• DocumentCode
    1372061
  • Title

    Bickering In-Depth: Rethinking the Composition of Competing Security Systems

  • Author

    Locasto, Michael E. ; Bratus, Sergey ; Schulte, Brian

  • Author_Institution
    George Mason Univ., Fairfax, VA, USA
  • Volume
    7
  • Issue
    6
  • fYear
    2009
  • Firstpage
    77
  • Lastpage
    81
  • Abstract
    A vast array of security software exists, and because most of it addresses only relatively small facets of information security, it remains unclear how users should compose such software to achieve a reasonable degree of protection coverage. Furthermore, the many companies, organizations, and individuals that create such software don\´t design it to cooperate with similar software. We believe the resulting level of competition for resources and measurement points (kernel, library, or user hooks; disk access events; the system call API; and so on) can unnecessarily degrade system performance and interfere with the efficacy of the systems themselves. In essence, the broad call for "defense in-depth" can exacerbate existing performance and usability problems and lead to an unintentional loss of security. We suggest a paradigm in which security programmers intentionally design their code to cooperate with similar software by negotiating over security-critical resources, system measurement points, event types, and trusted information flow paths.
  • Keywords
    security of data; code design; competing security system; event types; information security; protection coverage; security loss; security software; security-critical resources; system measurement points; system performance; trusted information flow path; usability problem; Degradation; Information security; Kernel; Performance loss; Programming profession; Protection; Software design; Software libraries; System performance; Usability; cooperative security; defense-in-depth; secure systems; security negotiation;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2009.189
  • Filename
    5370706