The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2009 vol.7)
pp: 77-81
Michael E. Locasto , George Mason University
Sergey Bratus , Dartmouth College
Brian Schulte , The College of New Jersey
ABSTRACT
A wide variety of security software competes for control of desktops, servers, and handhelds. Competition for control over a system's security posture can leave systems mired in a performance tar pit and subvert the very security they were meant to provide. Although the use of defense in-depth is widely recommended, it isn't nearly as automated as it could be, particularly when it comes to composing policy in addition to functionality. We suggest a paradigm in which security programmers intentionally design their code to cooperate with similar software by negotiating over security-critical resources, system measurement points, event types, and trusted information flow paths.
INDEX TERMS
cooperative security, security negotiation, defense-in-depth, secure systems
CITATION
Michael E. Locasto, Sergey Bratus, Brian Schulte, "Bickering In-Depth: Rethinking the Composition of Competing Security Systems", IEEE Security & Privacy, vol.7, no. 6, pp. 77-81, November/December 2009, doi:10.1109/MSP.2009.189
REFERENCES
1. P. Boutin, "Five Controversial Ways to Speed Your PC," New York Times blog, 2009; http://gadgetwise.blogs.nytimes.com/2009/ 05/12/five-controversial-ways-to-speed-your-pc ?partner=rss&emc=rss.
2. Skywing, "What Were They Thinking: Antivirus Software Gone Wrong," Uninformed, vol. 4, June 2006; http://uninformed.org?v=4&a=4&t=txt .
3. Skape, "What Were They Thinking: Annoyances Caused by Unsafe Assumptions," Uninformed, vol. 1, Apr. 2005; http://uninformed.org?v=1&a=5&t=txt .
4. L. Yuan et al., "Fireman: A Toolkit for Firewall Modeling and Analysis," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 199–213.
5. M.E. Locasto, S. Sidiroglou, and A.D. Keromytis, "Software Self-Healing Using Collaborative Application Communities," Proc.13th Symp. Network and Distributed System Security (NDSS 06)," The Internet Soc., 2006, pp. 95–106.
6. M. Costa et al., "Vigilante: End-to-End Containment of Internet Worms," Proc. Symp. Systems and Operating Systems Principles (SOSP 05), ACM Press, 2005, pp. 133–147.
7. H.-A. Kim and B. Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection," Proc. Usenix Security Conf., Usenix Assoc., 2004; www.usenix.org/events/sec04/techkim.html .
8. J. Tucek et al., "Sweeper: A Lightweight End-to-End System for Defending Against Fast Worms," ACM SIGOPS Operating Systems Rev., ACM Press, 2007, pp. 115–128.
9. B.W. Lampson, "Hints for Computer System Design," Operating Systems Rev., vol. 20, no. 5, 1983, pp. 77-813–48.
10. M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust Management," Proc. IEEE Conf. Security and Privacy, IEEE CS Press, 1996, pp. 164-174.
11. W.N. Robinson, "Automated Assistance for Conflict Resolution in Multiple Perspective Systems Analysis and Operation," Joint Proc. 2nd Int'l Software Architecture Workshop and Int'l Workshop on Multiple Perspectives in Software Development (Viewpoints 96), ACM Press, 1996, pp. 197–201.
12. B. Nuseibeh, J. Kramer, and A. Finkelstein, "A Framework for Expressing the Relationships between Multiple Views in Requirements Specification," IEEE Trans. Software Eng., vol. 20, no. 10, 1994, pp. 760–773.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool