{"title":"大型机上的计算机病毒预防和遏制","authors":"G.M. Al-Dossary","doi":"10.1109/CCST.1989.751948","DOIUrl":null,"url":null,"abstract":"A computer virus can be a vicious and insidious form of code. It has the ability to replicate itself, to attach itself to othercode, to spread through a computer system or network, and often to initiate a harmful series of instructions when a \"trigger\"point is reached. Viruses can have a major impact on productivity because of the steadily increasing dependence of industrial, business, and government functions on the availability and integrity of data processing systems. Al though mainframe computers have been the target of virus attacks less often than microcomputers up until now, there is no room for complacency when the stakes are so high. Tne novelty, the technical nature, and the tendency to romanticize this phenomenon, have resulted in a \"black box\" syndrome (\"I don't know what's going on in there.\") and a feeling of overwhelming impotence in the business community. The risk of viruses can be reduced. One approach is to examine the constituentpartsfrom which a virus is composed, and to design a, comprehensive defense which reckons with each of these parts. The protection chain will only be as strong as its weakest link. the author of this paper suggests a classification scheme which is useful in understanding the components of a virus and useful methods for maintaining the integrity of a computer system. This paper outlines basic prevention, detection, and cor rection techniques which are available today to reduce the threat of damages caused by viruses. These include software vaccines\" or filters; encryption, access controlsoftware (eg. RACF, ACF2, and Top Secret); \"test-to-production\" con trol procedures; back-up and recovery procedures; person nel selection and review controls; and physical access control. The concepts presented in this paper conform to the \"Frusted Computer System Evaluation Criteria\" developed by the United States Computer Security Center and use examples from major published virus incidents to illustrate the notice of control weaknesses, The paper concludes that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses. A bibliography is included for further study.","PeriodicalId":288105,"journal":{"name":"Proceedings. International Carnahan Conference on Security Technology","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1989-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Computer virus prevention and containment on mainframes\",\"authors\":\"G.M. Al-Dossary\",\"doi\":\"10.1109/CCST.1989.751948\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A computer virus can be a vicious and insidious form of code. It has the ability to replicate itself, to attach itself to othercode, to spread through a computer system or network, and often to initiate a harmful series of instructions when a \\\"trigger\\\"point is reached. Viruses can have a major impact on productivity because of the steadily increasing dependence of industrial, business, and government functions on the availability and integrity of data processing systems. Al though mainframe computers have been the target of virus attacks less often than microcomputers up until now, there is no room for complacency when the stakes are so high. Tne novelty, the technical nature, and the tendency to romanticize this phenomenon, have resulted in a \\\"black box\\\" syndrome (\\\"I don't know what's going on in there.\\\") and a feeling of overwhelming impotence in the business community. The risk of viruses can be reduced. One approach is to examine the constituentpartsfrom which a virus is composed, and to design a, comprehensive defense which reckons with each of these parts. The protection chain will only be as strong as its weakest link. the author of this paper suggests a classification scheme which is useful in understanding the components of a virus and useful methods for maintaining the integrity of a computer system. This paper outlines basic prevention, detection, and cor rection techniques which are available today to reduce the threat of damages caused by viruses. These include software vaccines\\\" or filters; encryption, access controlsoftware (eg. RACF, ACF2, and Top Secret); \\\"test-to-production\\\" con trol procedures; back-up and recovery procedures; person nel selection and review controls; and physical access control. The concepts presented in this paper conform to the \\\"Frusted Computer System Evaluation Criteria\\\" developed by the United States Computer Security Center and use examples from major published virus incidents to illustrate the notice of control weaknesses, The paper concludes that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses. A bibliography is included for further study.\",\"PeriodicalId\":288105,\"journal\":{\"name\":\"Proceedings. International Carnahan Conference on Security Technology\",\"volume\":\"113 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1989-10-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. International Carnahan Conference on Security Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.1989.751948\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.1989.751948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Computer virus prevention and containment on mainframes
A computer virus can be a vicious and insidious form of code. It has the ability to replicate itself, to attach itself to othercode, to spread through a computer system or network, and often to initiate a harmful series of instructions when a "trigger"point is reached. Viruses can have a major impact on productivity because of the steadily increasing dependence of industrial, business, and government functions on the availability and integrity of data processing systems. Al though mainframe computers have been the target of virus attacks less often than microcomputers up until now, there is no room for complacency when the stakes are so high. Tne novelty, the technical nature, and the tendency to romanticize this phenomenon, have resulted in a "black box" syndrome ("I don't know what's going on in there.") and a feeling of overwhelming impotence in the business community. The risk of viruses can be reduced. One approach is to examine the constituentpartsfrom which a virus is composed, and to design a, comprehensive defense which reckons with each of these parts. The protection chain will only be as strong as its weakest link. the author of this paper suggests a classification scheme which is useful in understanding the components of a virus and useful methods for maintaining the integrity of a computer system. This paper outlines basic prevention, detection, and cor rection techniques which are available today to reduce the threat of damages caused by viruses. These include software vaccines" or filters; encryption, access controlsoftware (eg. RACF, ACF2, and Top Secret); "test-to-production" con trol procedures; back-up and recovery procedures; person nel selection and review controls; and physical access control. The concepts presented in this paper conform to the "Frusted Computer System Evaluation Criteria" developed by the United States Computer Security Center and use examples from major published virus incidents to illustrate the notice of control weaknesses, The paper concludes that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses. A bibliography is included for further study.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
