Alex Soojung-Kim Pang, Ph.D.

I study people, technology, and the worlds they make

History of computer security?

Are any historians of computing working on the history of security?

What I want to know is when computer security became something that people worried about, separate from concerns about proprietary corporate information, discovery of military secrets/intelligence, etc..

In a sense, computers and security have been connected ever since Enigma and ENIAC. What I have in mind is something more specific (or maybe broader): when did computer programmers, architects, and users begin to think that security was something they needed to pay serious attention to? (Let’s also say non-military users– people who otherwise might not be inclined to consider security a high priority, or might not automatically think about it.) When did they start to worry about outsiders breaking into/taking over their systems?

A quick look suggests that it was the early 1970s, but if there’s a convenient paper on this somewhere, I’d love to know about it.

[To the tune of Evanescence, “Bring Me To Life,” from the album Fallen.]

5 Comments

  1. I would like to see your feedback on this.
    Any paper show up?

    r

  2. So far as I can tell, it’s something that becomes an issue in the 1960s, with the growth of interest in formal computer architectures, and mathematical attempts to do things like formally demonstrate the correctness of programs– i.e., that software was flawless in a deep logical sense, not just that it didn’t break.

    Multics had some pretty robust security built-in in the late 1960s, according to security expert (and Multics alum) Peter Neumann; Whitfield Duffie also started working on cryptography problems in the later 1960s.

  3. http://cne.gmu.edu/modules/acmpkp/security/history_frm.html

    The above link has some information on some early computer security activities.

  4. At MIT in the early 60s, the mainframe computers were scarce resources, and so their use was accounted for and limited. These requirements for accounting were imposed by the organizations, such as IBM and NSF, that paid for the computer. Users supplied a problem number and programmer number when they ran a batch job. Naturally the inventive sought ways to reset the interval timer and run jobs without limit.

    When timesharing came along on the mainframes, usage was still accounted for, and users had to supply their problem and programmer number to log in to CTSS. See http://www.multicians.org/thvv/7094.html.
    Behavior by some community members led to the introduction of passwords in 1963, as a means of ensuring that people used the correct accounts.

    CTSS introduced another facility to MIT computer users, that of permanent online disk storage for each account. This resource was also scarce and limited; in the early days there was no particular concern for privacy of information but people did look for ways to store more than their quota.

    Once quotas and passwords were introduced, they had to be defended, and keeping this information secure from tampering became an issue. CTSS introduced memory protection between user jobs as a reliability measure, but protecting the supervisor from tampering and the password file from reading became a concern as a means of preserving the accounting data in order to ration resources.

    MIT professors Jerry Saltzer and Frans Kaashoek are working on a book that describes some of the security incidents in detail.

  5. In 2007 Elsevier will publish the following title: The History of Information Security. A Comprehensive Handbook. I am the editor of this book. It contains several contributions about computer security. One by Jeff Yost deals with standards; another one, by Bart Jacobs and others,deals with transparency. He dates security issues back to multiprogammingon mainframe computers

Comments are closed.

© 2018 Alex Soojung-Kim Pang, Ph.D.

Theme by Anders NorenUp ↑