Networked multimedia applications are a proliferating new feature of the emerging National Information Infrastructure (NII). Such applications employ a variety of information technologies and services to make motion and still pictures, richly formatted text and hypertext, sound and data available to information appliances over networks. The results are new, attractive communications capabilities which are valued by end-users. For maximum user acceptance, the capabilities of information appliances and the communications services that interconnect them must be well matched to specific applications for multimedia features to work well. The Cross-Industry Working Team (XIWT) member companies have delineated a set of core capabilites needed to support effective networked multimedia applications. Using these capabilities as a guide, five NII Class designations or profiles are proposed. The NII Class Profiles are intended to associate information appliance and communications services capabilities with applications requirements. These class designations can serve two purposes: 1) to establish a framework for common understanding and basis for cooperation among information industry stakeholders, and 2) as a guide to inform consumers about product capablilities to assist their purchasing choices. Proposed implementation is through a to-be-developed “Servicemark” program, e.g., NII Class “X” Capable, with an appropriate logo. Industry leadership will provide increased marketing opportunities for all NII stakeholders, and more satisfied consumers.

This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java sercurity weaknesses as well as those yet discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet.

Maynard Anderson, D. James Bidzos, National Computer Security Association, Mark Rasch, RSA Data Security, Inc., Dr. Eugene Spafford, and Dr. Ross Stapleton-Gray herby respectfully submit this Brief “Amici Curiae” in support of Appelle Daniel J. Bernstein. Pursuant to Federal Rule of Appellate Procedure 29, Appellants and Appellee have consented to the filing of this Brief “Amici Curiae”. The letters indicated this consent are being filed simultaneously with the Clerk of the Court.

Enterprises using IBM’s premier operating system for S/390 mainframes, z/OS, may have a false sense of confidence regarding the vulnerability of corporate assets. The protection offered by widely used security products can often be circumvented as a result of loopholes in other add-on software. Many such systems are frequently not nearly as resistant to security penetration as corporate management have been led to believe. New inspection, certification and verification techniques must be implemented before MVS-based systems can be employed as a safe haven for the conduct of electronic commerce and a secure repository for corporate and national assets.

This paper presents a new variant of the Rabin-Williams digital signature system, offering the same security and signing speed but much faster verification. For example, verification of a signature under a 2048-bit public key takes 103 micro- seconds on a Pentium-133.

Each federal organization is fuly responsible for its computer security program whether the security program is performed by in-house staf or contracted out.  TIme constraints, budget constraints, availability or expertise of staff, and the potentila knowledge to be gained by the organization from an experienced contractor are among the reasons a federal organization may wish to get external assistance for some of these complex, labor intensive activities. An interagency working group of federal and private sector security specialists developed this document.  The document presents the ideas and experiences of those involved with computer security.  It supports the operational field with a set of Statements of WOrks (SOWs) describing significant copmuter security activities.  While not a substitute for good computer security management, organization staff and government contractors can use these SOWs as a basis for a common understanding of each described activity.  THe sample SOWs can faster easier access to more consistent, high-quality computer security services.  The descriptions apply to contracting for services or obtaining them from within the organization.

One of the favorite diversions of university students involves “beating” the system. In the case of operating systems, this has been a remarkably easy accomplishment An extensive lore of operating system penetration, ranging from anecdotes describing students who have outsmarted the teacher’s grading program to students who captured the system’s password list and posted it on one of the bulletin boards has been collected on college campuses. Private industry has been victimized much more seriously. Here the lore of the “system” penetrations contains scenarios involving the loss of tens of thousands of dollars. The Research and Development organization at SDC has been seriously involved with legitimate operating system penetration efforts. Under contract to government agencies and industry SDC has assessed the secure-worthiness of their systems by attemps to gain illegal access to their operating systems. As of this date, seven operating systems have been studied. This paper examines the successful penetration methodology employed and the generic operating system functional weaknesses that have been found. Recommendations are made for improvement that can strengthen the penetration methodology.

This empirical research demonstrates the effectiveness of content analysis to map the research literature of the software engineering discipline. The results suggest that certain research themes in software engineering have remained constant, but with changing thrusts. Others themes have arisen, matured and then faded as major research topics, while still others seem trasient or immature. Co-word analysis is the specific technique used. This methodology identifies associations among publication descriptors (indexing terms) from the ACM Computing Classification System and produces networks of descriptors that reveal these underlying patterns. The methodology is applicable to other domains with a supporting corpus of textual data. While this study utilizes index terms from a fixed taxonomy, that restriction is not inherent; the descriptors can be generated from the corpus. Hence, co-word analysis and the supporting software tools employed here can provide unique insights into any discipline’s evolution.