Information security : proceedings of the IFIP TC11 Seventh International Conference on Information Security : Creating Confidence in Information Processing, IFIP/Sec '91, Brighton, UK, 15-17 May 1991

This proceedings examines the critical information security issues facing British Computer Society. Presented are technical, as well as organisational solutions by a distinguished list of international contributors. Particular subjects discussed include Information Technology Security Evaluation Criteria, logical access control mechanisms, security management and awareness, applications and database security, EDI security, PC security and auditing and control aspects. Specific concerns about computer viruses and how to deal with them are reviewed, as well as on a more general basis, how to investigate computer crime. Attention is also given to legislative measures which are increasingly being adopted to provide additional information protection against activities which damage individuals and organizations.

Keynote. Criteria, Evaluation and the International Environment: Where Have We Been, Where are We Going (S.B. Lipner). The UK Dept. of Trade and Industry's Commercial Computer Centre (D. Brewer et al.). Security Criteria Harmonization: The Information Technology Security Evaluation Criteria (M. Nash et al.). Commercial Security Evaluation (J. Straw and P. Fagan). Security Assessment and Conformance Testing (B.J. Chorley and W.L. Price). A Generalized Testbed for Analysing Block and Stream Ciphers (L. Brown, J. Pieprzyk, R. Safavi-Naini and J. Seberry). Digital Signatures (F. Piper). Laying the Groundwork for a Model Information Security Program (J.A. Schweitzer). Policy Route Certification: Requirements and Techniques (D. Nessett and D. Solo). Audit Control in Databases (S. Wiseman). Knowledge Based Systems: Audit, Security and Validation Issues (W.T. Tener). Auditing Expert Systems (R.R. Moeller). Building Security Applications (J. Checkley). A Role-based Modelling of Access Control with the Help of Frames (D. Jonscher and W. Gerhardt). Finding Better Methods for Identity Verification by Signatures (A. Hunstad). A Proactive Password (M. Bishop). Personal Identification - Biometrics (J.R. Parks). Promoting a Healthy Scepticism with Regard to Information Processing (D.F. Stevens). Running Corporate and National Security Awareness Programmes (W. Murray). Using Ada for Embedded Secure Systems (A. Wood). Reliable Processing of Confidential Information (G. Trouessin, J-C Fabre and Y. Deswarte). Privacy-Enhanced Electronic Mail: From Architecture to Implementation (J. Linn). ISDN-Mixes: Utracable Communication with Very Small Bandwidth Overhead (A. Pfitzmann, B. Pfitzmann and M. Waidner). Creating Confidence through Consensus (S. Kowalski). Errors are the Real Problem (W. List). Security and Credibility and some Fundamental Flaws (J.M. Carroll). Top Management Challenge - From Quantitative Guesses to Prudent Baseline of Security (J. Saari). Policing the PC - a "Neighbourhood Watch" Scheme (R. Clark). Comparing Risk Analysis Methodologies (A.M. Anderson). A Multi-Level Secure TCP/IP (R.L. Sharp and B.K. Yaski). Adapting Applications to Multi-Level Secure Unix Systems (K.A. Siil). An Architectural Approach to the Interface between Applications Programs and Security Sub-Systems (J. Sherwood and V. Gallo). A New Formal Model for Controlling Security in Multi-Domained Computer Environments (S.H. von Solms and W.H. Boshoff). Rationale for GOSIP Security Architecture (T. Knowles). EDI Security - Today and Tomarrow (J. Williamson and J.E. Draper). Information Security Control - Authority and Accountability in Practice (W.R.F. Pepper). Are your Fund Transfer Systems Secure (J.M. Ross). Concepts of an Expert System for Virus Detection (K. Brunnstein, S. Fischer-Hubner and M. Swimmer). Computer Viruses - Directions and Trends (J. Hruska). The Security of a Distributed System and its Relationship to the Environment it Serves (R.W. Jones).