Security and Privacy in Computer Systems: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:24, 23 December 2020 edit Zazpot (talk \| contribs) Extended confirmed users, IP block exemptions, Rollbackers 11,461 edits m Zazpot moved page User:Zazpot/Security and privacy in computer systems to Security and privacy in computer systems: Still just a stub, but well-sourced. More beneficial to readers (and to Wikipedia's mission) in main space than user space, so moving to the former. ← Previous edit		Latest revision as of 06:46, 28 May 2025 edit undo OAbot (talk \| contribs) Bots 643,717 edits m Open access bot: url-access updated in citation with #oabot.
(20 intermediate revisions by 11 users not shown)
Line 1: {{Short description\|1967 paper by Willis Ware}} '''''Security and privacy in computer systems''''' is a paper by [[Willis Ware]] that was first presented to the public at the 1967 [[Spring Joint Computer Conference]].<ref name="slate-2020-12-18">{{cite web\|date=2020-12-18\|access-date=2020-12-18\|url=https://slate.com/news-and-politics/2020/12/solarwinds-russian-hack-cybersecurity.html\|work=Slate\|first=Fred\|last=Kaplan\|title=A Hack Foretold\|quote=In April 1967, just before the [[ARPANET]]'s rollout, an engineer named Willis Ware wrote a paper called 'Security and Privacy in Computer Systems' ... warning that once users could access data from multiple locations, people with certain skills could hack into a network—and after hacking into one part of the network, they could roam at will. [[Stephen Lukasik]], ARPANET's supervisor, took Ware's paper to his team and asked what they thought. The team was annoyed. They begged Lukasik not to saddle them with a security requirement. ... Let's do this step by step, the team said. It had been hard enough to get the system to ''work''; the Russians wouldn't be able to match it for decades. It ''did'' take decades—about three decades—for the Russians, then the Chinese and others, to develop their own systems along with the technology to hack America. Meanwhile, vast systems and networks would sprout up throughout the U.S. and much of the world, without any provisions for security. Some provisions would be backfitted later, but the vulnerability that Ware and the later studies observed was built into the technology. That's the root of the problem we’re seeing today.}}</ref><ref>{{cite web\|title=AFIPS Spring Joint Computing Conference 1967: Atlantic City, NJ, USA\|url=https://dblp.org/db/conf/afips/afips67s.html\|publisher=[[DBLP]]}}</ref>▼ {{italic title}} ▲'''''Security and ~~privacy~~Privacy in ~~computer~~Computer ~~systems~~Systems''''' is a paper by [[Willis Ware]] that was first presented to the public at the 1967 [[Spring Joint Computer Conference]].<ref name="slate-2020-12-18">{{cite web\|date=2020-12-18\|access-date=2020-12-18\|url=https://slate.com/news-and-politics/2020/12/solarwinds-russian-hack-cybersecurity.html\|work=Slate\|first=Fred\|last=Kaplan\|title=A Hack Foretold\|quote=In April 1967, just before the [[ARPANET]]'s rollout, an engineer named Willis Ware wrote a paper called 'Security and Privacy in Computer Systems' ... warning that once users could access data from multiple locations, people with certain skills could hack into a network—and after hacking into one part of the network, they could roam at will. [[Stephen Lukasik]], ARPANET's supervisor, took Ware's paper to his team and asked what they thought. The team was annoyed. They begged Lukasik not to saddle them with a security requirement. ... Let's do this step by step, the team said. It had been hard enough to get the system to ''work''; the Russians wouldn't be able to match it for decades. It ''did'' take decades—about three decades—for the Russians, then the Chinese and others, to develop their own systems along with the technology to hack America. Meanwhile, vast systems and networks would sprout up throughout the U.S. and much of the world, without any provisions for security. Some provisions would be backfitted later, but the vulnerability that Ware and the later studies observed was built into the technology. That's the root of the problem we’re seeing today.}}</ref><ref>{{cite web\|title=AFIPS Spring Joint Computing Conference 1967: Atlantic City, NJ, USA\|url=https://dblp.org/db/conf/afips/afips67s.html\|publisher=[[DBLP]]}}</ref><ref>{{Cite Q \| Q104882139 }}</ref> ==Significance== Ware's presentation was the first public conference session about [[information security]] and privacy in respect of computer systems, especially networked or remotely-accessed ones.<ref>{{cite book\|year=1972\|publisher=RAND Corporation\|first1=P. \|last1=Carpenter-Huffman \|first2=Marjorie L. \|last2=Rapp\|url=https://books.google.~~co.uk~~com/books?id=mOknAQAAIAAJ&dqq=1967+Spring+Joint+Computer+Conference\|title=Testing in innovative systems\|quote=Ware organized the first session on data privacy/security ever held at a computer conference - "Security and Privacy in Computer Systems" at the 1967 Spring Joint Computer Conference (SJCC), April 1967.}}</ref><ref>{{cite book\|title=Privacy and security issues in information systems\|first1=R.\|last1=Turn\|first2=W. H.\|last2=Ware\|date=July 1976\|publisher=RAND Corporation\|url=https://apps.dtic.mil/dtic/tr/fulltext/u2/a037896.pdf\|archive-url=https://web.archive.org/web/20220601074617/https://apps.dtic.mil/dtic/tr/fulltext/u2/a037896.pdf\|url-status=live\|archive-date=June 1, 2022\|quote=The first apprehension with computer security began In the 1950s with concern over degaussing of magnetic tapes and preventing dissemination of classified information via electromagnetic emanations. By the mid—1960s time—sharing and multiprogramming allowed computer systems to serve many users simultaneously, and on-line programming, job execution, and data file manipulations could be performed from remotely located terminals. In such systems, as first discussed at the 1967 Spring Joint Computer Conference, security problems are different; there are many vulnerabilities which can be exploited by maliciously motivated users or by intruders from outside the system to perpetrate a variety of threats.}}</ref><ref>{{cite journal\|journal=Rutgers ~~journal~~Journal of ~~computers~~Computers and the ~~law~~Law\|volume=5\|year=1975\|url=https://books.google.~~co.uk~~com/books?id=ZR9MAQAAIAAJ&dqq=1967+spring+joint+computer+conference \|title=Computer Security\|page=221\|quote=The earliest concerns arose in connection with computer applications in the military, where large databases and remote access to central computing files first emerged. With good reason, much of the information on how to make military systems secure remains classified. Such expertise was first brought to civilians during the 1967 Spring Joint Computer Conference.}}</ref><ref name="rand-2008-vignettes">{{cite book\|first=Willis H.\|last=Ware\|author-link=Willis Ware\|publisher=RAND Corporation\|isbn=978-0-8330-4513-3\|year=2008\|title=RAND and the information evolution : a history in essays and vignettes\|url=https://www.rand.org/content/dam/rand/pubs/corporate_pubs/2008/RAND_CP537.pdf\|quote=From this milieu, the topic of computer security—later to be called information-system security and currently also referred to as protection of the national information infrastructure—moved from the world of classified defense interests into public view for the first time. A few people—Bob Patrick, Pat Haverty, and Willis Ware among others—all then at the RAND Corporation ... had, in the late 1950s and early 1960s, been talking about the growing dependence of the country and its institutions on computer technology. It concerned them that the installed systems might not be able to protect themselves and their data against intrusive and destructive attacks. While there had been a few papers at the conferences on social effects of burgeoning computer technology, they decided that it was time to more directly bring the security aspect of computer systems to the attention of the technology and user communities. A fortuitous enabling event was the development within the [[National Security Agency]] (NSA) of a remote-access time-sharing system with a full set of security-access controls, running on a UNIVAC 494 machine, and serving terminals and users not only within the headquarters building at Fort George G. Meade, Maryland, but also worldwide. Willis Ware knew of the existence and details of the system. It proved possible to have a paper about the NSA system presented in a public forum, and, with two others from RAND to help—Harold Petersen and Rein Turn—plus Bernard Peters of NSA, a group of papers was organized and offered to the SJCC conference management as a ready-made additional paper session to be chaired by Ware. The conference accepted the offer, and the session was presented at the Atlantic City (N.J.) Convention Hall in 1967.}}</ref> The [[IEEE Annals of the History of Computing]] said that Ware's 1967 Spring Joint Computer Conference session, together with 1970's [[Ware report]], marked the start of the field of computer security.<ref name="acm-MAHC.2016.48">{{cite journal\|url=https://dl.acm.org/doi/10.1109/MAHC.2016.48 \|quote=The 1967 Spring Joint Computer Conference session organized by Willis Ware and the 1970 Ware Report are widely held by computer security practitioners and historians to have defined the field's origin. \|first=Thomas J. \|last=Misa\| title=Computer Security Discourse at RAND, SDC, and NSA (1958-1970)\|issn=1058-6180\|volume=38\|number=4\|date=~~October-December~~October–December 2016\|journal=IEEE Annals of the History of Computing\|pages=12–25 \|publisher=IEEE Computer Society\|doi=10.1109/MAHC.2016.48 \|s2cid=17609542 \|url-access=subscription}}</ref><ref name="yost">{{cite journal\|quote= The 1970 (Willis H.) Ware Report and the 1967 Spring Joint Computer Conference (SJCC) Ware-led 'Computer Security and Privacy' session are focal points of historians and computer security scientists and are generally considered the beginning of multilevel computer security.\|url= http://pdfs.semanticscholar.org/1ef3/d20ebbeb9ba40136d29a2cf04b2bd0fbd4c7.pdf\|archive-url= https://web.archive.org/web/20190220035817/http://pdfs.semanticscholar.org/1ef3/d20ebbeb9ba40136d29a2cf04b2bd0fbd4c7.pdf\|url-status= dead\|archive-date= 2019-02-20\|title=Computer Security, Part 2\|first=Jeffrey R. \|last=Yost\|doi=10.1353/ahc.2016.0040\|pages=~~10-11~~10–11\|volume=38\|number=4\|date=~~October-December~~October–December 2016\|journal=IEEE Annals of the History of Computing\|publisher=IEEE Computer Society\|s2cid=35453662}}</ref> ==External links== Line 13 ⟶ 15: {{computer-security-stub}} [[Category:Computer security]] [[Category:Information sensitivity]] [[Category:Information privacy]]