Hardening COTS software with generic software wrappers
- 7 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 2, 323-337
- https://doi.org/10.1109/discex.2000.821530
Abstract
Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers because they are not based on a common framework which might simplify integration and promote portability and reuse. This paper presents techniques for developing Generic Software Wrappers-protected, non-bypassable kernel-resident software extensions for augmenting security without modification of COTS source. We describe the key elements of our work: our high-level Wrapper Definition Language (WDL), and our framework for configuring, activating, and managing wrappers. We also discuss code reuse, automatic management of extensions, a framework for system-building through composition, platform-independence, and our experiences with our Solaris and FreeBSD prototypes.Keywords
This publication has 17 references indexed in Scilit:
- USTAT: a real-time intrusion detection system for UNIXPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- A sense of self for Unix processesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Self-nonself discrimination in a computerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Safe kernel extensions without run-time checkingPublished by Association for Computing Machinery (ACM) ,1996
- Dealing with disasterPublished by Association for Computing Machinery (ACM) ,1996
- State transition analysis: a rule-based intrusion detection approachIEEE Transactions on Software Engineering, 1995
- Extensibility safety and performance in the SPIN operating systemPublished by Association for Computing Machinery (ACM) ,1995
- Efficient software-based fault isolationPublished by Association for Computing Machinery (ACM) ,1993
- A Comparison of Commercial and Military Computer Security PoliciesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1987
- Secure Computer System: Unified Exposition and Multics InterpretationPublished by Defense Technical Information Center (DTIC) ,1976