|
|
|
|
|
|
by dwheeler
3425 days ago
|
|
|
I don't think Ken Thompson meant to omit the names of Paul Karger and Roger Schell. At the time it was often extremely difficult to find a paper unless you already knew where it was. Whereas today you can do a search and instantly find it and read it: "Multics Security Evaluation: Vulnerability Analysis" by Paul A. Karger and Roger R. Schell, June 1974, http://seclab.cs.ucdavis.edu/projects/history/papers/karg74.... I've had trouble finding some of the earlier work on high-security SCM; I do reference what I found. If you find something important I'm missing, send me an email: https://www.dwheeler.com/contactme.html |
|
|
http://www.dtic.mil/dtic/tr/fulltext/u2/650214.pdf
https://www.computer.org/csdl/proceedings/afips/1967/5069/00...
First is a retrospect on original document. It referenced accounting procedures for the artifacts. Makes sense they'd look at it from accounting standpoint as that's what they did with other things. Ware Report did that, too, for early INFOSEC. Lacking details from manual, I found a follow-up in 1967 that describes key details on p4 under procedural data esp concerning changes. Sounds like an early form of SCM security. I'll have to try to find the computerized one later on as I have a feeling it independently happened in mainframes or minicomputers outside INFOSEC field.
Btw, your link to Zeigenhagen was dead when I tried it. DTIC to the rescue:
http://www.dtic.mil/dtic/tr/fulltext/u2/a417577.pdf