DocumentCode
1092523
Title
Containing the Ultimate Trojan Horse
Author
Franz, Michael
Author_Institution
Univ. of California, Irvine
Volume
5
Issue
4
fYear
2007
Firstpage
52
Lastpage
56
Abstract
Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than inside application programs. A Trojan horse is a program that has "read" access to a secret and "write" access to a public channel, and then abuses its simultaneous access to both of these channels to leak the secret downward to a lower security level.
Keywords
Java; computer crime; invasive software; Trojan horse; invasive software; security management; software system; Automatic control; Computer errors; Costs; Humans; Inspection; Invasive software; Software quality; Software systems; Software tools; Transaction databases; networks; security; trojan horse; vulnerability;
fLanguage
English
Journal_Title
Security & Privacy, IEEE
Publisher
ieee
ISSN
1540-7993
Type
jour
DOI
10.1109/MSP.2007.77
Filename
4288044
Link To Document