Abstract

Recent experience in computer security has illustrated the susceptibility of numerous operating systems to hostile penetration. Successful penetrations have been directed at manufacturers' conventional operating systems as well as special "secure" versions that have been the subjects of exhaustive efforts to find and fix all potential security problems. While formal reports are understandably hard to come by, it appears that the effort required to "break" any operating system and obtain access to any information it stores (at any time and without detection) is in the range two to four man-months. In contrast, the effort expended in futile attempts to prevent such penetration may be as much as two orders of magnitude greater (several man-years or more).