital quipment orporation
`
`296 Layer 2 Security Services for Local Area Networks
`Richard Parker II, The MITRE Corporation
`
`307 Trusted MINIX: AWOrked Exam le
`Albert Donaldson, ESCOM orporation
`,
`John Ta lor Jr., General Electric M&DSO
`David C izmadia, National Computer Security Center
`
`318 Security for Real-Time Systems
`Teresa Lunt, SRI International
`Franklin Reynolds, Keith Loepere,_E. DouglasJensen,
`Concurrent Computer Corporation
`
`333 Trusted )ItENIXWI Interpretation: Phase I
`0. Elliott Bell, Trusted Information System Inc.
`
`340 PACL's: An Access Control List Approach to Anti-Viral Security
`D. Cook, R. Olsson, J. Crossley, P. Kerchen, K. Levitt, R. Lo.
`University of California, DaVIs
`D. Wichers, Arca Systems, Inc.
`
`350 Static Analysis Virus Detection Tools for UNIX S stems
`K. Levrtt, P. Kerchen, R. Lo, J. Crossley, G. E kinbard, R. Olsson,
`University of California, Davis
`
`.
`366 The Virus Intervention and Control Experiment
`James Molini, Chris Ruhl, Computer Scrences Corporation
`
`.
`374 Classification of Computer Anomalies
`Klaus Brunnstein, Simone Fischer-Hflbner, Morton Swnmmer,
`Virus Test Center (VTC), Umversrty of Hamburg
`
`VOLUMEZ
`
`TRACK C - I - Management 8: Administration
`
`'
`385 Disaster Recovery I Contin ency Planning (Executive Summary).
`Eileen S. Wesselingh,
`ational Computer Systems Contingency Servrces
`
`vi
`
`

`

`Thirteenth National Computer Security Conference
`October 1-4, 1990
`
`392 Disaster Recovery from $138 Million Fire (Executive summary)
`Lloyd R. Smith, Jr., Information Systems Integrity
`
`393 Plans and Assistance (Executive Summary)
`Ion H. Arneson, National Institute of Standards and Technology
`
`394 Harmonised Criteria for the Security Evaluation of IT Systems and Products
`P. Casey, A. Brouwer, D. Herson, J. Pacault, F. Taal, U. Van Essen
`
`404 The VME High Securit Option
`Tom Parker, ICL
`efence Systems
`
`414 Rainbows and Arrows: How the Security Criteria Address Computer Misuse
`Peter Neumann, SRI International
`
`423 Civil and Military Application of Trusted Systems Criteria
`William Barker, Charles Pfleeger, Trusted information Systems, Inc.
`
`433 Implementation of the ComputerSecurit Act of 1987 (Executive Summary)
`Dennis Gilbert, National Institute 0 Standards and Technology
`
`.
`434 The (50's Role in Computer Security
`Cindy Hash, National Computer Security Center
`
`439 Implementation and Usage of Mandatory Access Controls
`in an O erational Environment
`Leslie otch, Honeywell Federal Systems, Inc.
`Shawn Rovansek, National Computer Security Center
`
`450 Building Trust into a Multilevel File System
`Cynthia E_. Irvine, Todd B. Ackeson, Michael F. Thompson,
`Gemini Computers, Inc.
`
`460 LAVA/CIS Version 2.0: A Software System for Vulnerability
`and Risk_ Assessment
`.
`S. T. Smith, M. L. Jalbert, Los Alamos National Laboratory
`
`470 WORKFLOW: A Methodology for Performing a Qualitative Risk Assessment
`Paul Garnett, SYSCON orporation
`
`480 Critical Risk Certification Methodology
`Nander Brown, US. Small Business Administration
`
`503 Factors Effecting the-Availability of Security Measures
`in Data Processmg Com onents
`Robert H. Courtney, Jr., obert Courtney, Incorporated
`
`515 Integrating Computer Security and Software Safety in the Life Cycle
`of Air Force Systems
`Albert C. Hoheb, The Aerospace Corporation
`
`526 Integrity Mechanisms in Database Management Systems
`Raw Sandhu, Sushil Jajodia, George Mason University
`
`541 A Taxonomy of Integrit Models, Implementations and Mechanisms
`Stephen Welke, J.
`ric Roskos, John Boone, Terry Mayfield,
`Institute for Defense Analyses
`
`552 National Com uter Security Policy (Executive Summary)
`Lynn Mc ulty, National Institute of Standards and Technology
`
`vii
`
`

`

`Thirteenth National Computer Security Conference
`October 1-4, 1990
`
`TRACK C-ll - Management 8c Administration
`
`553
`
`562
`
`564
`
`565
`
`567
`
`570
`
`5 72
`
`574
`
`577
`
`581
`
`585
`
`589
`
`594
`
`597
`
`600
`
`602
`
`605
`
`607
`
`A Brief Tutorial on Trusted Database Management Systems (Executive Summary)
`John Campbell, National Computer Security Center
`
`1990: A Year of Progress'in Trusted Database Systems (Executive Summary)
`John Campbel , NatIOnal Computer Security Center
`
`Secure Database Products (Executive Summary)
`James Pierce, Teradata Corporation
`
`Trusted Database Software: Review and Future Directions (Executive Summary)
`Peter J. Sell, National Computer Security Center
`
`Trusted Systems Interoperability (Executive Summary)
`Helena Winkler-Parenty, Sybase Corporation
`
`Oracle Secure Systems: 1989-1990 A Year in Review (Executive Summary)
`Linda Vetter, Oracle Corporation
`
`Trusted_D_atabase Machine Program: An Overview(Executive Summary)
`William O. Wesley, Jr., National Computer Security Center
`
`Trusted Database Sflstems: The Tough Issues (Executive Summary)
`John Campbe , National Computer Security Center
`
`Tough Issues: Integrity and Auditing in Multilevel Secure Databases
`(Executive Summary)
`.
`_
`Sushil Jajodia, George Mason Unlvel'Slty
`
`Issues of Concurrency COntrol and Labeling in Multilevel Database Systems
`(Executive Summary)
`.
`Teresa Lunt, Stanford Research Institute
`
`Issues in Trusted Distributed Database Management Systems -
`A POSItIOn Paper (Executive Summary)
`'
`Bhavani Thuraismgham, The MITRE Corporation
`
`SYBASE: The Trusted Subject DBMS (Executive Summary)
`Helena Winkler-Parenty, Sybase Corporation
`
`Constrained Trusted Computing Base Subsets (Executive Summary)
`Linda Vetter, Oracle Corporation
`
`Multilevel Object Oriented Database'Systems (Executive Summary)
`Raw Sandhu, George Mason University
`
`Multilevel Secure Ob'ect-Oriented Database Model (Executive Summary)
`Sushil Jajodia,
`eorge Mason University
`
`Object-Oriented S stem Security (Executive Summary)
`Teresa Lunt,
`tanford Research Institute
`
`Questions in Trusted Object-Oriented Database Management Designs
`(ExeCUtive Summary)
`Catherine Meadows, Naval Research Laboratory
`
`Single-level Ob'kects for Securit Kernal Implementation (Executive Summary)
`Jonathan Men, The MIT E Corporation
`
`viii
`
`

`

`Thirteenth National Computer Security COnference
`October 1-4, 1990
`
`Issues in Multilevel Secure Object-Oriented Database Management Systems
`(Executive Summary)
`_
`Bhavani Thuraismgham, The MITRE Corporation
`
`C2 Security and Microcom uters (Executive Summary)
`Angel Rivera, Sector echnology
`
`Electronic Certification: Has Its Time Come? (Executive Summary)
`Miles Smrd, National Institute of Standards and Technology
`
`Functional Implementation of C2 by 92 for Microcomputers
`Sec0nd Lieutenant Alan Berry,
`USAF! Air Force Cryptologic Support Center
`
`Limiting Access to Knowled e and Information
`Robert Melford, RJ Me ford Associates
`
`Considering the Implications of Future Technologies
`Ramon Barqum. Washington Consulting Group
`
`Patent, Trade Secret, and Copyright Laws: One Facet of the Golden Rule
`A
`lied to Limits on Access to Knowledge and Information
`J.
`imothy Headley, Esq.. Baker 8: Botts
`
`_
`_
`_
`SOdeEIV Runs on Trust
`alph J. Preiss, International Busmess Machines
`
`Open Access Systems: Risks & Responsibilities in the Academic Environment
`Jane Robinett, Polytechnic UniverSIty
`
`Computer Emergency Response Team: Lessons Learned
`E Eugene Schultz, Lawrence Livermore National Laboratory
`Richard Pethia, Software Engineering Institute,
`Carrie ie Mellon University
`Jerome
`alton, AT&T
`
`Discernin an Ethos for the INFOSEC Community: What Ought We Do?
`Eric eighnmger, Dynamics Research Corporation
`
`609
`
`613
`
`621
`
`622
`
`629
`
`630
`
`631
`
`632
`
`633
`
`634
`
`641
`
`647 Virus Ethics: Concerns and Responsibilities of Individuals and Institutions
`John Cordani, Adel hi University
`Douglas Brown, 0 C, Holy Cross Monastery
`
`653
`
`Concerning Hackers Who Break into Computer Systems
`Dorothy Denning, Digital Equipment Corporation
`
`ix
`
`

`

`Thirteenth National Computer Security Conference
`October 1-4, 1990
`
`Educator Sessions
`
`_
`665 A Reassessment of Computer Security Training Needs '
`Dennis Pomdexter, Department of Defense Security Institute
`
`668 Information Security: The Development of Training Modules
`Corey Schou, John Kilpatrlck, Idaho State UniverSIty
`
`678 Determinin YourTraining Needs
`Adele uchunsky, U.
`.General Accounting Office
`
`682 Computer Based Trainin : The Right Choice?
`Althea Whieldon, epartment of Defense
`
`Alternate Papers
`
`687 ANSSR: ATooI for Risk Analysis of Networked S stems
`Deborah Bodeau, Frederick Chase, Sharon ass, The MITRE Corporation
`
`697 Approaches to Building Trusted Apglications
`Helena B. Winkler-Parenty, Sy ase, Inc.
`
`707 Automated Risk Evaluation System (ARES)lCommunications - Computer
`Systems Security Mana ement System (CMS)
`Lt Glyn M Runnels, AFC C/SRE
`
`717 A Trusted Software Development Methodology
`John Watson, GE Aeros ace,
`Edward Amoroso, AT& Bell Laboratories
`
`728 A Categorization of Processor Protection Mechanisms
`Eugene Myers, National Computer Security Center
`
`738 Conductin an Object Reuse Study
`Davi Wichers, Arca Systems, Inc.
`
`748 The Deterrent Value of Natural Change in a Statistical Database
`Elizabeth Unger, Sallie Keller-McNuIty, Kansas State University
`
`758 Experiences in Acquiring and Developing Secure
`Communications-Computer Systems
`_
`Captain Charles Pierce, Air Force Cryptologic Support Center
`
`768 Secure Systems Inte rator: An Honorable Profession?
`Virgil Gibson,
`rumman Data Systems
`
`776 A Taxonomy of Security-Relevant Knowledge
`Gary Smith, National Defense Umversuty
`
`788 Usefulness of a Network Reference Monitor
`Timothy Williams, Verdix Corporation
`
`

`

`Thirteenth National Cornputer Security Conference
`October 1-4.1990
`
`Student Papers
`
`797 Safeguardin Personal Privacy against Computer Threats:
`A Struc ured Perspective
`Greg Young, Universnty of Maryland
`
`807 Legal Issues in Security &_Control of Information Systems
`Noah Stern, Unnversnty of Maryland
`
`817 Applications of Knowledge«Based Systems Techniques
`to Detect Computer System Intrusmns
`John McCarron, University of Maryland
`
`Special Reprint
`
`12th NationalComputerSecurity Conference
`
`827 The Design of the Trusted Workstation: A True "INFOSECProduct"
`Frank L. Mayer, J. Noelle McAuliffe, Trusted Information Systems, Inc.
`
`xi
`
`