Hardening COTS software with generic software wrappers

Author

Fraser, Timothy ; Badger, Lee ; Feldman, Mark

Author_Institution

Network Associates Inc., Glenwood, MD, USA

Volume

2

fYear

2000

fDate

6/22/1905 12:00:00 AM

Firstpage

323

Abstract

Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers because they are not based on a common framework which might simplify integration and promote portability and reuse. This paper presents techniques for developing Generic Software Wrappers-protected, non-bypassable kernel-resident software extensions for augmenting security without modification of COTS source. We describe the key elements of our work: our high-level Wrapper Definition Language (WDL), and our framework for configuring, activating, and managing wrappers. We also discuss code reuse, automatic management of extensions, a framework for system-building through composition, platform-independence, and our experiences with our Solaris and FreeBSD prototypes

Keywords

operating system kernels; security of data; FreeBSD; Solaris; code reuse; generic software wrappers; high-level Wrapper Definition Language; mission-critical systems; nonbypassable kernel-resident software extensions; platform-independence; portability; security functionality; system-building; Access control; Application software; Data security; Intrusion detection; Mission critical systems; Operating systems; Permission; Privacy; Protection; Prototypes;

fLanguage

English

Publisher

ieee

Conference_Titel

DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings

Conference_Location

Hilton Head, SC

Print_ISBN

0-7695-0490-6

Type

conf

DOI

10.1109/DISCEX.2000.821530

Filename

821530