Assurance for Defense in Depth via Retrofitting
نویسندگان
چکیده
The computer security community has long advocated defense in depth, the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in practice, and software often ships with inadequate defenses, typically developed in an ad hoc fashion. Currently, programmers reason about security manually and lack tools to validate assurance that security controls provide satisfactory defenses. In this position paper, we propose STRATA—a holistic framework for defense in depth. We examine application of STRATA in the context of adding security controls to legacy code for authorization, containment, and auditing. The STRATA framework aims to support a combination of: (1) interactive techniques to develop retrofitting policies that describe the connection between program constructs and security policy and (2) automated techniques to produce optimal security controls that satisfy retrofitting policies. We show that by reasoning about defense in depth a variety of advantages can be obtained, including optimization, continuous improvement, and assurance across multiple security controls.
منابع مشابه
Rethinking Defensive Information Warfare
Although the origins of information warfare lie in the defense of critical computer systems, defensive information warfare (DIW) per se has advanced little beyond an information assurance model. Information assurance is an integral part of any military organization’s operations, but it falls far short of meeting the needs for robust defense of critical command-and-control (C2) computer networks...
متن کاملLayering Boundary Protections: An Experiment in Information Assurance
1 Work was completed while the author was at NAI Labs. Abstract The DARPA Information Assurance Program has the aim of developing and executing experiments that test specific hypotheses about defense in depth and dynamic defense capabilities. This paper describes the development and execution of an experiment in layering. The basic hypothesis was that layers of defense, when added in a careful ...
متن کاملA Jurisprudential Analysis on Provisional Profit Assurance of Investment Deposits in Interest-free Banking
The term investment deposits are one of the important modes of mobilization of resources in the Iranian banking system that are eligible for a certain provisional profit. According to the bank’s agency in this term of deposits, the appliance of Provisional Profit and its periodic payment to depositors before calculating of actual profit at the end of the fiscal year, are for incentives of custo...
متن کاملRetrofitting of Bridge Piers against the Scour Damages: Case Study of the Marand-Soofian Route Bridge
Bridge piers which are constructed in the track of high water rivers cause some variations in the flow patterns. This variation mostly is a result of the changes in river sections. Decreasing the river section, bridge piers significantly impress the flow patterns. Once the flow approaches the piers, the stream lines change their order, causing the appearance of different flow patterns around th...
متن کاملRC Slabs Retrofitting Against Blast Loading by GFRP-PU and CFRP-PU
For reducing the structural damage against blast loading, fiber reinforced polymers sheet (CFRP, GFRP) can be used for retrofitting the RC slabs. In this study specimens of reinforced concrete slabs with or without retrofitting are modeled numerically. The results show that the using of high resistant, elastic material such as FRP sheets, are effective in reducing the deformation of the slabs, ...
متن کامل