IBM Systems Journal - Special issue on cryptology
Computer related risks
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Lattice-Based Access Control Models
Computer
FTCS'95 Proceedings of the Twenty-Fifth international conference on Fault-tolerant computing
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Can We Ever Build Survivable Systems from COTS Components?
CAiSE '02 Proceedings of the 14th International Conference on Advanced Information Systems Engineering
Merging Integration Solutions for Architecture and Security Mismatch
ICCBSS '02 Proceedings of the First International Conference on COTS-Based Software Systems
Estimating the Cost of Security for COTS Software
ICCBSS '03 Proceedings of the Second International Conference on COTS-Based Software Systems
Designing Secure Integration Architectures
ICCBSS '03 Proceedings of the Second International Conference on COTS-Based Software Systems
Component Metadata for Software Engineering Tasks
EDO '00 Revised Papers from the Second International Workshop on Engineering Distributed Objects
Security Properties of Software Components
ISW '99 Proceedings of the Second International Workshop on Information Security
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Using Component Metacontent to Support the Regression Testing of Component-Based Software
ICSM '01 Proceedings of the IEEE International Conference on Software Maintenance (ICSM'01)
Who Is Liable for Insecure Systems?
Computer
Certification process of software components
ACM SIGSOFT Software Engineering Notes
Information security investment decisions: evaluating the Balanced Scorecard method
International Journal of Business Information Systems
Trust-based protection of software component users and designers
iTrust'03 Proceedings of the 1st international conference on Trust management
A distributed monitoring system for enhancing security and dependability at architectural level
Architecting dependable systems IV
Component security: issues and an approach
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Security model oriented attestation on dynamically reconfigurable component-based systems
Journal of Network and Computer Applications
Towards an approach for security risk analysis in COTS based development
SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling
| Hi-index | 4.10 |
Combining Internet connectivity and COTS-based systems results in increased threats from both external and internal sources. Traditionally, security design has been a matter of risk avoidance. Now more and more members of the security community realize the impracticality and insufficiency of this doctrine. It turns out that strict development procedures can only reduce the number of flaws in a complex system, not eliminate every single one. Vulnerabilities may also be introduced by changes in the system environment or the way the system operates. Therefore, both developers and system owners must anticipate security problems and have a strategy for dealing with them. This is particularly important with COTS-based systems, because system owners have no control over the development of the components. The authors present a taxonomy of potential problem areas. It can be used to aid the analysis of security risks when using systems that to some extent contain COTS components.