CENTRAL INTELLIGENCE AGENCY (CIA) COMMUNITY ON LINE INTELLIGENCE SYSTEM (COINS) SECURITY PROCEDURES
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP80B01139A000100100012-9
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
14
Document Creation Date:
December 16, 2016
Document Release Date:
August 11, 2005
Sequence Number:
12
Case Number:
Publication Date:
October 3, 1968
Content Type:
REQ
File:
Attachment | Size |
---|---|
CIA-RDP80B01139A000100100012-9.pdf | 492.2 KB |
Body:
Approved For I24,p1ease 2005/08/18 : CIA-RDP80B01139 0100100012-9
SECRET
CENTRAL INTELLIGENCE AGENCY (CIA) COMMUNITY
ON LINE INTELLIGENCE SYSTEM (COINS)
SECURITY PROCEDURES
3 October 1968
SECRET
[zcludzd ; ;rt ,..;cT ,'
Approved For Release 2005/08/18 : CIA-RDP80BOl139A000100100012-9
Approved For L ase 2005/08/18: CIA-RDP80B01139400100100012-9
SECRET
CENTRAL INTELLIGENCE AGENCY (CIA) COMMUNITY
ON LINE INTELLIGENCE SYSTEM (COINS)
SECURITY PROCEDURES
TABLE OF CONTENTS
Page
I. Introduction .............................. 1
II. CIA Headquarters System ................... 2
A. Physical Security Procedures .......... 2
1. COINS Terminals ................... 2
2. CIA Computer Center ............... 4
B. Computer Software Procedures.......... 4
1. Introduction ...................... 4
2. Partitioned System ................ 6
3. Time Sharing Monitor .............. 7
4. Logon ............................. 7
5. System Log ........................ 9
6. Data Set Protection ............... 9
7. Password Monitor .................. 10
C. Communications Security Procedures.... 11
1. External Circuits ................. 11
2. Internal Circuits ................. 11
3. TEMPEST ........................... 11
III. National Photographic Interpretation
Center (NPIC) System .................... 12
A. Physical Security Procedures .......... 12
B. Computer Operational Procedures....... 12
C. Communications Security ............... 12
SECRET
Approved For Release 2005/08/18 : CIA-RDP80BOl139A000100100012-9
Approved For F ase 2005/08@RJP80B01139AW0100100012-9
A. Time Sharing System IBM 360/50 Hardware Configuration
B. Core Layout
C. User Partitions and Associated Terminals
D. Example of LOGON Procedure
E. Flow Diagram of Procedures Required to Retrieve or
Modify Data from a Remote Terminal
F. Security Standards for Conduit Installation
SECRET
Approved For Release 2005/08/18 : CIA-RDP80BOl139A000100100012-9
Approved For Pease 2005/08/18 : CIA-RDP80B01139QP0100100012-9
r-i
SECRET
3 October 1968
Central Intelligence Agency (CIA) Community
On Line Intelligence System (COINS)
Security Procedures
1. Introduction
1. CIA COINS security procedures consist of a combi-
nation of physical security, communications security, and
computer software (programming) techniques which are
designed to operate the CIA portion of the COINS network
at the Top Secret, Comint level compatible with security
controls applicable to that compartmentation level. The
adoption of a combination of procedures provides some
safeguards to maintain security control even if, for some
unanticipated reason, one aspect of the security structure
momentarily fails, i.e., if an unauthorized individual was
able to obtain access to a CIA COINS terminal, he would
not be able to use it unless he had been trained in the
query procedure and had also been given access to several
passwords required to make the system available.
2. In general, however, the security procedures
developed for the CIA COINS system are designed to operate
the system in a non-hostile environment, i.e., the proce-
dures are based on the following assumptions:
a. Employees without a need-to-know will be
denied access to the system.
b. Cleared employees will not actively attempt
to access non-COINS files
c. Users will report receipt of data which is
not responsive to a COINS query (e.g.,
accidental spillage of non-COINS data).
SECRET
Approved For Release 2005/08/18 : CIA-RDP80B0l139A000100100012-9
25X1 Approved For Release 2005/08/18 : CIA-RDP80B01139A000100100012-9
Next 2 Page(s) In Document Exempt
Approved For Release 2005/08/18 : CIA-RDP80B01139A000100100012-9
Approved For Rase 2005/08/11
bB01139100100012-9
Operating System (OS/360). Although there
were a number of advantages in adopting OS/360,
there were also some serious drawbacks, pri-
marily in the security area. OS is a gener-
alized operating system which was designed
with little or no regard for security safe-
guards in a multitasking on-line environment.
b. The approach followed then, in developing the
Time Shared System was:
1) to integrate as much software protection
as possible in the basic design and
circumvent known OS/360 deficiencies,
and
to prevent users of the system from
interfacing directly with the various
program modules of OS/360 and, in
particular, prohibit them from directly
accessing any I/O devices.
The software security of this system, as
currently implemented, is based on the premise
that all users interact, via remote devices,
with debugged sstems pro rams and have no
direct interface with any of the OS/360
modules. These programs are written and
implemented by OCS programmers.
As uming that all., t,k s r ms are error --j r free;"-E ere ould be no fear off Fie system
beln compromised and consequently, no need
for any elaborate software safeguards.
However, when operating in a time sharing
environment, it is not possible to test all
program paths or combinations thereof and
hence, it is impossible to guarantee that
these programs would be 100% reliable at all
times. ThexafD ey a number of other soft-
ware_ security sg~u?ia Tay uI t
o t e s I ,,t9 ignificantl _ :e,duc.e_ the
pa f a securt compromise and to
give us more control in or er o guarantee
a more secure system. Below in sections 2-7
SECRET
Approved For Release 2005/08/18: CIA-RDP80B01139A00010010001-2-9
Approved For F lase 2005/0 M P E
is an explanation of the additional security
safeguards that have been incorporated.
2. Partitioned System
In the Time Shared System, memory is partitioned
such that each remote user is allocated a fixed block of
core associated with a specific terminal. Conceptually,
all user partitions can be visualized as separate computers
that share amain processor, re-entrant routines, I/O
buffers, and direct access storage devices. The partitioned
core allocated to a remote terminal is not accessible by
other terminals. See attachment B, 'Core layout - Model 50'
and attachment C., 'Time Shared Users Partitions'and Asso-
ciated Terminals.'?
SECRET
25X1
GIB
X1
Approved -FoorRelease 2005/08/18 CIA-RDP80B01139A000100100012-9
Approved For F ase 2005/08/8- I Er8OBOll39 A 100100012-9
3. Time Sharing Monitor
a. The Time Sharing Monitor (TSMON) is a problem
program designed to run in the top partition
of a two partition multiprogrammed Operating
System. TSMON replaces interrupt locations
of OS/360 in order to gain control of the
system environment allowing implementation
of an equal-priority, time-slicing, multiple
partition, multiprogramming system utilizing
Operating System facilities.
b. During the initialization phase of TSMON
operations, user partitions are defined,
allocated core storage, and linked to a
specific remote terminal; re-entrant routines
are loaded; task control blocks are generated
for each partition; and the 'LOGON' program
is loaded into all user partitions to control
those tasks until the user has successfully
logged on. The system clock is set to a
time slice interval which insures a reasonable
response time for all tasks. When the
initialization phase is complete, control is
passed to the task dispatcher which passes
control successively to user tasks which are
active.
4. Logon
This procedure applies only to thein? real
C A system - it to a,ggpgy
originating from another agency_,
b. To gain access to the computer system, a user
from a CIA terminal initiates a 'LOGON'
procedure. Name,'office designation, telephone
number, and the system password must be supplied.
Only two attempts are allowed to enter the
password correctly. If unsuccessful, the
entire 'LOGON' procedure is reinitialized. The
system password is changed periodically by the
system operator.
~.r
SECRET
Approved For Release 2005/08/18 : ;CIA-RDP80B0l 139A0001-00100012-9
Approved For Rse 2005/08/18 : SSA I
Wif
B01139A00100100012-9
After the system password has been internally
verified, the program then logs the following
information on the operator's console:
1) User's terminal #
2) Date
3) Time of day
4) User's name
5) User's office designation
6) User's telephone number
The system operator must validate this logon
request from his console before the user can
proceed, if the user is unauthorized to use
the terminal, the operator can cancel the
request.
. It is the responsibility of the user to log
off his terminal, but, in addition, the
operator has the capability to log off any
SECRET
Approved For Release 2005/08/18: CIA-RDP80BO1139A00010b10001 -9 `
Approved For F se 2005/0 P80B01139 100100012-9
InD
rocedure apple
are password protected for both read and write
access. Whenever a data set is specified, a
password is requested, verified, and the
following information is logged on the operator's
console:
~ 4~4 t
SA,
rh
. All classified data sets within the system
terminal from his console. The LOGOFF
program prints the following information
on the operator's terminal:
1) Terminal # logged off
2) Date
3) Time of day
See attachment D, for an example of 'LOGON'
procedure.
5. System Log
Time sharing programs record pertinent information
in a data set known as the 'System Log.' Such information
as log-on attempts, password failures, program loading,
and data set initialization are'recorded and may be displayed
at the operators terminal or listed on the printer. ~ Standard
information within each log entry includes: time, date,
user, and terminal.
6. Data Set Protection
Approved For Fuse 2005/08/18: CIA-RDP80B011391 100100012-9
7) Program in control
An optional feature of the system, when
requested, requires operator intervention
before the data set can be opened and
processing continues. For a flow diagram
of procedures required to retrieve or
modify data from a remote terminal, see
attachment E.
To insure the security of data previously
written on scratch storage, all free blocks
on direct access storage media will be written
over before any new allocation is made.
25X1
25X1
-10-
SECRET
Approved For Release 2005/08/18 : CIA-RDP80BOl 139A000100100012-9
SEUL I
25X1 Approved For Release 2005/08/18 : CIA-RDP80B01139A000100100012-9
Next 2 Page(s) In Document Exempt
Approved For Release 2005/08/18 : CIA-RDP80B01139A000100100012-9
ATTACHMENT.' B'
CORE LAYOUT.
MFT
Nucleus
(OS/360)
SECRET
Approved For Release 2005/08/18 CIA-R6P80B01139A000100100012-9
P1 PO
TP
DISK
USER SEUERR
I/O
P
P
P IP
Work
Task
Buffers
Link
A
A
A t IA
Area
R
R
R I IR
Control
(PAM)
Pack
T
T
T
(Access
I
I
I I II
Method)
Block
Area
T
T
T IT
I
I I II
0
0
0 to
N.
N
N N
$ I it.
1 i iN
MFT Nucleus - Operating System - Resident monitor multi-programming fixed # of tasks
P,0
Batch Partition - runs normal OS/360 jobs
TSMON - Time sharing monitor
TP - Teleprocessing partition - controls polling of all remote terminals
DISK Partition - initiates all I/O for Direct Access Devices
(NOTE: The TP and DISK partitions require no core but are specified as partitions so they may be
allocated aquantum_of time the same as all user partitions. Programs that are run.during
this time are located in the Link Pack Area.
USER Partitions
Work Area used by access methods - work space not shared but allocated to specific partitions
Task Control Block - control blocks for all TS partitions - serves as commutation list for TSMON.
I/O Buffers - buffer pool used by Paging Access Method which services all TS User Partitions.
Link Pack Area - contains all common re-entrant routines.
Approved For Release
Vr. CIA-RDP80BOl139A000100100012-9
Approved For Release 2005/08/18 : CIA-RDP80B01139A000100100012-9
Next 4 Page(s) In Document Exempt
Approved For Release 2005/08/18 : CIA-RDP80BOl139A000100100012-9