Secure system development in industry: a perspective from Digital Equipment

Three types of threat to computer and network security, namely user irresponsibility, probing, and penetration, are examined and their implications for product development are assessed. These implications are compared to the US Trusted Computer System Evaluation Criteria, with the finding that systems of evaluation class C2 are required throughout the customer base of a large commercial manufacturer. Enhancement of the security of such systems to class B1 is found to be both practical and useful to customers in both the national security and commercial sectors. The longer-term prospects for systems at higher evaluation classes are also examined. In the area of network security, the requirements of local and long-haul networks are examined, and roles of link and end-to-end encryption products characterized. The prospects for general commercial network security products and their relationship to national security requirements are examined