An NSA team presented at NISSC98 in October "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments:" http://jya.com/paperF1.htm (62K) Abstract Although public awareness of the need for security in computing systems is growing rapidly, current efforts to provide security are unlikely to succeed. Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. In reality, the need for secure operating systems is growing in today’s computing environment due to substantial increases in connectivity and data sharing. The goal of this paper is to motivate a renewed interest in secure operating systems so that future security efforts may build on a solid foundation. This paper identifies several secure operating system features which are lacking in mainstream operating systems, argues that these features are necessary to adequately protect general application-space security mechanisms, and provides concrete examples of how current security solutions are critically dependent on these features. Keywords: secure operating systems, mandatory security, trusted path, Java, Kerberos, IPSEC, SSL, firewalls. ----- The paper advocates greater research on vulnerabilities of operating systems which allow malicious attackers to circumvent application-level security, including cryptographic protection. Ways to get around hardware and software crypto are outlined. Covert channels are a prime concern, as well as benign use inadverdently allowing malicious intrusion. An extensive list of references trace the twenty-five year history of OS flaws and examine why so little has been done to correct known deficiencies which undermine seemingly unbreachable applications. Readings about DTOS, Fluke, Flash and other developments of the NSA-sponsored Synergy program are illuminating. The recent republication of early compsec documents by CSRC is appropriate to this topic, particularly, "Subversion: The Neglected Aspect of Computer Security," by Philip Myer, June 1980, a thesis at NPS: http://csrc.nist.gov/publications/history/myer80.pdf Not that NSA would ever exploit OS weaknesses not warned about. ----- Thanks to JM/RH for pointing to the NISSC papers.