|
| |
| |
|
| |
Policies, News, and Updates |
|
| |
 |
Engineering Security Into the Software Development Life Cycle
( PDF 82KB)
by Gary M. McGraw and Nancy R. Mead
The Build Security In Software Assurance Initiative promotes less
vulnerable software with security built in from the start.
|
|
| |
|
Creating a Software Assurance Body of Knowledge
( PDF 71KB)
by Samuel T. Redwine Jr.
This article presents an initiative to assemble the knowledge to
acquire, develop, and sustain secure software with functionality.
|
|
| |
| |
Software Security |
|
| |
|
Designing for Disaster: Building Survivable Information Systems
( PDF 142KB)
by Ronda R. Henning
Designing survivability measures into an information system from
the start allows continued operations through failure scenarios. |
|
| |
|
Sixteen Standards-Based Practices for Safety and Security
( PDF 127KB)
by Dr. Linda Ibrahim
The 16 practices presented in this article help establish a safety
and security capability, identify and manage risks, and assure
product safety and security throughout the life cycle.
|
|
| |
|
The Information Technology Security Arms Race
( PDF 154KB)
by Dr. Steven Hofmeyr
This author discusses how an intrusion prevention system can
fill the need for new technology defenses to protect against
new information attack technologies.
|
|
| |
|
The MILS Architecture for a Secure Global Information Grid
( PDF 167KB)
by Dr. W. Scott Harrison, Dr. Nadine Hanebutte, Dr. Paul W. Oman, and Dr. Jim Alves-Foss
With the Multiple Independent Levels of Security safety
architecture, guards act to filter and enforce information flow,
allowing large systems to have partitions small enough to verify.
|
|
| |
|
Application Security: Protecting the Soft Chewy Center
( PDF 126KB)
by Alec Main
Application security is rising up to protect from the inside out
by implementing defensive techniques into top-level applications
and data. |
|
| |
| |
On-Line Only Feature |
|
| |
|
Security Issues in Garbage Collection
by Dr. Chia-Tien Dan Lo, Dr. Witawas Srisa-an and Dr. J. Morris Chang
This article examines Java security models, describing security issues in garbage collection (GC), metrics used to predict program behaviors, and their relations. Heap memory attacks are introduced and classified into both slow death and fast death categories. These are potential scenarios if GC is under attack. Experimental results show that a compromised system may result in GC being invoked more times than its normal counterpart. Furthermore, presented here is a runtime monitoring system that can detect anomalous program behaviors using the collected memory metrics. This can be a runtime throttle to control program behaviors, or a post-mortem diagnosis technique in case of heap memory attacks. |
|
| |
|
Attacks and Countermeasures
by Zaid Dwaikat
Security attacks are everywhere; they touch all aspects of information systems: people, networks, and software applications. A good defense requires a thorough understanding of the attacks’ landscape. In this article, we provide a high-level overview of security attacks and how they are executed. |
|
| |
| |
Departments |
|
| |
|
|
)
)
