In carrying out its charter to help federal agencies meet their individual information technology (IT) security requirements, the National Institution of Standards and Technology (NIST) must understand what agencies need to meet those requirements.  The intial effort to improve NIST\‘s ability to identify and assess these agency needs consisted of reviewing existing documented sources of IT security-related requirements and needs, conducting and in-depth study, and establishing ongoing mechanisms to facilitate communication between NIST and agencies.  The recently conducted study involved interviews with federal agency staff and a survey in which respondents indicated the importance and immediacy of a set of three dozen candidate needs.  Study participants were selected to represent a wide variety of fereal IT security environments, applications, individual perspectives, and data processing environments. The results of the study contribute to a sound basis for planning future NIST IT security standards, guidance, and related activities. NIST is commited to security standards, guidance, and related activities. NIST is committed to developing and documenting a clear understanding of agency needs in this area and to using the documented, validated, needs as input to its program planning process. This report documents the study.

Experience with the design and implementation of a number of computer systems , and study of many other systems has led to some general hints to system design which are described herr. They are illustrated by a number of examples, ranging from hardware such as the Alto and the Dorado to application programs such as Bravo and Star.

To provide modularity and performance, operating system kernels should have only minimal embedded fucntionality. Today\‘s operating systems are so large , inefficient and , most importantly, inflexible. In our view, most operating system performance and flexibility problems can be eliminated by pushing the operating system interface lower. Our goal is to put abstractions traditionally implemented by the kernel out into user-space, where user-level libraries and servers abstract the exposed hardware resources. To achieve this goal, we have define a new operating system structure, exokernel, that safely exports the resources defined by the underlying hardware. TO enable applications to benefit from full hardware functionality and performance, they are allowed to download additions to the supervisor-mode execution environment. To guarantee that these extensions are safe, techniques such as code inspection, inlined cross-domain procedure calls, and secure languages are used. To test and eveluate exokernels and their customization techniques a prototype exokernel, Aegis, is being developed.

The use of personal computer systems (often called desktop or professional copmuters) in the office and home environment has placed increasingly powerful information system technology in the hands of growing numbers of users.  While providing many benefits, the use of such small computer systems may introduce serious potential information security risks. Although considerable progress has been made in security management and technology for large scale centralized data processing systems, relatively little attention has been given to the protection of small systems.  As a result, significant exposures may exist which can threaten the confidentiality, integrity, or availability of information resources associated with such systems.  To ensure effective protection of these valuable resources, managers, system designers, and users must be aware of the vulterabilities which exist and control measures which should be applied. This report describs management and technicla security considerations associated with the use of personal computer systems.  The primary objective is to identify and discuss several areas of potential vulerability and associated protective measures.  The issues discussed include: 1. Physical and environmental protection 2. System and data access and control 3. Integrity of Software and data 4.  Backup and Contingency planning 5. Auditability
6.  Communication protection In addition, a general plan of actioni for the management of personal computer information security is presented. References to additional information, a self-audit checklist, and a guide to security products for personal computers are provided as appendices. In general, the term \“personal computer\” refers to single-user systems.  However, most of the discussion in this report applies equally top other types of microprocessor-based systems designed for use in a general office environment (e.g. word processors, workstations, and various types of office and home computer systems).

In Carrying out its charter to help federal agencies meet thier individual information technology (IT) security requirements, the National Institute of standards and Technology (NIST) must understand what agencies need to meet those requirements.  The initial effort to improve NIST\‘s ability to identify sources of IT security-related requirements and needs, conducting an in-depth study, and establishing ongoing mechanisms to facilitate communiction between NIST and agencies.  Thhe recently conducted study involved interviews with federal agency staff and a survey in which respondents indicated the importance and immediacy of a set three dozen candidate needs.  Study participants, applications, individual perspectives, and data processing environments. The result of the study contribute to a sound basis for plannning future NIST IT security standards, guidance, and related activities.  NIST is committed to developing and documenting a clear understanding of agency needs in this area and to using the documented, validated needs as input to its program. The report documents the study.

Environmental bugs are bugs caused by limitations of precision or capacity in the nvironment of a piece of software. These bugs may be difficult to activate and even more difficult to find. This paper reports on a n extension to traditional matational testing that enables testing specifically for environmental bugs involving integer arithmetic. This method is both simple and effective, and provides some insight into other possible extensions of mutation testing methodology that can be used to expose environmental bugs.

This paper addresses the problem of tracing intruders who obscure their identity by logging on through a chain of different machines.