fbpx
Wikipedia

Ware report

April 11, 2024

Security Controls for Computer Systems, commonly called the Ware report,[1][2] is a 1970 text by Willis Ware that was foundational in the field of computer security.[3]

Development edit

A defense contractor in St. Louis, Missouri, had bought an IBM mainframe computer, which it was using for classified work on a fighter aircraft.[4] To provide additional income, the contractor asked the Department of Defense (DoD) for permission to sell computer time on the mainframe to local businesses via remote terminals, while the classified work continued.[4]

At the time, the DoD did not have a policy to cover this. The DoD's Advanced Research Projects Agency (ARPA) asked Ware - a RAND employee - to chair a committee to examine and report on the feasibility of security controls for computer systems.[4][5]

The committee's report was a classified document given in January 1970 to the Defense Science Board (DSB), which had taken over the project from ARPA.[4] After declassification, the report was published by RAND in October 1979.[4]

Influence edit

The IEEE Computer Society said the report was widely circulated,[1] and the IEEE Annals of the History of Computing said that it, together with Ware's 1967 Spring Joint Computer Conference session, marked the start of the field of computer security.[3][6]

The report influenced security certification standards and processes, especially in the banking and defense industries, where the report was instrumental in creating the Orange Book.[2]

External links edit

  • Official website

References edit

  1. ^ a b "Willis Howard Ware". IEEE Computer Society. Retrieved 2020-12-20. Security Controls for Computer Systems, tech. report R-609-PR, RAND, Defense Science Board Task Force on Computer Security, 1972. R-609- 1-PR was reissued Oct. 1979. This widely circulated report was informally known as 'the Ware report.'
  2. ^ a b Murdoch, Steven; Bond, Mike; Anderson, Ross J. (Nov–Dec 2012). "How Certification Systems Fail: Lessons from the Ware Report" (PDF). IEEE Security & Privacy. 10 (6): 40–44. doi:10.1109/MSP.2012.89. S2CID 20231. The heritage of most security certification standards in the banking industry can be traced back to ... 'Security Controls for Computer Systems' (commonly known as the Ware Report...), focussed on the problem of protecting classified information in multi-access, resource-sharing, computer systems which were at the time being increasingly used by both the government and defense contractors. The report included not only recommendations for what security functionality such systems should have in order to safely process classified information, but also proposed certification procedures for verifying whether a system meets these criteria. These certification procedures formed the basis for the Trusted Computer System Evaluation Criteria (TCSEC). The requirements and assessment criteria for TCSEC are given in 5200.28-STD, colloquially known as the 'Orange Book', but that publication is augmented by others in the 'Rainbow Series', expanding and clarifying various aspects.
  3. ^ a b Misa, Thomas J. (October–December 2016). "Computer Security Discourse at RAND, SDC, and NSA (1958-1970)". IEEE Annals of the History of Computing. 38 (4). IEEE Computer Society: 12–25. doi:10.1109/MAHC.2016.48. ISSN 1058-6180. S2CID 17609542. The 1967 Spring Joint Computer Conference session organized by Willis Ware and the 1970 Ware Report are widely held by computer security practitioners and historians to have defined the field's origin.
  4. ^ a b c d e Ware, Willis H. (2008). RAND and the information evolution : a history in essays and vignettes (PDF). RAND Corporation. ISBN 978-0-8330-4513-3.
  5. ^ Pfleeger, Charles P. (October 10, 2000). "Computer Security from the Trojan Wars to the Present". Proceedings of the 23rd National Information Systems Security Conference (PDF). 23rd National Information Systems Security Conference. Baltimore, Maryland, United States: NIST. Willis Ware (chair), 1967 Defense Science Board Study. Problem: Significant number of systems being acquired for military use. Charge: Formulate recommendations for hardware and software safeguards to protect classified information in multi-user, resource-sharing computer systems.
  6. ^ Yost, Jeffrey R. (October–December 2016). (PDF). IEEE Annals of the History of Computing. 38 (4). IEEE Computer Society: 10–11. doi:10.1353/ahc.2016.0040. S2CID 35453662. Archived from the original (PDF) on 2019-02-20. The 1970 (Willis H.) Ware Report and the 1967 Spring Joint Computer Conference (SJCC) Ware-led 'Computer Security and Privacy' session are focal points of historians and computer security scientists and are generally considered the beginning of multilevel computer security.
 

This computer security article is a stub. You can help Wikipedia by expanding it.

April 11, 2024
ware, report, security, controls, computer, systems, commonly, called, 1970, text, willis, ware, that, foundational, field, computer, security, contents, development, influence, external, links, referencesdevelopment, edita, defense, contractor, louis, missour. Security Controls for Computer Systems commonly called the Ware report 1 2 is a 1970 text by Willis Ware that was foundational in the field of computer security 3 Contents 1 Development 2 Influence 3 External links 4 ReferencesDevelopment editA defense contractor in St Louis Missouri had bought an IBM mainframe computer which it was using for classified work on a fighter aircraft 4 To provide additional income the contractor asked the Department of Defense DoD for permission to sell computer time on the mainframe to local businesses via remote terminals while the classified work continued 4 At the time the DoD did not have a policy to cover this The DoD s Advanced Research Projects Agency ARPA asked Ware a RAND employee to chair a committee to examine and report on the feasibility of security controls for computer systems 4 5 The committee s report was a classified document given in January 1970 to the Defense Science Board DSB which had taken over the project from ARPA 4 After declassification the report was published by RAND in October 1979 4 Influence editThe IEEE Computer Society said the report was widely circulated 1 and the IEEE Annals of the History of Computing said that it together with Ware s 1967 Spring Joint Computer Conference session marked the start of the field of computer security 3 6 The report influenced security certification standards and processes especially in the banking and defense industries where the report was instrumental in creating the Orange Book 2 External links editOfficial websiteReferences edit a b Willis Howard Ware IEEE Computer Society Retrieved 2020 12 20 Security Controls for Computer Systems tech report R 609 PR RAND Defense Science Board Task Force on Computer Security 1972 R 609 1 PR was reissued Oct 1979 This widely circulated report was informally known as the Ware report a b Murdoch Steven Bond Mike Anderson Ross J Nov Dec 2012 How Certification Systems Fail Lessons from the Ware Report PDF IEEE Security amp Privacy 10 6 40 44 doi 10 1109 MSP 2012 89 S2CID 20231 The heritage of most security certification standards in the banking industry can be traced back to Security Controls for Computer Systems commonly known as the Ware Report focussed on the problem of protecting classified information in multi access resource sharing computer systems which were at the time being increasingly used by both the government and defense contractors The report included not only recommendations for what security functionality such systems should have in order to safely process classified information but also proposed certification procedures for verifying whether a system meets these criteria These certification procedures formed the basis for the Trusted Computer System Evaluation Criteria TCSEC The requirements and assessment criteria for TCSEC are given in 5200 28 STD colloquially known as the Orange Book but that publication is augmented by others in the Rainbow Series expanding and clarifying various aspects a b Misa Thomas J October December 2016 Computer Security Discourse at RAND SDC and NSA 1958 1970 IEEE Annals of the History of Computing 38 4 IEEE Computer Society 12 25 doi 10 1109 MAHC 2016 48 ISSN 1058 6180 S2CID 17609542 The 1967 Spring Joint Computer Conference session organized by Willis Ware and the 1970 Ware Report are widely held by computer security practitioners and historians to have defined the field s origin a b c d e Ware Willis H 2008 RAND and the information evolution a history in essays and vignettes PDF RAND Corporation ISBN 978 0 8330 4513 3 Pfleeger Charles P October 10 2000 Computer Security from the Trojan Wars to the Present Proceedings of the 23rd National Information Systems Security Conference PDF 23rd National Information Systems Security Conference Baltimore Maryland United States NIST Willis Ware chair 1967 Defense Science Board Study Problem Significant number of systems being acquired for military use Charge Formulate recommendations for hardware and software safeguards to protect classified information in multi user resource sharing computer systems Yost Jeffrey R October December 2016 Computer Security Part 2 PDF IEEE Annals of the History of Computing 38 4 IEEE Computer Society 10 11 doi 10 1353 ahc 2016 0040 S2CID 35453662 Archived from the original PDF on 2019 02 20 The 1970 Willis H Ware Report and the 1967 Spring Joint Computer Conference SJCC Ware led Computer Security and Privacy session are focal points of historians and computer security scientists and are generally considered the beginning of multilevel computer security nbsp This computer security article is a stub You can help Wikipedia by expanding it vte Retrieved from https en wikipedia org w index php title Ware report amp oldid 1067610810, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.