Title :
Bickering In-Depth: Rethinking the Composition of Competing Security Systems
Author :
Locasto, Michael E. ; Bratus, Sergey ; Schulte, Brian
Author_Institution :
George Mason Univ., Fairfax, VA, USA
Abstract :
A vast array of security software exists, and because most of it addresses only relatively small facets of information security, it remains unclear how users should compose such software to achieve a reasonable degree of protection coverage. Furthermore, the many companies, organizations, and individuals that create such software don\´t design it to cooperate with similar software. We believe the resulting level of competition for resources and measurement points (kernel, library, or user hooks; disk access events; the system call API; and so on) can unnecessarily degrade system performance and interfere with the efficacy of the systems themselves. In essence, the broad call for "defense in-depth" can exacerbate existing performance and usability problems and lead to an unintentional loss of security. We suggest a paradigm in which security programmers intentionally design their code to cooperate with similar software by negotiating over security-critical resources, system measurement points, event types, and trusted information flow paths.
Keywords :
security of data; code design; competing security system; event types; information security; protection coverage; security loss; security software; security-critical resources; system measurement points; system performance; trusted information flow path; usability problem; Degradation; Information security; Kernel; Performance loss; Programming profession; Protection; Software design; Software libraries; System performance; Usability; cooperative security; defense-in-depth; secure systems; security negotiation;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2009.189
