Mandatory Protection for Internet Server Software

San Diego California December 09-December 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.1996.569694

12th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by R.E. Smith

	ASCII Text	x
	R.E. Smith, "Mandatory Protection for Internet Server Software," Computer Security Applications Conference, Annual, pp. 178, 12th Annual Computer Security Applications Conference (ACSAC '96), 1996.

	BibTex	x
	@article{ 10.1109/CSAC.1996.569694, author = {R.E. Smith}, title = {Mandatory Protection for Internet Server Software}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {1996}, issn = {1063-9527}, pages = {178}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.1996.569694}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Mandatory Protection for Internet Server Software SN - 1063-9527 SP EP A1 - R.E. Smith, PY - 1996 KW - Internet; multilevel security applications; Internet server software; security flaws; server overrun; attack code; server host; mandatory protection mechanisms; commercial systems; Unix chroot isolation; type enforcement; MLS; server protection VL - 0 JA - Computer Security Applications Conference, Annual ER -

R.E. Smith, Secure Comput. Corp., Roseville, MN, USA

Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to "server overrun", an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless there are additional defenses. Mandatory protection mechanisms, like those developed for multilevel security applications, can limit the risks of server overrun to a site. Commercial systems have been developed that use three distinct mechanisms: Unix "chroot" isolation, multilevel security (MLS), and type enforcement. The paper compares and contrasts these three mechanisms for server protection.

Index Terms:

Internet; multilevel security applications; Internet server software; security flaws; server overrun; attack code; server host; mandatory protection mechanisms; commercial systems; Unix chroot isolation; type enforcement; MLS; server protection

Citation:

R.E. Smith, "Mandatory Protection for Internet Server Software," acsac, pp.178, 12th Annual Computer Security Applications Conference (ACSAC '96), 1996

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.