A map of security risks associated with using COTS

Author

Lindqvist, Ulf ; Jonsson, Erland

Author_Institution

Chalmers Univ. of Technol., Goteborg, Sweden

Volume

31

Issue

6

fYear

1998

fDate

6/1/1998 12:00:00 AM

Firstpage

60

Lastpage

66

Abstract

Combining Internet connectivity and COTS based systems results in increased threats from both external and internal sources. Traditionally, security design has been a matter of risk avoidance. Now more and more members of the security community realize the impracticality and insufficiency of this doctrine. It turns out that strict development procedures can only reduce the number of flaws in a complex system, not eliminate every single one. Vulnerabilities may also be introduced by changes in the system environment or the way the system operates. Therefore, both developers and system owners must anticipate security problems and have a strategy for dealing with them. This is particularly important with COTS based systems, because system owners have no control over the development of the components. The authors present a taxonomy of potential problem areas. It can be used to aid the analysis of security risks when using systems that to some extent contain COTS components

Keywords

Internet; risk management; security of data; software packages; COTS based systems; COTS components; Internet connectivity; commercial off-the-shelf products; development procedures; internal sources; risk avoidance; security community; security design; security problems; security risks; system environment; system owners; vulnerabilities; Availability; Cryptography; Humans; Information security; Internetworking; National security; Operating systems; Product design; Risk analysis; Taxonomy;

fLanguage

English

Journal_Title

Computer

Publisher

ieee

ISSN

0018-9162

Type

jour

DOI

10.1109/2.683009

Filename

683009