%%% -*-BibTeX-*- %%% ==================================================================== %%% BibTeX-file{ %%% author = "Jeremy Epstein", %%% version = "1.05", %%% date = "26 October 2010", %%% time = "14:54:47 MDT", %%% filename = "epstein.bib", %%% address = "TRW Systems Division %%% 1 Federal Systems Park Drive %%% Fairfax, VA 22033 %%% USA", %%% telephone = "+1 703 803 4947", %%% checksum = "24168 343 1546 13512", %%% email = "epstein at trwacs.fp.trw.com (Internet)", %%% codetable = "ISO/ASCII", %%% keywords = "bibliography, X Window System, security", %%% license = "public domain", %%% supported = "no", %%% docstring = "This is a bibliography of Windowing Systems %%% and Security, originally published in The X %%% Resource, 4(1), 103--108, Fall 1992. %%% %%% The checksum field above contains a CRC-16 %%% checksum as the first value, followed by the %%% equivalent of the standard UNIX wc (word %%% count) utility output of lines, words, and %%% characters. This is produced by Robert %%% Solovay's checksum utility.", %%% } %%% ==================================================================== @Preamble{"\input path.sty"} @TechReport{Bellcore:GRX92, author = "Bellcore", title = "Generic Requirements for {X} {Window} {System} Security", institution = "Framework Technical Advisory", number = "FA-STS-991324", month = jun # " 30", year = "1992", note = "Describes some of the problems associated with X in a commercial environment, and specifies solutions including Kerberos. Also talks about auditing in X.", } @TechReport{Boeing:XWE88, author = "Boeing", title = "{X} Windows Enhancements", institution = "Boeing", number = "Software Technology for Adaptable Reliable Systems (STARS), Technical Report QTASK 13", month = dec # " 23", year = "1988", note = "Probes issues in moving X from being written in C to being written in Ada and some security enhancements that could be made to the X server.", } @InProceedings{Carson:XMW90, author = "Mark Carson and Janet Cugini", title = "An {X11}-based {Multilevel} {Window} {System} Architecture", booktitle = "Proceedings of the Autumn 1990 EUUG Technical Conference", address = "Nice, France", year = "1990", note = "A preliminary architecture of the X portion of IBM's CMW.", } @InProceedings{Carson:SWS89, author = "Mark {Carson, et. al.}", title = "Secure Window Systems for {UNIX}", booktitle = "Proceedings of the USENIX Winter 1989 Conference", address = "San Diego, CA, USA", month = jan, year = "1989", note = "An architecture for a CMW based on Trusted XENIX and a text-based windowing system. Also mentions some X related issues.", } @InProceedings{Epstein:TXW90, author = "Jeremy Epstein and Marvin Shugerman", title = "A {Trusted} {X} {Window} {System} Server for {Trusted} {Mach}", booktitle = "Proceedings of the USENIX Mach Conference", address = "Burlington, VT, USA", month = oct, year = "1990", note = "This paper describes the initial architecture of the Trusted X Window System prototype developed at TRW. This paper was superseded by the paper at the Seventh Annual Computer Security Applications Conference \cite{Epstein:PBT91}.", } @InProceedings{Epstein:PTX90, author = "Jeremy Epstein", title = "A Prototype for {Trusted} {X} Labeling Policies", booktitle = "Proceedings of the Sixth Annual Computer Security Applications Conference", address = "Tucson, AZ, USA", month = dec, year = "1990", note = "A discussion of visible labeling issues, not specific to X, but applicable to any windowing environment.", } @InProceedings{Epstein:TXI91, author = "Jeremy Epstein and Jeffrey Picciotto", title = "Trusting {X}: Issues in Building {Trusted} {X} Window Systems -or- What's not Trusted About {X}?", booktitle = "Proceedings of the 14th Annual National Computer Security Conference", address = "Washington, DC, USA", month = oct, year = "1991", note = "A survey of the issues involved in building trusted X systems, especially of the multi-level secure variety.", } @Article{Epstein:IBT91, author = "Jeremy Epstein and Jeffrey Picciotto", title = "Issues in Building {Trusted} {X} {Window} {Systems}", journal = "The X Resource", volume = "1", number = "1", month = "Fall", year = "1991", note = "A revision of the previous paper \cite{Epstein:TXI91}, aimed at an audience which is X literate, but security ignorant.", } @InProceedings{Epstein:PBT91, author = "Jeremy {Epstein, et. al.}", title = "A Prototype {B3} {Trusted} {X} {Window} {System}", booktitle = "Proceedings of the Seventh Annual Computer Security Applications Conference", address = "San Antonio, TX, USA", month = dec, year = "1991", note = "The architecture for TRW's high assurance multi-level secure X prototype.", } @InProceedings{Epstein:ETB92, author = "Jeremy {Epstein, et. al.}", title = "Evolution of a {Trusted} {B3} {Window} {System} Prototype", booktitle = "Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy", address = "Oakland, CA, USA", month = may, year = "1992", note = "The history of the design and tradeoffs taken in TRW's prototype.", } @InProceedings{Faden:RCR91, author = "Glenn Faden", title = "Reconciling {CMW} Requirements with Those of {X11} Applications", booktitle = "Proceedings of the 14th Annual National Computer Security Conference", address = "Washington, DC, USA", month = oct, year = "1991", note = "Architecture of the windowing portion of Sun's CMW.", } @TechReport{Graubart:CMW91, author = "R. D. Graubart and J. L. Berger and J. P. L. Woodward", title = "Compartmented Mode, Workstation Evaluation Criteria, Version 1", number = "MTR 10953 (also published by the Defense Intelligence Agency as document DDS-2600-6243-91)", institution = "The MITRE Corporation", address = "Bedford, MA, USA", month = jun, year = "1991", note = "Revised requirements for the CMW, including a description of what they expect for Trusted X.", } @TechReport{Khera:SXW90, author = "Vivek Khera", title = "The Secure {X} Window Server", institution = "Microelectronics Center of North Carolina", number = "TR90-54", year = "1990", note = "Description of Khera's Kerberized X Window Server developed at MCNC. Also discusses security of X in general. Available via anonymous ftp from \path|cs.duke.edu:dist/papers/khera|.", } @InProceedings{Kurak:CNI92, author = "Charles Kurak and John McHugh", title = "A Cautionary Note on Image Downgrading", booktitle = "Proceedings of the Eighth Annual Computer Security Applications Conference", address = "San Antonio, TX, USA", month = dec, year = "1992", note = "A discussion of problems involved in viewing images, particularly as it applies to multi-level windowing.", } @InProceedings{McIlroy:MWS88, author = "D. McIlroy and J. Reeds", title = "Multilevel Windows on a Single-level Terminal", booktitle = "Proceedings of the (First) USENIX Security Workshop", address = "Portland, OR, USA", month = aug, year = "1988", note = "Describes a prototype of modifications to the Teletype 5620 and driving software to allow multi-level windows. Also explains some of the limitations of the method.", } @InProceedings{Pascale:VWS92, author = "Rita Pascale and Jeremy Epstein", title = "Virtual Window Systems: {A} New Approach to Supporting Concurrent Heterogeneous Windowing Systems", booktitle = "Proceedings of the USENIX Summer 1992 Conference", address = "San Antonio, TX, USA", month = jul, year = "1992", note = "A generalization of TRW's prototype to non-security applications.", } @InProceedings{Picciotto:TTC91, author = "Jeffrey Picciotto", title = "Towards Trusted Cut and Paste in the {X} {Window} {System}", booktitle = "Proceedings of the Seventh Annual Computer Security Applications Conference", address = "San Antonio, TX, USA", month = dec, year = "1991", note = "A discussion of the security problems associated with cut and paste in multi-level secure versions of X.", } @TechReport{Picciotto:TXW90, author = "Jeffrey Picciotto", title = "{Trusted} {X} {Window} {System}", number = "MTP 288", institution = "The MITRE Corporation", month = feb, year = "1990", note = "A detailed explanation of MITRE's CMW prototype.", } @InProceedings{Picciotto:CTX92, author = "Jeffrey Picciotto and Jeremy Epstein", title = "A Comparison of {Trusted} {X} Security Policies, Architectures, and Interoperability", booktitle = "Proceedings of the Eighth Annual Computer Security Applications Conference", address = "San Antonio, TX, USA", month = dec, year = "1992", note = "A survey of interoperability issues among CMWs and the TRW prototype.", } @Unpublished{Rosenthal:LLI92, author = "David S. H. Rosenthal", title = "{LInX}---a {Less} {IN}secure {X} Server ({Sun} {Microsystems} unpublished draft)", year = "1992", note = "An early architecture for Sun's CMW.", } @Unpublished{Rosenthal:XWS92, author = "David S. H. Rosenthal", title = "{X} Window Security System", year = "1992", note = "US patent 5,073,922, Describes implementation of LInX.", } @InProceedings{Smith:TPF92, author = "Mark Smith", title = "Towards a Policy-Free Protocol Supporting a Secure {X} {Window} {System}", booktitle = "Proceedings of the 15th Annual National Computer Security Conference", address = "Baltimore, MD, USA", month = oct, year = "1992", note = "A concept for improving interoperability among Trusted X systems by separating the security policy from the system implementation, thus allowing pluggable security policies.", } @Article{Sheldrick:SXW92, author = "Dennis Sheldrick", title = "Security and the {X} {Window} {System}", journal = "UNIX World", month = jan, year = "1992", note = "A discussion of some of the security features in X, and threats to X.", } @InProceedings{Smith-Thomas:SML89, author = "Barbara Smith-Thomas", title = "Secure Multi-Level Windowing in a {B1} Certifiable Secure {UNIX} Operating System", booktitle = "Proceedings of the USENIX Winter 1989 Conference", address = "San Diego, CA, USA", month = jan, year = "1989", note = "Describes the architecture of the multi-level version of the AT\&T 630 graphics terminal. This terminal was evaluated as part of AT\&T System V/MLS, which received a B1 rating.", } @TechReport{Woodward:SRS87, author = "J. P. L. Woodward", title = "Security Requirements for System High and Compartmented Mode Workstations", number = "MTR 9992, Revision 1 (also published by the Defense Intelligence Agency as document DDS-2600-5502-87)", institution = "The MITRE Corporation", address = "Bedford, MA, USA", month = nov, year = "1987", note = "The original requirements for the CMW, including a description of what they expect for Trusted X.", }