corners
Bryan D. Payne Banner Image


History of Computer Security Research

Last Updated: $Date: 2006/06/27 14:10:24 $

Introduction

Computer security is still a somewhat new field of study. Some of the early research findings date back no more than 40 years. This creates an interesting situation from two perspectives. First, it is entirely possible for someone to work through the major papers in this field in a reasonable ammount of time. Second, the field is so young that there are likley many interesting discoveries just around the corner.

As someone who has worked in the field of computer security for nearly ten years, I have not yet taken the time to collect and read much of this earlier work. However, seeing the importance of this work, I am now working to organize and read the major historical papers in the field. This webpage will attempt to document a timeline of these readings since it has proven non-trivial to find all of this information in one location elsewhere.

Obviously, it would be a huge project to create an exhausive listing of papers in the field. That is not the goal here. The papers that I list below are generally focused on my primary area(s) of interest, especially systems security. However, I have also tried to include major papers of general interest to the security community as well so that this can serve as a good primer on how the research developed over time. I encourage anyone with corrections to the material posted below to contact me.

Finally, please note that this is a work in progress. What you see below is an evolving list of references and information that will eventually (hopefully) tell a story of the early research in computer security.

Related Websites

The information on this page is collected from a variety of other websites. Here are some that I found to be most useful:

1960's

1970's

  • 2/1970 Willis Ware, Security Controls for Computer Systems (U): Report of Defense Science Board Task Force on Computer Security; Rand Report R609-1, The RAND Corporation, Santa Monica, CA (Feb. 1970) pdf
  • 10/1972 James P. Anderson, Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (Oct. 1972) (NTIS AD-758 206) Vol1 pdf Vol2 pdf
  • 1/1973 Roger R. Schell, Peter J. Downey, and Gerald J. Popek, Preliminary Notes on the Design of Secure Military Computer Systems, MCI-73-1, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (Jan. 1973) pdf
  • 3/1973 Stuart E. Madnick and John J. Donovan, Application and Analysis of the Virtual Machine Approach to Information System Security and Isolation, Proceedings of the workshop on virtual computer systems (Mar. 1973) pdf via ACM
  • 12/1973 J. Whitmore, A. Bensoussan, P. Green, D. Hunt, A. Robziar, and J. Stern, Design for MULTICS Security Enhancements, ESD-TR-74-176, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (Dec. 1973). pdf
  • 6/1974 Paul A. Karger and Roger R. Schell, MULTICS Security Evaluation: Vulnerability Analysis, ESD-TR-74-193 Vol. II, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (June 1974). pdf
  • 3/1975 W. L. Schiller, The Design and Specification of a Security Kernel for the PDP-11/45, MTR-2934, The MITRE Corporation, Bedford, MA 01730 (Mar. 1975) pdf
  • 5/1975 J. M. Schacht, Jobstream Separator System Design, MTR-3022 Vol. 1, The MITRE Corporation, Bedford, MA 01730 (May 1975). pdf
  • 6/1975 Peter G. Neumann, L. Robinson, Karl N. Levitt, R. S. Boyer, and A. R. Saxena, A Provably Secure Operating System, M79-225, Stanford Research Institute, Menlo Park, CA 94025 (June 1975) pdf
  • 3/1976 David E. Bell and Leonard La Padula, Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (1975) (DTIC AD-A023588) pdf
  • 5/1976 Dorothy E. Denning, A Lattice Model of Secure Information Flow, Communications of the ACM, Vol 19, Issue 5, p236 - 243 (May 1976) pdf
  • 8/1976 Theodore A. Linden, Operating System Structures to Support Security and Reliable Software, NBS Technical Note 919, Institute for Computer Sciences and Technology, National Bureau of Standards, US Department of Commerce, Washington DC 20234 (Aug. 1976) pdf
  • 4/1977 K. Biba, Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977)
  • 4/1978 Ford Aerospace, Secure Minicomputer Operating System (KSOS): Executive Summary Phase I: Design, Western Development Labratories Division, Palo Alto, CA 94303 (April 1978) pdf
  • 5/1978 Richard Bisbey II and Dennis Hollingworth, Protection Analysis: Final Report, ISI/SR-78-13, USC/Information Sciences Institute, Marina Del Rey, CA 90291 Marina Del Rey, CA 90291 (May 1978) pdf
  • 10/1979 Grace H. Nibaldi, Proposed Technical Evaluation Criteria for Trusted Computer Systems, M79-225, The Mitre Corporation, Bedford, MA 01730 (Oct. 1979) pdf

1980's

  • 4/1980 James P. Anderson, Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA (Apr. 1980) pdf
  • 6/1980 Philip Myers, Subversion: The Neglected Aspect of Computer Security, Master Thesis. Naval Postgraduate School, Monterey, CA 93940 (June 1980) pdf
  • 12/1985 Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DoD 5200.28-STD (1983, 1985) pdf
  • 5/1987 David D. Clark and David R. Wilson, A Comparison of Commercial and Military Computer Security Policies, IEEE Symposium on Security and Privacy (May 1987) pdf
  • 12/1987 William R. Shockley and Roger R. Schell, TCB Subsets for Incremental Evaluation, In Proceedings of Third AIAA Conference on Computer Security, p131-139 (Dec. 1987) pdf
  • 5/1989 David F.C. Brewer and Michael J. Nash, The Chinese Wall Security Policy, IEEE Symposium on Security and Privacy (May 1989) pdf

1990's

2000's