Wednesday, September 19, 2007

Lessons for information security from Multics

Bruce Schneier brings attention to a 2002 paper by Paul Karger and Roger Schell (PDF) about lessons learned from Multics security that are still relevant today, and Multicians come out of the woodwork in the comments.

Karger and Schell were part of the Air Force "tiger team" that ran penetration attacks against Multics in the 1970s. They were successful, which ultimately led to a Multics security enhancement project, the result of which was that Multics was the first commercial operating system to obtain a B2 security rating from the National Computer Security Center. I played a small part in that project, fixing some bugs and helping to run tests of Multics' Trusted Computing Base (TCB).

No comments: