APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED In October 1967 a Task Force was organized by the Advanced Research Projects Agency (now the Defense Advanced Research Projects Agency) to study and recommend appropriate computer security safeguards that would protect classified information in multi-access, resource-sharing computer systems.The report of the Task Force, which functioned under the auspices of the Defense Science Board, was published by The Rand Corporation in February 1970 for the Office of the Director of Defense Research and Engineering, Department of Defense.A slightly modified version of the report -- the only omissions were two memoranda of transmittal from the Task Force to the Chairman of the Defense Science Board and onward to the Secretary of Defense -- was subsequently published as Rand Report R-609, Security Controls for Computer Systems.

updating security clearance-6

Since the matter involved technical issues, the paper was referred to the Office of the Director of Defense Research and Engineering for consideration. Taylor) Advanced Research Projects Agency, Department of Defense. Meade, Maryland Donal Burns, Central Intelligence Agency, Washington, D. Thomas Chittenden, National Security Agency, Fort George G. Cleaveland, Defense Communication Agency, Washington, D. Barry Wessler, Advanced Research Projects Agency, Department of Defense, Washington, D. Ronald Wigington, Chemical Abstracts Service, Columbus, Ohio Edward L. The Steering Group and its Panels also acknowledge the contributions of the many individuals who read our draft material and supplied valuable comments and suggestions. Ware January 1, 1970 With the advent of resource-sharing computer systems that distribute the capabilities and components of the machine configuration among several users or several tasks, a new dimension has been added to the problem of safeguarding computer-resident classified information.

In June 1967, the Deputy Director (Administration, Evaluation and Management) requested the Director of the Advanced Research Projects Agency (ARPA) to form a Task Force to study and recommend hardware and software safeguards that would satisfactorily protect classified information in multi-access, resource-sharing computer systems. Glaser (ex officio), Case Western Reserve University, Cleveland, Ohio Willis H. The basic problems associated with machine processing of classified information are not new.

Within ARPA, the responsibility for this task was forwarded to Mr. Taylor, Director of the Office of Information Processing Techniques. Ware (ex officio), The Rand Corporation, Santa Monica, Calif. Glaser, Chairman, Case Western Reserve University, Cleveland, Ohio Arthur A. They have been encountered in the batch-processing mode of operation and, more recently, in the use of remote job-entry systems; the methods used to safeguard information in these systems have, for the most part, been extensions of the traditional manual means of handling classified documents.

For example, it includes an appendix that outlines and formally specifies a set of access controls that can accommodate the intricate structure of the classification system used by the defense establishment. The Introduction and portions of Part A were initially authored by Wade B. Ware, incorporating material from a paper by the Technical Panel and some information from personal letters of Prof. The Technical Recommendations, Part C, mainly reflect the content of two papers produced by the Technical Panel, modified to a minor extent by information from personal letters of Prof. Finally, Part D, on Management and Administrative Control, was written by Willis H. The subject of security control in multi-access computer systems is of sufficiently wide interest that many members of the Steering Group and the Panels contacted a number of individuals, organizations, and agencies in the course of this effort.

The original classification of the report limited its distribution largely to defense agencies and defense contractors; civil agencies of government and industry at large generally did not have access to it. Ware, and utilizes ideas from "Security of Classified Information in the Defense Intelligence Agency's Analyst Support and Research System" (February 1969, C-3663/MS-5), and from "Security Procedures for the RYE System" (W. It would be impossible to mention every person with whom we have talked and who in some way has influenced our final recommendations.

Because of the continuing importance of computer security, the report is being reissued at this time for wider distribution. NATURE OF THE PROBLEM Fundamental Principles System Personnel Information Structure and Transforms System Transaction Accounting Reliability and Auto-Testing Information Security Labels Management of Storage Resources System Certification Introduction Central Processor Hardware Software Access Control Throughout the System Communication Lines Terminals Certification Open Environment Considerations Research Needed Overall System Problems Introduction Computer System Catalogs Security Control System Generation Security Structure Definition Personnel Security Definition and User Clearance Update Authorization Group Definition Universal Privileges Terminal Security Definition and Update File Access Processing Annex A: Formal System Access Specification Annex B: Security Component Definition Examples The question of security control in resource-sharing systems was brought into focus for the Department of Defense by a series of events in the spring and summer of 1967. Blair, International Business Machines Corp., Yorktown, N. Among others, however, we interacted with Colonel Roy Morgan of the Defense Intelligence Agency representing the ANSR computing system, and Mr.The support of The Rand Corporation in reprinting this report is gratefully acknowledged. Such systems were being procured in increasing numbers for government installations; the problems of security for them were becoming of pressing concern both to defense contractors and to military operations; the Research Security Administrators had forwarded a position paper through the Defense Supply Agency to the Director for Security Policy in the Office of Assistant Secretary of Defense (Administration) soliciting action. Robert von Buelow, System Development Corporation, Santa Monica, Calif. Moskowitz, Chairman, National Security Agency, Fort George G. Roy Mc Cabe, System Development Corporation, Sacramento, Calif. George Hicken, National Security Agency, representing the RYE and COINS systems.Consequently, it was felt prudent to classify the report Confidential overall. Saltzer, Massachusetts Institute of Technology, Cambridge, Mass. Moskowitz (ex officio), National Security Agency, Fort George G. Ware (ex officio), The Rand Corporation, Santa Monica, Calif.On October 10, 1975, the Defense Advanced Research Projects Agency declassified it. Roberts, Advanced Research Projects Agency, Department of Defense, Washington, D. Initially, the representative of the Directorate for Security Policy was Lieutenant Commander Armen Chertavian (USN); and the representative to the Policy Panel from the Central Intelligence Agency, was Mr. The members of the Task Force participated as individuals knowledgeable of the technical, policy, and administrative issues involved. The final editing and details of format and style are due to Wade B. The Report was printed and published by The Rand Corporation, under ARPA sponsorship. Holland, The Rand Corporation, Santa Monica, California; Miss Hilda Faust, National Security Agency, Fort George G. Clark Weissman, System Development Corporation, Santa Monica, California.Nearly a decade later the report is still a valuable comprehensive discussion of security controls for resource-sharing computer systems. Jayne, Executive Office of The President, Washington, D. Thus, the views stated herein do not reflect the policy of the Federal Government, any of its agencies, or any university or industrial corporation. It was then critiqued, modified, emended, and shaped by the members of the Steering Group and the Panels. Part B, the Policy Considerations and Recommendations, is substantially from the final paper produced by the Policy Panel. Ware; it was subsequently extended and rewritten by Mr. The success of a venture such as this depends upon the personal dedication and volunteer participation of the individuals involved. A special acknowledgment is due Thomas Chittenden, National Security Agency, Fort George G.Ideas first expressed in this report and even occasional figures from it have gradually seeped into the technical literature, but it still contains material that has not been published elsewhere. Ultimately, a Report has to be written by one person. A second complete draft was written by Thomas Chittenden, and the final version by Willis H. Each Panel produced a series of papers which formed the basis for the recommendations on software, hardware, procedures, and policy. Section V of Part A, on System Characteristics, is largely from Willis H. Many of the explanatory comments come from the original paper, although some were added in the final writing. In addition to the listed members of the Steering Group and the Panels, it is also a pleasure to acknowledge the contributions of Dr. Meade, Maryland, who rewrote the entire document to produce the all-important second draft.