Recently the FBI cited computer crime as the fastest growing

          form of larceny in the United States.   Sensational  cases  range

          from  hackers  who  break  into  systems  for  the  challenge  to

          criminals who rob banks through the telephone lines.  The  myriad

          of  terminals  and personal computers armed  with  communications

          capabilities  pose  a  grave  threat  to  the  security  of   any

          organization's databanks  and  programs.   To  counter  potential

          trepassers some advocate that greater  use  should be made of the

          mechanisms  available, such as call-back telephone acess  control

          devices, secure operating  systems  linked  to databased systems,

          and greater use of encryption.   However,  others  maintain  that

          management  policies  and controls may be  better  deterrents  to

          computer crime than increased mechanization.


               The President's Council on Integrity and Efficiency reported

          that all of the 172 documented cases of computer crime in civlian

                                                                  1
          agencies  between  1978  and  1982  were  in-house jobs.    Forty

          percent of these cases involved fraud, such  as theft of cash and

          diversion of assets, and other abuses, such as stealing  computer

          time  for  outside  entertainment.   In these cases  most  gained

          access by merely  manipulating  databases.  The other 60 percent,

          using programming and encryption knowledge, designed illegitemate

          ----------

          1.  Berney,   Karen,"Washington   Takes   on   Computer   Crime,"
          Electronics, Nov.  17,1983, p.102.
          ___________



                                        - 1 -










          software.


               In terms of private industry,Robert Courtney, an independent

          consultant  in  data-systems management, estimates that  only  10

                                                     2
          percent of all such incidents are reported.   One  reason is that

          often unauthorized tamperings  are  difficult  to discover.  More

          often, however, most corporations fear  that  the  disclosure  of

          computer-related losses will undermine investor confidence.





          0.1 Security Mechanisms
          _______________________



               Computer crime often stems from the common failure  to  make

          full use of security resources  available.   To  achieve  optimum

          efficiency  security  features  should  be designed in  from  the

          start.  For example, the installment  of  audit  trails  will  be

          necessary to  track violators and their violations.  Generally, a

          secure operating system with direct hardware support coupled with

          communications  and  databased  systems   represents   the   best

          deterrent to unauthorized tampering.



          0.1.1 Secure Operating System Features


               Many secure  operating  systems  are based on the use of the

          security   kernel.    "A   security    kernel    seperates    the
          security   kernel.

          ----------

          2. Berney, p.102.



                                        - 2 -










          security-relevant functions  of  the  operating  system  from its

          other functions to create a smaller  and  less  complex  security

                3
          mode."   Security kernels are based on B.W. Lampson's concept  of

          a "reference  monitor"  which  acts  as  an  agent  checking  the

          legality of  every  reference  by a subject to an object, another

                                     4
          name for  data  structures.    Isolated  from  the  rest  of  the

          operating system, the  reference  monitor mediates every acess to

          protected data.


               Thus, if the  security  kernel is properly