Security Controls for Computer Systems.
HISTORICAL DOCUMENT UP on RAND SITE Mon, 12 Jun 2000
From: "Willis H. Ware" @rand.org
The Ware Report The direct URL to the document itself and to the historical introduction
In the late 60s I chaired a Defense Science Board Committee that produced a document: Security Controls for Computer Systems. Classified for 9 years, it was declassified and republished by RAND in 1979 [R-609-1]. Courtesy of John Young, the document was scanned and converted to HTML format.
In addition to the full document with all figures and appendices, I wrote a historical introduction for it. Both are up on the RAND web page.
This document launched computer security within the DoD and ultimately, elswhere because it was widely distributed; it has the gracious nickname of "Ware report". It is still very readable, very timely, and suffers only from not being in tune with the contemporary technology (which of course the committee could not anticipate). Even so, the document's Figure 3 held true for quite a long time -- in general, until networking became a major thrust.
Of particular interest to computer scientists would be the appendices which collectively define a meta-structure and meta-language for specifying access controls that would have implemented the system that governed access to classified systems -- as it then existed. This work was done by Arthur A. Bushkin (who had just finished at MIT and was resident at RAND part of the time) supported by Robert M. Balzer.
RAND Classics Page (which also contains Paul Baran's document series on Distributed Communications and other early RAND historical items)