DocumentCode
1372061
Title
Bickering In-Depth: Rethinking the Composition of Competing Security Systems
Author
Locasto, Michael E. ; Bratus, Sergey ; Schulte, Brian
Author_Institution
George Mason Univ., Fairfax, VA, USA
Volume
7
Issue
6
fYear
2009
Firstpage
77
Lastpage
81
Abstract
A vast array of security software exists, and because most of it addresses only relatively small facets of information security, it remains unclear how users should compose such software to achieve a reasonable degree of protection coverage. Furthermore, the many companies, organizations, and individuals that create such software don\´t design it to cooperate with similar software. We believe the resulting level of competition for resources and measurement points (kernel, library, or user hooks; disk access events; the system call API; and so on) can unnecessarily degrade system performance and interfere with the efficacy of the systems themselves. In essence, the broad call for "defense in-depth" can exacerbate existing performance and usability problems and lead to an unintentional loss of security. We suggest a paradigm in which security programmers intentionally design their code to cooperate with similar software by negotiating over security-critical resources, system measurement points, event types, and trusted information flow paths.
Keywords
security of data; code design; competing security system; event types; information security; protection coverage; security loss; security software; security-critical resources; system measurement points; system performance; trusted information flow path; usability problem; Degradation; Information security; Kernel; Performance loss; Programming profession; Protection; Software design; Software libraries; System performance; Usability; cooperative security; defense-in-depth; secure systems; security negotiation;
fLanguage
English
Journal_Title
Security & Privacy, IEEE
Publisher
ieee
ISSN
1540-7993
Type
jour
DOI
10.1109/MSP.2009.189
Filename
5370706
Link To Document