- Email: [email protected]
Achieving inter-operable security services in open systems products
COMPSEC ‘95 Paper Abstracts
l What
areas can be missed, What enhanced...
l
controls
can be
Internal Vs. External Gurus
Title: Author:
MVWSMF Audit Trail Processing Norman Cracker, Computer Associates Sweden
An audit trail of activities is a vital part of the IS control mechanisms, in IBM’s MVS operating system the primary audit trail is SME In addition to its function of recording system events SMF is also used by the access control software. This session will introduce the working of SMF and highlight some of the controls and areas to watch to ensure that the SMF audit trail is complete and reliable.
Internet protocol suite are also described. The paper includes examples to illustrate the way in which mistakes combine to cause security breaches. Explanations of preventive measures are also provided. It is assumed that the reader has some knowledge of Unix and the TCP/IP protocol suite. Title: Author:
Current Developments in Open Systems Security Vernon Poole, Aid to Industry; and Dean Adams, X/Open
This session will review the security developments being conducted by X/Open, in particular, outlines will be given on:@Distributed security framework work l Baseline
security research
DAY 2: Thursday 26th October
@Auditing tools being specified
KEYNOTE
l Future programmes being planned by X/Open curity’Technica1 Working Group.
Title: Author:
Cryptography and the Global Information Infrastructure Lynn McNulty, McNulty and Associates
This session will review the security requirements of the evolving global information infrastructure and discuss the policy dilemma posed by increasingly sophisticated commercial cryptographic technologies. It examines the current status of the cryptographic policy debate in the United States, with particular emphasis on developments in the aftermath of the Oklahoma City bombing. This sad event has served to rekindle government concern about commercial cryptography interfering with legitimate law enforcement and national security interests.
STREAM 1: Open Systems Title: Author:
Open Systems Security: Traps and Pitfalls Jim Reid, UKUUG
A number of security problems affecting open systems are discussed in this paper, covering vendor supplied software, vulnerabilities in subsystems, password integrity and general security issues. Problems with the
420
‘Se-
The growing importance of security will also be discussed, with reference to the X/tra Conference 1995 proceedings. Title: Author
Achieving Inter-operable Security Services in Open Systems Products Paul Smith, SISL
This paper describes how the UK MOD’s Security in Open Systems Technology Demonstrator Programme (SOS TDP) is working with leading IT users and vendors to make distributed security services available in commercial off-the-shelf products. The aim is to encourage a number of leading IT vendors to provide inter-operable security services that meet the needs of a wide range of IT user organizations in commerce, as well as civil and military government. Title: Author:
The Spook Solution Business Mark Buckwell, IBM
Now Open For
For many years, defence, intelligence and government organizations have been using highly specialized security technologies to control access to sensitive
l What
areas can be missed, What enhanced...
l
controls
can be
Internal Vs. External Gurus
Title: Author:
MVWSMF Audit Trail Processing Norman Cracker, Computer Associates Sweden
An audit trail of activities is a vital part of the IS control mechanisms, in IBM’s MVS operating system the primary audit trail is SME In addition to its function of recording system events SMF is also used by the access control software. This session will introduce the working of SMF and highlight some of the controls and areas to watch to ensure that the SMF audit trail is complete and reliable.
Internet protocol suite are also described. The paper includes examples to illustrate the way in which mistakes combine to cause security breaches. Explanations of preventive measures are also provided. It is assumed that the reader has some knowledge of Unix and the TCP/IP protocol suite. Title: Author:
Current Developments in Open Systems Security Vernon Poole, Aid to Industry; and Dean Adams, X/Open
This session will review the security developments being conducted by X/Open, in particular, outlines will be given on:@Distributed security framework work l Baseline
security research
DAY 2: Thursday 26th October
@Auditing tools being specified
KEYNOTE
l Future programmes being planned by X/Open curity’Technica1 Working Group.
Title: Author:
Cryptography and the Global Information Infrastructure Lynn McNulty, McNulty and Associates
This session will review the security requirements of the evolving global information infrastructure and discuss the policy dilemma posed by increasingly sophisticated commercial cryptographic technologies. It examines the current status of the cryptographic policy debate in the United States, with particular emphasis on developments in the aftermath of the Oklahoma City bombing. This sad event has served to rekindle government concern about commercial cryptography interfering with legitimate law enforcement and national security interests.
STREAM 1: Open Systems Title: Author:
Open Systems Security: Traps and Pitfalls Jim Reid, UKUUG
A number of security problems affecting open systems are discussed in this paper, covering vendor supplied software, vulnerabilities in subsystems, password integrity and general security issues. Problems with the
420
‘Se-
The growing importance of security will also be discussed, with reference to the X/tra Conference 1995 proceedings. Title: Author
Achieving Inter-operable Security Services in Open Systems Products Paul Smith, SISL
This paper describes how the UK MOD’s Security in Open Systems Technology Demonstrator Programme (SOS TDP) is working with leading IT users and vendors to make distributed security services available in commercial off-the-shelf products. The aim is to encourage a number of leading IT vendors to provide inter-operable security services that meet the needs of a wide range of IT user organizations in commerce, as well as civil and military government. Title: Author:
The Spook Solution Business Mark Buckwell, IBM
Now Open For
For many years, defence, intelligence and government organizations have been using highly specialized security technologies to control access to sensitive