A Map of Security Risks Associated wuth Using COTS

  title={A Map of Security Risks Associated wuth Using COTS},
  author={Ulf Lindqvist and Erland Jonsson},
Combining Internet connectivity and COTS based systems results in increased threats from both external and internal sources. Traditionally, security design has been a matter of risk avoidance. Now more and more members of the security community realize the impracticality and insufficiency of this doctrine. It turns out that strict development procedures can only reduce the number of flaws in a complex system, not eliminate every single one. Vulnerabilities may also be introduced by changes in… 

Figures from this paper

Designing Secure Integration Architectures

This paper describes an approach to constructing secure integration architectures-- architectural solutions to component interoperability that both satisfy known functional security policies and that specify the functionality of security mechanisms used to fulfill them.

Analyzing Security Interoperability during Component Integration

  • E. OladimejiL. Chung
  • Computer Science
    5th IEEE/ACIS International Conference on Computer and Information Science and 1st IEEE/ACIS International Workshop on Component-Based Software Engineering,Software Architecture and Reuse (ICIS-COMSAR'06)
  • 2006
This paper presents a goal-oriented and model-driven approach to analyzing the security features of components to determine interoperability and a guideline for integrating them to fulfil the security goals of the composite system.

Towards an Approach for Security Risk Analysis in COTS Based Development

This paper provides a method for security risk analysis in COTS based development (CBD) based on Common Criteria and previous work in identifying general risk items for CBD to provide useful insights for developers in identifying security risks.

Improving Software Security Through an Integrated Approach

A framework for integrating a security policy specification with a system function integration on the basis of the Role-Based Access Control (RBAC) model, which may provide enterprises with uniform and robust enforcement policies to improve the security of sensitive information systems.

The Impact of Certification Criteria on Integrated COTS-Based Systems

A policy configuration model is outlined to represent security policies in a format which can manifest conflicting properties across policy specifications, and is extended to incorporate requirements based on common certification criteria.

An integrated security model for component-based systems

  • N. Nissanke
  • Computer Science
    2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007)
  • 2007
This paper presents an integrated multi-objective component security (ICS) model comprising Bell-LaPadula and Biba security models, for preventing security breaches in confidentiality and integrity in CBS.

An Analysis of the Security of Windows NT

An analysis of the security in Windows NT 4.0, working in both stand-alone and networking mode, concludes that there are ample opportunities to improve the security of Windows NT.

On the Self-Protection of Firewalls and Distributed Intrusion Detection Systems

This thesis addresses the self-protection problem and discusses the avoidance of the risks and dangers associated with the use of security extensions, namely that of protecting the detection policy of a distributed intrusion detection system.

Different Aspects of Security Problems in Network Operating Systems

The objective of this study is to investigate real intrusions in order to find and model the underlying generic weaknesses, i.e., weaknesses that would be applicable to many different systems, in general-purpose network operating systems.

Merging Integration Solutions for Architecture and Security Mismatch

This paper depicts the architectural differences among components, their security access control policies, and the integration solutions that result from independent analysis, the first step toward including architectural interoperability issues and security conflicts in the design of an encompassing solution for an integrated application.



An analysis of a secure system based on trusted components

A practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks shows that the most important problem was that some system components were incorrectly handled as trusted.

A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior

The collected data indicates that the breaches during the standard attack phase are statistically equivalent and that the times between breaches are exponentially distributed, which would actually imply that traditional methods for reliability modeling could be applicable.

A further note on the confinement problem

  • W. E. BoebertR. Kain
  • Computer Science
    1996 30th Annual International Carnahan Conference on Security Technology
  • 1996
The authors demonstrate why the access control mechanisms of common operating systems do not constitute a confinement mechanism, and describe an alternative confinement mechanism called “type enforcement” that was invented by the authors in 1984 and subsequently implemented in several secure computers.

Computer-related risks

Transaction Security System

An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data

Lattice-based access control models

A balanced perspective on lattice-based access control models is provided and information flow policies, the military lattice,Access control models, the Bell-LaPadula model, the Biba model and duality, and the Chinese Wall lattice are reviewed.

Design of fault-tolerant computers

  • A. Avizienis
  • Computer Science, Engineering
    AFIPS '67 (Fall)
  • 1967
Improper functioning of the logic circuits in a digital system is manifested by logic faults, which are defined for this paper as permanent or transient deviations of logic variables from the values specified in design.

A note on the confinement problem

A set of examples attempts to stake out the boundaries of the problem by defining a program during its execution so that it cannot transmit information to any other program except its caller.

Reflections on trusting trust

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

Computer related risks