apa.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,435 行 · 第 1/5 页

F. Manola. C.E. Landwehr (ed.), Elsevier Science Publishers B.V., North Holland,
1988. GTE Labs. December 1987.</P>
<P><B>A Policy Framework for Multilevel Relational Databases.</B> Xiaolei Qian and
Teresa F. Lunt. SRI-CSL-94-12, August 1994.</P>
<P><B>A Secure Concurrency Control Protocol for Real-Time Databases.</B> R. Mukkamala,
Old Dominion University, and S. H. Son, University of Virginia. IFIP WG 11.3 Working
Conference on Database Security, Rensselaerville, New York, August 13-16, 1995.</P>
<P><B>A Security Model for Military Message System.</B> C. E. Landwehr, C. L Heitmeyer,
and J. McLean. ACM Transactions on Computer Systems, 2(3), August 1984.</P>
<P><B>Access Control: Principles and Practice.</B> R.S. Sandhu and P. Saramati. <I>IEEE
Communications</I>, pp. 2-10. 1994.</P>
<P><B>An Extended Authorization Model for Relational Databases.</B> E. Bertino, P.
Samarati, and S. Jajodia. IEEE Transactions on Knowledge and Data Engineering, Volume
9, Number 1, 1997, pp. 85-101.

<UL>
	<LI><A HREF="http://www.isse.gmu.edu/~csis/publications/ieee-97.ps"><TT>http://www.isse.gmu.edu/~csis/publications/ieee-97.ps</TT></A>
</UL>

<P><B>Authorizations in Relational Database Management Systems.</B> E. Bertino, S.
Jajodia, and P. Saramati. ACM Conference on Computer and Communications Security,
Fairfax, VA, 1993. pp. 130-139.</P>
<P><B>Decentralized Management of Security in Distributed Systems.</B> R.S. Sandhu,
DSOM. 1991.

<UL>
	<LI><TT>http://www.list.gmu.edu/~sandhu/papers/confrnc/misconf/ps_ver/dsom91.ps</TT>
</UL>

<P><B>Ensuring Atomicity of Multilevel Transactions.</B> P. Ammann, S. Jajodia, and
I. Ray. IEEE Symposium on Research in Security and Privacy. Oakland, CA, May 1996.
pp. 74-84.

<UL>
	<LI><A HREF="http://www.isse.gmu.edu/~csis/publications/oklnd96-indrksi.ps"><TT>http://www.isse.gmu.edu/~csis/publications/oklnd96-indrksi.ps</TT></A>
</UL>

<P><B>Formal Query Languages for Secure Relational Databases.</B> M. Winslett, K.
Smith and X. Qian. ACM TODS, 19(4):626-662. 1994.</P>
<P><B>Honest Databases That Can Keep Secrets.</B> R. S. Sandhu and S. Jajjodia, NCSC.

<UL>
	<LI><A HREF="http://www.list.gmu.edu/~sandhu/papers/confrnc/ncsc/ps_ver/b91poly.ps"><TT>http://www.list.gmu.edu/~sandhu/papers/confrnc/ncsc/ps_ver/b91poly.ps</TT></A>
</UL>

<P><B>Locking Protocol for Multilevel Secure Databases Providing Support for Long
Transactions.</B> S. Pal, Pennsylvania State University. IFIP WG 11.3 Working Conference
on Database Security, Rensselaerville, New York, August 13-16, 1995.</P>
<P><B>Messages, Communications, Information Security: Protecting the User from the
Data.</B> J. E. Dobson and M. J. Martin, University of Newcastle. IFIP WG 11.3 Working
Conference on Database Security, Rensselaerville, New York, August 13-16, 1995.</P>
<P><B>Microsoft Access 2.0 Security.</B> Tom Lucas. <I>PC Solutions</I>.

<UL>
	<LI><A HREF="http://www.pc-solutionsinc.com/lucasec.html"><TT>http://www.pc-solutionsinc.com/lucasec.html</TT></A>
</UL>

<P><B>Multilevel Security for Knowledge Based Systems.</B> Thomas D. Garvey and Teresa
F. Lunt. SRI-CSL-91-01, February 1991. Stanford Research Institute.</P>
<P><B>On Distributed Communications: IX. Security, Secrecy and Tamper-Free Considerations.</B>
P. Baran. Technical Report, The Rand Corporation. Number RM-376, August 1964.</P>
<P><B>Role-Based Access Controls.</B> D.F. Ferraiolo and R. Kuhn. NIST-NCSC National
Computer Security Conference, Baltimore, MD, 1993. pp. 554-563.</P>
<P><B>Symposium on the Global Information Infrastructure: Information, Policy &amp;
International Infrastructure.</B> Paul A. Strassmann, U.S. Military Academy West
Point and Senior Advisor, SAIC; William Marlow, Senior Vice President, SAIC. January
28-30, 1996.</P>
<P><B>The Microsoft Internet Security Framework (MISF) Technology for Secure Communication,
Access Control, and Commerce.</B> &quot; 1997 Microsoft Corporation. (All rights
reserved.)

<UL>
	<LI><A HREF="http://www.microsoft.com/intdev/security/"><TT>http://www.microsoft.com/intdev/security/</TT></A>
</UL>

<P><B>Trusted Database Management System.</B> NCSC-TG-021. Trusted Database Management
System Interpretation. April 1991. Chief, Technical Guidelines Division. ATTN: C11
National Computer Security Center Ft. George G. Meade, MD 20755-6000.</P>
<P><B>Why Safeguard Information?</B> Computer Audit Update, Elsevier Advanced Technology,
1996. Abo Akademi University, Institute for Advanced Management Systems Research,
Turku Centre for Computer Science. Thomas Finne.

<UL>
	<LI><A HREF="http://www.tucs.abo.fi/publications/techreports/TR38.html"><TT>http://www.tucs.abo.fi/publications/techreports/TR38.html</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>Articles</B></FONT></H3>
<P><B>&quot;Accountability Is Key to Democracy in the Online World.&quot;</B> Walter
S. Mossberg. <I>The Wall Street Journal</I>. Thursday January 26, 1995.</P>
<P><B>&quot;ActiveX Used as Hacking Tool.&quot;</B> Wingfield, N. <I>CNET News</I>,
February 7, 1997.

<UL>
	<LI><A HREF="http://www.news.com/News/Item/0,4,7761,4000.html?latest"><TT>http://www.news.com/News/Item/0,4,7761,4000.html?latest</TT></A>
</UL>

<P><B>&quot;Alleged Computer Stalker Ordered Off Internet.&quot;</B><I> </I>Stevan
Rosenlind. McClatchy News Service. July 26, 1995.</P>
<P><B>&quot;A Tiger Team Can Save You Time and Money and Improve Your Ability to
Respond to Security Incidents.&quot;</B> Peter Galvin. <I>SunWorld</I> <I>Online</I>.
February 1996.

<UL>
	<LI><A HREF="http://www.sandcastle-ltd.com/articles.html"><TT>http://www.sandcastle-ltd.com/articles.html</TT></A>
</UL>

<P><B>&quot;Billions and Billions of Bugs.&quot;</B> Peter Galvin. <I>SunWorld Online</I>.

<UL>
	<LI><A HREF="http://www.sun.com/sunworldonline/swol-03-1996/swol-03-security.html"><TT>http://www.sun.com/sunworldonline/swol-03-1996/swol-03-security.html</TT></A>
</UL>

<P><B>&quot;Breaches From Inside Are Common.&quot;</B> <I>Infosecurity News</I>.
January/February 1997.</P>
<P><B>&quot;CYBERWAR IS COMING!&quot;</B> John Arquilla and David Ronfeldt. International
Policy Department, Rand Corporation. 1993. Taylor &amp; Francis. ISSN: 0149-5933-93.</P>
<P><B>&quot;Digital IDs Combat Trojan Horses on the Web.&quot;</B> Bray, H. <I>Computer
News Daily</I>. February 1997.

<UL>
	<LI><A HREF="http://computernewsdaily.com/live/Latest_columns/052_022197_124200_25016.html"><TT>http://computernewsdaily.com/live/Latest_columns/052_022197_124200_25016.html</TT></A>
</UL>

<P><B>&quot;FBI Investigates Hacker Attack at World Lynx.&quot;</B> B. Violino. <I>InformationWeek
Online</I>. November 12, 1996.

<UL>
	<LI><A HREF="http://techweb.cmp.com/iw/newsflash/nf605/1112_st2.htm"><TT>http://techweb.cmp.com/iw/newsflash/nf605/1112_st2.htm</TT></A>
</UL>

<P><B>&quot;Gang War in Cyberspace.&quot;</B> Slatalla, M. and Quitner, J. <I>Wired</I>,
Volume 2, Number 12. December, 1994.

<UL>
	<LI><A HREF="http://www.hotwired.com/wired/2.12/features/hacker.html"><TT>http://www.hotwired.com/wired/2.12/features/hacker.html</TT></A>
</UL>

<P><B>&quot;KC Wrestles With Equipment Theft Problem.&quot;</B> Timothy Heider. <I>Kansas
City Star</I>. February 17, 1997.

<UL>
	<LI><A HREF="http://www.isecure.com/newslet.htm"><TT>http://www.isecure.com/newslet.htm</TT></A>
</UL>

<P><B>&quot;Macros Under the Microscope: To Stop the Spread of Macro Viruses, First
Understand How They Work.&quot;</B> Kenneth R. van Wyk. <I>Infosecnews</I>.

<UL>
	<LI><A HREF="http://www.infosecnews.com/article5.htm"><TT>http://www.infosecnews.com/article5.htm</TT></A>
</UL>

<P><B>&quot;Network Security Throughout the Ages.&quot;</B><I> </I>Jeff Breidenbach.
1994. Switzerland (Project MAC) Association. MIT Project on Mathematics and Computation.</P>
<P><B>&quot;New York's Panix Service Is Crippled by Hacker Attack.&quot;</B><I> </I>Robert
E. Calem. <I>The New York Times</I>. September 14, 1996.</P>
<P><B>&quot;Pentagon Web Sites Closed After Visit from Hacker.&quot;</B> Nando.net
News Service. December 30, 1996.

<UL>
	<LI><A HREF="http://www.nando.net/newsroom/ntn/info/123096/info1_29951.html"><TT>http://www.nando.net/newsroom/ntn/info/123096/info1_29951.html</TT></A>
</UL>

<P><B>&quot;Post Office Announces Secure E-Mail.&quot;</B> <I>Boot</I>. March 1997.</P>
<P><B>&quot;SATAN Uncovers High Risk of Web Attack.&quot;</B> S. L. Garfinkel. <I>San
Jose Mercury News</I>. December 19, 1996.

<UL>
	<LI><A HREF="http://www1.sjmercury.com/business/compute/satan1218.htm"><TT>http://www1.sjmercury.com/business/compute/satan1218.htm</TT></A>
</UL>

<P><B>&quot;Secure Your Data: Web Site Attacks On The Rise!&quot;</B><I> </I>Stewart
S. Miller. <I>Information Week</I>. January 29, 1996.</P>
<P><B>&quot;Security and the World Wide Web.&quot;</B> D. I. Dalva. Data Security
Letter. June, 1994.

<UL>
	<LI><A HREF="http://www.ja.net/newsfiles/janinfo/cert/Dalva/WWW_security.html"><TT>http://www.ja.net/newsfiles/janinfo/cert/Dalva/WWW_security.html</TT></A>
</UL>

<P><B>&quot;Security Is Lost in Cyberspace.&quot;</B> <I>News &amp; Observer</I>.
February 21, 1995.

<UL>
	<LI><A HREF="http://www.nando.net/newsroom/ntn/info/other/02219540865.html"><TT>http://www.nando.net/newsroom/ntn/info/other/02219540865.html</TT></A>
</UL>

<P><B>&quot;Statement Before Senate Subcommittee on Governmental Operations.&quot;</B>
June 25, 1996. John Deutch, Director, CIA.</P>
<P><B>&quot;Student's Expulsion Over E-Mail Use Raises Concern.&quot;</B> Amy Harmon.
<I>Los Angeles Times</I>. November 15, 1995.

<UL>
	<LI><A HREF="http://www.caltech.edu/~media/times.html"><TT>http://www.caltech.edu/~media/times.html</TT></A>
</UL>

<P><B>&quot;The First Internet War; The State of Nature and the First Internet War:
Scientology, its Critics, Anarchy, and Law in Cyberspace.&quot;</B> David G. Post.
<I>Reason Magazine</I>. April, 1996.

<UL>
	<LI><A HREF="http://www.cli.org/DPost/X0003_ARTICLE4.html"><TT>http://www.cli.org/DPost/X0003_ARTICLE4.html</TT></A>
</UL>

<P><B>&quot;The Paradox of the Secrecy About Secrecy: The Assumption of A Clear Dichotomy
Between Classified and Unclassified Subject Matter.&quot;</B> Paul Baran. MEMORANDUM
RM-3765-PR; August 1964, On Distributed Communications: IX Security, Secrecy, and
Tamper-Free Considerations. The Rand Corporation.</P>
<P><B>&quot;U.S. Files Appeal in Dismissed Baker Case.&quot;</B> Zachary M. Raimi.
<I>The Michigan Daily</I>. November 22, 1995<I>.</I></P>
<P><B>&quot;What's the Plan? Get a Grip on Improving Security Through a Security
Plan.&quot;</B> Peter Galvin. <I>SunWorld Online</I>. September 1995.

<UL>
	<LI><A HREF="http://www.sun.com/sunworldonline/swol-09-1995/swol-09-security.html"><TT>http://www.sun.com/sunworldonline/swol-09-1995/swol-09-security.html</TT></A>
</UL>

<P><B>&quot;Windows NT Security Questioned: Experts Say Hackers Could Gain Entry
to System.&quot;</B> Stuart J. Johnston (<TT>http://www.informationweek.com</TT>).
CMP Media, <I>Techweb</I>.

<UL>
	<LI><A HREF="http://techweb.cmp.com/iw/610/10iunt.htm"><TT>http://techweb.cmp.com/iw/610/10iunt.htm</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>Tools</B></FONT></H3>
<P>Following is a list of tools. Some of these tools were coded by the establishment
(the legitimate security community). Others were authored by amateur hackers and
crackers.
<H4><FONT COLOR="#000077"><B>Password Crackers</B></FONT></H4>
<P><B>Crack:</B> Cracks UNIX passwords on UNIX platforms.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/ciac/ToolsUNIXNetSec.html"><TT>http://ciac.llnl.gov/ciac/ToolsUNIXNetSec.html</TT></A>
</UL>

<P><B>MacKrack v2.01b1: </B>Cracks UNIX passwords on the MacOS platform.

<UL>
	<LI><A HREF="http://www.borg.com/~docrain/mac-hack.html"><TT>http://www.borg.com/~docrain/mac-hack.html</TT></A>
</UL>

<P><B>CrackerJack: </B>Cracks UNIX passwords on the Microsoft platform.

<UL>
	<LI><A HREF="http://www.fc.net/phrack/under/misc.html"><TT>http://www.fc.net/phrack/under/misc.html</TT></A>
</UL>

<P><B>PaceCrack95: </B>Cracks UNIX passwords on the Windows 95 platform.

<UL>
	<LI><A HREF="http://tms.netrom.com/~cassidy/crack.htm"><TT>http://tms.netrom.com/~cassidy/crack.htm</TT></A>
</UL>

<P><B>Qcrack: </B>Cracks UNIX passwords on DOS, Linux, and Windows platforms.

<UL>
	<LI><A HREF="http://tms.netrom.com/~cassidy/crack.htm"><TT>http://tms.netrom.com/~cassidy/crack.htm</TT></A>
</UL>

<P><B>John the Ripper: </B>Cracks UNIX passwords on the DOS and Linux platforms.

<UL>
	<LI><A HREF="http://tms.netrom.com/~cassidy/crack.htm"><TT>http://tms.netrom.com/~cassidy/crack.htm</TT></A>
</UL>

<P><B>Pcrack (PerlCrack):</B> Cracks UNIX passwords on the UNIX platform.

<UL>
	<LI><A HREF="http://tms.netrom.com/~cassidy/crack.htm"><TT>http://tms.netrom.com/~cassidy/crack.htm</TT></A>
</UL>

<P><B>Hades:</B> This UNIX password cracker is available everywhere. Try the search
string <TT>hades.zip</TT>.</P>
<P><B>Star Cracker: </B>This utility is for the DOS4GW environment. It cracks UNIX
passwords.

<UL>
	<LI><A HREF="http://citus.speednet.com.au/~ramms/"><TT>http://citus.speednet.com.au/~ramms/</TT></A>
</UL>

<P><B>Killer Cracker: </B>Cracks UNIX passwords under UNIX.

<UL>
	<LI><A HREF="http://www.ilf.net/~toast/files/"><TT>http://www.ilf.net/~toast/files/</TT></A>
</UL>

<P><B>Hellfire Cracker: </B>Cracks UNIX passwords on the DOS platform.