Subversion as a Threat in Information Warfare

ABSTRACT

As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the absence of a malicious artifice. A constructive system engineering technique to mitigate the subversion threat is identified.


AUTHORS

Lieutenant Commander in the United States Navy

Emory A. Anderson is a Lieutenant Commander in the United States Navy currently assigned in an Information Assurance role at the Space and Naval Warfare System Center in Charleston, SC. He has served as a Trusted Product Evaluator during which he participated as a team member on the Windows NT 4.0 C2 evaluation and worked on numerous Common Criteria (ISO 15408) Protection Profiles and Security Targets. Other assignments include work in computer network defense and forensics, and information assurance and public key infrastructure policy for the Department of the Navy. He is a member of the Institute of Electrical and Electronics Engineers, and the Association for Computing Machinery.

Director, Center for Information System Security Studies and Research (CISR);
Associate Professor, Department of Computer Science, Naval Postgraduate School, Monterey, California
USA

Cynthia E. Irvine is an Associate Professor of Computer Science at the Naval Postgraduate School and Director of the Center for Information System Security Studies and Research (CISR). She has spent the past 16 years developing theory for, design, implementation, and analysis of high assurance secure systems. She has developed security aware applications for high assurance systems and currently leading the development of separation kernel intended for EAL7 evaluation. She has authored over 70 papers in the area of trusted computing. Dr. Irvine is a senior member of the IEEE, a member of the Association for Computing Machinery, the American Astronomical Society and a Life Member of the Astronomical Society of the Pacific.

Co-founder and President of Aesec Corporation

Roger R. Schell is co-founder and President of Aesec Corporation, a new company focused on verifiably secure platforms for secure, reliable e-business. At Novell he led their Class C2 network evaluation, managed development of product security, and holds patents in cryptography and authentication. He was VP for Engineering at Gemini Computers where he developed their highly secure (Class A1) commercial product. He was the founding Deputy Director of the DoD (now National) Computer Security Center. Dr. Schell has more than 60 publications, and was Associate Professor of Computer Science at the Naval Postgraduate School. The NIST and NSA recognized him with the National Computer System Security Award.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com