Addressing malicious code in COTS: a protection framework

Authors:
Donald J. Reifer;Pranjali Baxi;Fabio Hirata;Jonathan Schifman;Ricky Tsao
Affiliations:
Reifer Consultants, Inc., Torrance, CA;Reifer Consultants, Inc., Torrance, CA;Reifer Consultants, Inc., Torrance, CA;Reifer Consultants, Inc., Torrance, CA;Reifer Consultants, Inc., Torrance, CA
Venue:
ICCBSS'05 Proceedings of the 4th international conference on COTS-Based Software Systems
Year:
2005

Citing 13
Cited 0

Software engineering risk analysis and management

Software engineering risk analysis and management
A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Network and internetwork security: principles and practice

Network and internetwork security: principles and practice
Activity monitoring: noticing interesting changes in behavior

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Using the Common Criteria for It Security Evaluation

Using the Common Criteria for It Security Evaluation
Security attribute evaluation method: a cost-benefit approach

Proceedings of the 24th International Conference on Software Engineering
Secure Coding: Principles and Practices

Secure Coding: Principles and Practices
Protecting C programs from attacks via invalid pointer dereferences

Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Exploiting Software: How to Break Code

Exploiting Software: How to Break Code
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Internet infrastructure security: a taxonomy

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

The potential for problems due to malicious code increases in direct proportion with the number of COTS software used in a system. Because of this, many practitioners have used a variety of techniques to address potential attacks. Yet, little guidance has been offered as to which techniques work best, when, and under what conditions. To rectify this problem, we have created a framework that can be used to help those interested in addressing vulnerabilities with a solution. The framework matches defenses to attacks using a risk-based approach that focuses on providing cost-effective protection.