Title :
Mandatory protection for Internet server software
Author :
Smith, Richard E.
Author_Institution :
Secure Comput. Corp., Roseville, MN, USA
Abstract :
Server software on the Internet is today´s high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to “server overrun”, an attack that subverts the server´s behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless there are additional defenses. Mandatory protection mechanisms, like those developed for multilevel security applications, can limit the risks of server overrun to a site. Commercial systems have been developed that use three distinct mechanisms: Unix “chroot” isolation, multilevel security (MLS), and type enforcement. The paper compares and contrasts these three mechanisms for server protection
Keywords :
Internet; computer communications software; industrial property; network servers; security of data; Internet server software; MLS; Unix chroot isolation; attack code; commercial systems; mandatory protection mechanisms; multilevel security applications; security flaws; server host; server overrun; server protection; type enforcement; Electronic mail; IP networks; Internet; Lakes; Multilevel systems; Network servers; Protection; Telecommunication traffic; Web server; Web sites;
Conference_Titel :
Computer Security Applications Conference, 1996., 12th Annual
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-7606-X
DOI :
10.1109/CSAC.1996.569694
