Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!mcnc!gatech!rutgers!sri-unix!sri-spam!ames!sdcsvax!darrell
From: kck@wdl1.UUCP (Karl C. Kelley)
Newsgroups: comp.os.research
Subject: Re: Security in OS design
Message-ID: <3233@sdcsvax.UCSD.EDU>
Date: Wed, 27-May-87 03:14:33 EDT
Article-I.D.: sdcsvax.3233
Posted: Wed May 27 03:14:33 1987
Date-Received: Sat, 30-May-87 01:29:03 EDT
Sender: darrell@sdcsvax.UCSD.EDU
Lines: 26
Approved: mod-os@sdcsvax.uucp

There has been extensive research and development going on in this area for 
the last 15 years, much of it related to developing what are called multi-level
secure operating systems, but the research applies as well to systems for 
providing commercial protection of information, privacy, funds transfer, etc.
We actually think these days that we have a handle on how to build a system 
which is secure, the very first step of which is the formulation of a concise
statement of the security policy, that is what you intend to mean by secure.

Since there are SO MANY references and bibliographies on the subject, you will
be overcome with them when/if you drag yourself notebook in hand to the nearest
large-scale computer science research library.  In the past when I have found
it necessary to come up to speed on research areas that other people have been
imersed in for years, I have found the IEEE Tutorials an excellent kickoff for
my efforts.  For that reason (since I haven't gotten through the whole thing
myself to comment on the contents), I might recommend a current edition:
"Tutorial: Computer and Network Security" editted by Marshal D. Abrams and 
Harold J. Podell.  IEEE Compter Society Order Number 756, IEEE Catalog Number
EH0255-0, ISBN 0-8186-0756-4, Published by IEEE Computer Society Press and 
selling for some $35.

As if that were not enough to get you started, the last section of said document
is a Bibliography of recommend readings, from Saltzer's early work (1975) to
the present time, sprinkled with the names of legends in the field: Landwehr,
Lipner, Schaefer, Denning, Gasser, Millen, ...  [Some legends are missing]
After that I recommend going through the last 2 years of IEEE Computer, 
Transactions on Software Engineering, and similar such.