Title :
Containing the Ultimate Trojan Horse
Author_Institution :
Univ. of California, Irvine
Abstract :
Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than inside application programs. A Trojan horse is a program that has "read" access to a secret and "write" access to a public channel, and then abuses its simultaneous access to both of these channels to leak the secret downward to a lower security level.
Keywords :
Java; computer crime; invasive software; Trojan horse; invasive software; security management; software system; Automatic control; Computer errors; Costs; Humans; Inspection; Invasive software; Software quality; Software systems; Software tools; Transaction databases; networks; security; trojan horse; vulnerability;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2007.77
