Database Reference
In-Depth Information
The first multi-user computing machines, which arrived at MIT in 1962, began to raise security concerns by 1967,
mainly regarding the protection of one user's process from another, as described by Bernard Peters of the NSA. Peters'
paper was a seminal requirements document for much of what followed in computer security and is available at the
following URL:
http://bit.ly/16n1SZM
Concurrently, at MIT a debate was raging. Richard Greenblatt disagreed with the need for stringent security
controls in the new MIT multi-user OS, MULTICS (predecessor of UNIX). His team preferred a less controlled, more
creative environment without incessant restrictions such as entering passwords. This point in time is credited as the
start of “hacker” culture, later extended by Richard Stallman's rejection of controls that limited users' freedoms, and
resulted in the founding of the GPL that protected those freedoms.
There is still legitimate debate as to whether security measures that limit and hide information from users are as
effective as other measures that introduce visibility and accountability to a system. Folks interested in full disclosure
often refer to the famous quote by the American lock designer A.C. Hobbs, who believed safe designs should not be
too secret:
“It cannot be too earnestly urged that an acquaintance with real facts will, in the end, be better for
all parties.”
However, increased public network access to multi-user machines and requirements from military sponsors
necessitated greater security and secrecy controls, which were implemented by SDC for the military in the ADEPT-50
system, as documented by Clark Weissman in 1969. You can read Weissman's paper at the following URL:
http://bit.ly/1436OvH
These early security implementations later fed into the seminal Rainbow Series of topics by MITRE, which laid
the foundation for information security practice and can be read freely at this URL:
http://www.fas.org/irp/nsa/rainbow.htm
In the 1970s Larry Ellison read Dr. Edgar Codd's IBM paper on relational databases and cleverly saw the potential
for data integrity, disk space, and group membership inference. You can find Codd's paper at:
http://bit.ly/118hrj1
In 1978, Larry and colleagues at SDL worked on a CIA project looking to implement a relational database using
SQL, namely Oracle Version 1. That effort is described by Scott Hollows in his presentation at:
http://bit.ly/ZMC9Vc
I am reliably informed by an Oracle employee that the original Oracle project actually started at the NSA, thus
pre-dating the CIA reference above, which makes sense.
Version 2 of Oracle was released in 1979 as the first commercially available SQL RDBMS, with the first customer
being Wright-Patterson Air Base.
Like ORNL's ORACLE hardware in the previous photo, the Oracle relational database was restricted to local
access until 1985, when version 5 introduced client/server. Version 6 brought PL/SQL in 1988, and 1992's Version 7
introduced “Trusted Oracle,” a.k.a. Label Security. Oracle 8i in 1998 introduced Internet-related capabilities such as a
JVM and Linux support. The popularization of Internet access in the late '90s fueled an interest in computer security,
similar to that already experienced at the OS level by Peters and Weissman. This again necessitated greater security
controls.
 
Search WWH ::




Custom Search