|
Читайте также: |
245. J.K. Millen and R. Wright. Certificate revocation the responsible way. In Proceedings of a workshop on Computer Security, Dependability, and Assurance (CSDA '98): From Needs to Solutions workshop, 1998. http://www.csl.sri.com/~millen/papers/needs.ps.
246. J.K. Millen and R. Wright. Reasoning about trust and insurance in a public-key infrastructure. In Proceedings of the Computer Security Foundations Workshop, Cambridge, England, July 2000. http://www.csl.sri.com/~millen/papers/insurance.ps.
247. Model Curricula for Information Systems Auditing at the Undergraduate and Graduate Level. - ISACA 2000.
248. R. Morris and K. Thompson. Password security: A case history. Communications of the ACM, 22(11) 594-597, November 1979.
249. R.T. Morris. Computer science technical report 117. Technical report, AT&T Bell Laboratories, Murray Hill, New Jersey, 25 February 1985.
250. L. Moser, P.M. Melliar-Smith, and R. Schwartz. Design verification of SIFT Contractor Report 4097, NASA Langley Research Centre, Hampton, VA, September 1987.
251. NASA Langley Research Centre. Formal Methods Specification and Verification, Vol.1. NASA, June 1995.
252. NASA Langley Research Centre. Formal Methods Specification and Verification, Vol. II. NASA Fall 1995.
253. NATO. Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000.
254. NCSC. Trusted Network Interpretation Environments Guideline. National Computer Security Centre, 1 August 1990. NCSC-TG-011 Version-1.
255. NCSC. Trusted Network Interpretation (TNI). National Computer Security Centre, 31 July 1987. NCSC-TG-005, Version-1, Red Book.
256. NCSC. Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria (TDI). National Computer Security Centre April 1991. NCSC-TG-021, Version-2, Lavender Book.
257. NCSC. Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). National Computer Security Centre, December 1985. DOD-5200.28-STD, Orange Book.
258. NCSC. Guidance for Applying the Trusted Computer System Evaluation Criteria in Specific Environments. National Computer Security Centre, June 1985. CSC-STD-003-85, Yellow Book.
Литература 375
259. G.C. Necula Compiling with Proofs. PhD thesis, Computer Science Department, Carnegie-Mellon University, 1998.
260. P.G. Neumann. On hierarchical design of computer systems for critical applications. IEEE Transactions on Software Engineering, SE-12(9), September 1986. Reprinted in Rein Turn (ed.), Advances in Computer System Security, Vol. 3, Artech House, Dedham, Massachusetts, 1988.
261. P.G. Neumann. On the design of dependable computer systems for critical applications. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California October 1990. CSL Technical Report CSL-90-10.
262. P.G. Neumann. Can systems be trustworthy with software-implemented crypto? Technical report, Final Report, Project 6402, SRI International, Menlo Park, California October 1994. For Official Use Only, NOFORN.
263. P.G. Neumann. Computer-Related Risks. ACM Press, New York, and Addison-Wesley, Reading, Massachusetts, 1994. ISBN 0-201-55805-X.
264. P.G. Neumann. Architectures and formal representations for secure systems. Technical report, Final Report, Project 6401, SRI International, Menlo Park, California October 1995. CSL report 96-05.
265. P.G. Neumann. Illustrative risks to the public in the use of computer systems and related technology, index to RISKS cases. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California 2000. The most recent version is available on-line at ftp://ftp.csl.sri.com/pub/users/neumann/illustrative.ps, ftp://ftp.csl.sri.com/pub/users/neumann/illustrative.pdf. and in html form for browsing at http://www.csl.sri.com/neumann/illustrative.html.
266. P.G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson. A Provably Secure Operating System: The system, its applications, and proofs. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California May 1980. 2nd ed., Report CSL-116.
267. P.G. Neumann, J. Goldberg, K.N. Levitt, and J.H. Wensley. A study of fault-tolerant computing. Final report for ARPA, AD 766 974, Stanford Research Institute, Menlo Park, СA July 1973.
268. P.G. Neumann and L. Lamport. Highly dependable distributed systems. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California June 1983. Final Report, Contract No. DAEA18-81-G-0062, for U.S. Army CECOM.
269. P.G. Neumann, N.E. Proctor, and T.F. Lunt. Preventing security misuse in distributed systems. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California June 1992.
270. P.G. Neumann. Practical Architectures for Survivable Systems and Networks (Phase-Two Final Report), Computer Science Laboratory, SRI International, Menlo Park, California June 2000.
271. D.B. Parker. Fighting Computer Crime. John Wiley & Sons, New York, 1998.
272. J. Paul. Bugs in the program. Technical report, Report by the Subcommittee on Investigations and Oversight of the Committee on Science, Space and Technology, U.S. House of Representatives, 1990.
273. R. Perlman. Network Layer Protocols with Byzantine Robustness. PhD thesis, MIT, Cambridge, Massachusetts, 1988.
274. S.A Petrenko. Audit information security // International Workshop. Information Management. Mathematical Models of business processes. School of Management, St. Petersburg State University, Russia, June 28-29, 2001, pp. 150-172.
275. H. Petroski. To Engineer is Human: The Role of Failure in Successful Design. St. Martin's Press, New York, 1985.
276. H. Petroski. Design Paradigms: Case Histories of Error and Judgement in Engineering. Cambridge University Press, Cambridge, England, 1994.
277. C.P. Pfleeger. Security in Computing. Prentice-Hall, Englewood Cliffs, New Jersey, 1996. Second edition.
278. S.L. Pfleeger. Software Engineering: Theory and Practice. Prentice-Hall, Englewood Cliffs, New Jersey, 1998.
279. P.A Porras. STAT: A State Transition Analysis Tool for intrusion detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, July 1992.
280. P.A Porras and P.G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the Nineteenth National Computer Security Conference, pages 353-365, Baltimore, Maryland, 22-25 October 1997. NIST/NCSC.
281. P.A Porras and A Valdes. Live traffic analysis of TCP/IP gateways. In Proceedings of the Symposium on Network and Distributed System Security. Internet Society, March 1998.
282. D. Prasad. Dependable Systems Integration Using the Theories of Measurement and Decision Analysis. PhD thesis, Department of Computer Science, University of York, August 1998.
283. D. Prasad and J. McDermid. Dependability evaluation using a multi-criteria decision analysis procedure. In To appear, 1999.
284. Preparing for BS 7799 certification. DISC PD 3001, 1998.
285. Principles of good practice for information management. DISC PD 0010, 1995.
286. N.E. Proctor. The restricted access processor: An example of formal verification. In Proceedings of the 1985 Symposium on Security and Privacy, pages 49-55, Oakland, CA April 1985. IEEE Computer Society.
287. B. Randell. System design and structuring. Computer Journal, 29(4):300-306, 1986.
288. B. Randell and J.E. Dobson. Reliability and security issues in distributed computing systems. In Proceedings of the Fifth Symposium on Reliability in Distributed Software and Database Systems, Los Angeles, California, January 1986.
289. B. Randell, J.-C. Laprie, H. Kopetz, and B. Littlewood, editors. Predictably Dependable Computing Systems. Basic Research Series. Springer-Verlag, Berlin, 1995.
290. T.R.N. Rao. Error-Control Coding for Computer Systems. Prentice-Hall, Englewood Cliffs, New Jersey, 1989.
291. Risk Management Guide for Information Technology Systems, NIST, Special Publication 800-30.
292. Risk Matrix http://www.mitre.org/resources/centers/sepo/risk/risk_matrix.htlm
293. R. Rowlingson. The convergence of military and civil approaches to information security. In Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000. NATO.
294. M. Salois and R. Charpentier. Dynamic detection of malicious code in COTS software. In Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000. NATO.
295. C. Salter, O.S. Saydjari, B. Schneier, and J. Wallner. Toward a secure system engineering methodology. In New Security Paradigms Workshop, September 1998. http://www.counterpane.com/secure-methodology.html.
296. F.B. Schneider. Open source in security: Visiting the bizarre. In Proceedings of the 2000 Symposium on Security and Privacy, pageS126-127, Oakland, California, May 2000. IEEE Computer Society.
297. F.B. Schneider and M. Blumenthal, editor. Trust in Cyberspace. National Research Council, National Academy Press, 2101 Constitution Ave., Washington, D.C. 20418, 1998. Final report of the National Research Council Committee on Information Trustworthiness.
298. N. Schneidewind. The ruthless pursuit of the truth about COTS. In Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000. NATO.
299. B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C: Second Edition. John Wiley & Sons, New York, 1996.
300. B. Schneier. Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, New York, 2000.
301. M.D. Schroeder and J.H. Saltzer. A hardware architecture for implementing protection risks. Communications of the ACM, 15(3), March 1972.
302. Kevin J. Soo Hoo. How Much Is Enough? A Risk-Management Approach to Computer Security. Consortium for Research on Information Security and Policy (CRISP), School of Engineering, Stanford University, June 2000. Working Paper.
303. Standards for Information Systems Auditing. - ISACA Standards, 2000.
304. Standards for Information Systems Control Professionals. - ISACA Standards, 2000.
305. D.E. Stevenson. Validation and verification methodologies for large-scale simulations: There are no silver hammers, either. IEEE Computational Science and Engineering, 1998.
306. D.W.J. Stringer-Calvert. Mechanical Verification of Compiler Correctness. PhD thesis, Department of Computer Science, University of York, 1998.
307. К. Sullivan, J.C. Knight, X. Du, and S. Geist. Information survivability control systems. In Proceedings of the 1999 International Conference on Software Engineering (ICSE), 1999.
308. J.T. Trostle. Timing attacks against trusted path. In Proceedings of the 1998 Symposium on Security and Privacy, Oakland, California, May 1998. IEEE Computer Society.
309. UK-MoD. Interim Defence Standard 00-55, The Procurement of Safety-Critical Software in Defence Equipment. U.K. Ministry of Defence, 5 April 1991. DefStan 00-55; Part 1, Issue 1: Requirements; Part 2, Issue 1: Guidance.
310. UK-MoD. Interim Defence Standard 00-56, Hazard Analysis and Safety Classification of the Computer and Programmable Electronic System Elements of Defence Equipment. U.K. Ministry of Defence, 5 April 1991. DefStan 00-56.
311. US-Senate. Security in Cyberspace. U.S. Senate Permanent Subcommittee on Investigations of the Senate Committee on Governmental Affairs, Hearings, S. Hrg. 104-701, June 1996. ISBN 0-16-053913-7.
312. M. Vidger and J. Dean. Maintaining COTS-based systems. In Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000. NATO.
313. J.M. Voas and G. McGraw. Software Fault Injection: Inoculating Programs Against Errors. John Wiley & Sons, New York, 1998.
314. D.S. Wallach. A New Approach to Mobile Code Security. PhD thesis, Computer Science Department, Princeton University, January 1999. http://www.cs.rice.edu/~dwallach/.
315. D.S. Wallach and E.W. Felten. Understanding Java stack inspection. In Proceedings of the 1998 Symposium on Security and Privacy, Oakland, California, May 1998. IEEE Computer Society.
316. W.H. Ware. Security controls for computer systems. Technical report, RAND report for the Defence Science Board, 1970. Now on-line at http://cryptome.org/ sccs.htm.
317. W.H. Ware. A retrospective of the criteria movement. In Proceedings of the Eighteenth National Information Systems Security Conference, pages 582-588, Baltimore, Maryland, 10-13 October 1995. NIST/NCSC.
318. J.H. Wensley et al. Design study of software-implemented fault-tolerance (SIFT) computer. NASA contractor report 3011, Computer Science Laboratory, SRI International, Menlo Park, California, June 1982.
319. Anne Marie Willhite Systems Engineering at MITRE Risk Management MP96B0000120, Rl September 1998. http://www.mitre.org/resources/centers/ sepo/risk/sys_eng_mitre.html.
320. R. Witty. The Role of the Chief Information Security Officer. Research Note, Gartner Research, Strategic Planning, SPA-13-2933, April 2001.
321. R. Witty, J. Dubiel, J. Girard, J. Graff, A. Hallawell, B. Hildreth, N. MacDonald, W. Malik, J. Pescatore, M. Reynolds, K. Russell, A Weintraub, V. Wheatman. The Price of Information Security. Gartner Research, Strategic Analysis Report, K-l1-6534, June 2001.
322. I. White. Wrapping the COTS dilemma In Proceedings of the NATO Conference on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, Brussels, Belgium, April 2000. NATO.
323. C.C. Wood. Information Security Policies Made Easy [a book of 1000+ already-written policies provided in both hardcopy and CD-ROM], AND in it's 7th edition, 1999; Publisher: Pentasafe Security Technologies, Inc., Sausalito, СA USA ISBN#l-881585-06-9.
324. C.C. Wood. Best Practices in Internet Commerce Security [derived from a survey of Internet merchants, Internet service providers (ISPs), Internet commerce hosting firms, Internet Trusted Third Parties (TTPs), and Internet commerce software vendors], 1998; Publisher: Pentasafe Security Technologies, Inc., Sausalito, СA USA; ISBN#1-881585-05-0.
325. C.C. Wood. How to Handle Internet Electronic Commerce Security: Risks, Controls & Product Guide [a guide for the design and specification of Internet security measures], released in 1996; Publisher: Pentasafe Security Technologies, Inc., Sausalito, CA, USA ISBN#l-881585-03-4.
326. C.C. Wood Effective Information Security Management [a book of tools and techniques for dealing with information security problems], 1991; Publisher: Elsevier Advanced Technology, Oxford, England; ISBN#l-85617-070-5.
327. C.C. Wood. Computer Security: A Comprehensive Controls Checklist [a book detailing standard control practices — particularly useful for audits and reviews], 1987; Publisher: John Wiley & Sons, New York, NY, USA ISBN#0-471-84795-X.
Дата добавления: 2015-09-02; просмотров: 49 | Нарушение авторских прав
| <== предыдущая страница | | | следующая страница ==> |
| Тенденции развития 12 страница | | | Ресурсы Internet |