Software cannot protect software: an argument for dedicated hardware in security and a categorization of the trustworthiness of information

Authors:
Matthew Judge;Paul Williams;Yong Kim;Barry Mullins
Affiliations:
Air Force Institute of Technology, Wright Patterson AFB, OH;Air Force Institute of Technology, Wright Patterson AFB, OH;Air Force Institute of Technology, Wright Patterson AFB, OH;Air Force Institute of Technology, Wright Patterson AFB, OH
Venue:
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Year:
2008

Citing 16
Cited 0

Using Independent Auditors as Intrusion Detection Systems

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Assisting Network Intrusion Detection with Reconfigurable Hardware

FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Frequent loop detection using efficient non-intrusive on-chip hardware

Proceedings of the 2003 international conference on Compilers, architecture and synthesis for embedded systems
A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
FPGA Based Network Intrusion Detection using Content Addressable Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Efficient packet classification for network intrusion detection using FPGA

Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
A categorization of computer security monitoring systems and the impact on the design of audit sources

A categorization of computer security monitoring systems and the impact on the design of audit sources
Cupids: increasing information system security through the use of dedicated co-processing

Cupids: increasing information system security through the use of dedicated co-processing
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address

IEEE Transactions on Computers
CuPIDS: An exploration of highly focused, co-processor-based information system protection

Computer Networks: The International Journal of Computer and Telecommunications Networking
Memory-efficient content filtering hardware for high-speed intrusion detection systems

Proceedings of the 2007 ACM symposium on Applied computing
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Towards a Taxonomy of Vulnerabilities

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention

Proceedings of the 14th ACM conference on Computer and communications security
A hardware-based memory acquisition procedure for digital investigations

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Quantified Score

Hi-index	0.00

Visualization

Abstract

There are many current classifications and taxonomies relatingto computer security. One missing classification is the Trustworthinessof Information being received by the security system, which wedefine. This new classification along with Timeliness of Detection andSecurity level of the Security System present motivation for hardware-based security solutions. Including hardware is not an automatic solutionto the limitations of software solutions. Advantages are only gained fromhardware through design that ensures at least First-hand Information,dedicated monitors, explicit hardware communication, dedicated storage,and dedicated security processors.