Title :
Security control for COTS components
Author :
Zhong, Qun ; Edwards, Nigel
Author_Institution :
Hewlett-Packard Lab., Bristol, UK
fDate :
6/1/1998 12:00:00 AM
Abstract :
Using COTS components poses serious threats to system security. The authors analyze the risks and describe how their sandbox method can limit the damage potential of COTS components. The sandbox model was originally developed for fault tolerance. Rather than eliminating actual failures, it provides a restricted environment to confine application behavior. The approach confines the damage caused if an application accidentally or maliciously misbehaves. The authors´ sandbox method differs from Java´s, in that it is built with OS support rather than with support from a particular language. The authors describe the Sendmail version of their sandbox method. Their approach requires B-level security features not found on most conventional OSs. Typically developed for government or military use, B-level certified OSs have more sophisticated security features. The authors explain that their method does not eliminate security problems but rather mitigates the damage caused by compromised applications and thus prevents most common security breaches. Untrusted COTS components can thus be safely plugged into a system without major reengineering, provided there is a suitable security platform
Keywords :
certification; risk management; security of data; software fault tolerance; software packages; B-level certified OSs; B-level security features; COTS components; OS support; Sendmail version; application behavior; commercial off the shelf software; damage potential; fault tolerance; restricted environment; risk analysis; sandbox method; security breaches; security control; security features; security platform; system security; untrusted COTS components; Access control; Computer security; Control systems; Costs; Information security; Information systems; Large-scale systems; Operating systems; Web server; Workstations;
