The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.10)
pp: 40-44
Steven J. Murdoch , University of Cambridge
Mike Bond , University of Cambridge
Ross Anderson , University of Cambridge
ABSTRACT
The 1970 Security Controls for Computer Systems report, which helped shape computer systems' standard evaluation criteria, can shed light on current certification systems' shortcomings.
INDEX TERMS
Certification, Cryptography, Standards, Computer security, Informatino security, Government policies, 1970 Security Controls for Computer Systems report, certification, testing, physical security, payment schemes
CITATION
Steven J. Murdoch, Mike Bond, Ross Anderson, "How Certification Systems Fail: Lessons from the Ware Report", IEEE Security & Privacy, vol.10, no. 6, pp. 40-44, Nov.-Dec. 2012, doi:10.1109/MSP.2012.89
REFERENCES
1. W.H. Ware, Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, report R-609-1, RAND, Jan. 1970.
2. Trusted Computer System Evaluation Criteria, US Dept. of Defense, Nat'l Computer Security Center, report 5200.28-STD, Dec. 1985.
3. APACS PIN Entry Device Protection Profile (version 1.37), Assoc. for Payment Clearing Services (APACS), July 2003.
4. S. Drimer, S.J. Murdoch, and R. Anderson, “Thinking Inside the Box: System-Level Failures of Tamper Proofing,” IEEE Symp. Security and Privacy, IEEE CS, 2008, pp. 281–295.
5. R. Clayton and M. Bond, “Experience Using a Low-Cost FPGA Design to Crack DES Keys,” Proc. Workshop on Cryptographic Hardware and Embedded Systems (CHES 02), LNCS 2523, Springer, 2002, pp. 877–883.
15 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool