• DocumentCode
    1092523
  • Title

    Containing the Ultimate Trojan Horse

  • Author

    Franz, Michael

  • Author_Institution
    Univ. of California, Irvine
  • Volume
    5
  • Issue
    4
  • fYear
    2007
  • Firstpage
    52
  • Lastpage
    56
  • Abstract
    Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than inside application programs. A Trojan horse is a program that has "read" access to a secret and "write" access to a public channel, and then abuses its simultaneous access to both of these channels to leak the secret downward to a lower security level.
  • Keywords
    Java; computer crime; invasive software; Trojan horse; invasive software; security management; software system; Automatic control; Computer errors; Costs; Humans; Inspection; Invasive software; Software quality; Software systems; Software tools; Transaction databases; networks; security; trojan horse; vulnerability;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2007.77
  • Filename
    4288044