With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Applying military grade security to the Internet
Selected papers of the 8th joint European conference on Networking
High security Web servers and gateways
Selected papers from the sixth international conference on World Wide Web
Lattice-Based Access Control Models
Computer
Providing Secure Environments for Untrusted Network Applications
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
A security paradigm for Web databases
ACM-SE 37 Proceedings of the 37th annual Southeast regional conference (CD-ROM)
Merging Integration Solutions for Architecture and Security Mismatch
ICCBSS '02 Proceedings of the First International Conference on COTS-Based Software Systems
Evolution of the MTA architecture: the impact of security
Software—Practice & Experience
Patterns for the secure and reliable execution of processes
Proceedings of the 15th Conference on Pattern Languages of Programs
Component security: issues and an approach
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
A Tool Support for Secure Software Integration
International Journal of Secure Software Engineering
| Hi-index | 4.10 |
Using COTS components poses serious threats to system security. The authors analyze the risks and describe how their sandbox method can confine the damage potential of COTS components. The sandbox model was originally developed for fault tolerance. Rather than eliminating actual failures, it provides a restricted environment to confine application behavior. The approach confines the damage caused if an application accidentally or maliciously misbehaves. The authors' sandbox method differs from Java's, in that it is built with OS support rather than with support from a particular language. In this article, they describe the Sendmail version of their sandbox method. Their approach requires B-level security features not found on most conventional OSs. Typically developed for government or military use, B-level-certified OSs have more sophisticated security features. The authors explain that their method does not eliminate security problems but rather mitigates the damage caused by compromised applications and thus prevents most common security breaches. Untrusted COTS components can thus be safely plugged into a system without major reengineering, provided there is a suitable security platform.