Considering defense in depth, for software applications

被引:27
|
作者
Stytz, MR [1 ]
机构
[1] USAF, Res Lab, Wright Patterson AFB, OH 45433 USA
来源
IEEE SECURITY & PRIVACY | 2004年 / 2卷 / 01期
关键词
D O I
10.1109/MSECP.2004.1264860
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The advantages of applying a defense-in-depth strategy for software application security are discussed. By using a defense-in-depth paradigm, attackers defeat all defenses to access protected items. With defense properly arrayed, attackers cannot gain insight into inner defensives while attacking outer ones and, a degree of mutual support but not interdependence exists among defensive layers. As defense-in-depth approach seems appropriate for application protection, it appears that the best defense-in-depth strategy for software source and binary code would undertwine application defenses in such a manner that each defensive technology interlocks with and supports all the others.
引用
收藏
页码:72 / 75
页数:4
相关论文
共 50 条
  • [1] Configuring Software and Systems for Defense-in-Depth
    Jaeger, Trent
    PROCEEDINGS OF THE 2016 ACM WORKSHOP ON AUTOMATED DECISION MAKING FOR ACTIVE CYBER DEFENSE (SAFECONFIG'16), 2016, : 1 - 1
  • [2] A Course on Software Architecture for Defense Applications
    Ciancarini, Paolo
    Russo, Stefano
    Sabbatino, Vincenzo
    PROCEEDINGS OF 4TH INTERNATIONAL CONFERENCE IN SOFTWARE ENGINEERING FOR DEFENCE APPLICATIONS, SEDA 2015, 2016, 422 : 321 - 330
  • [3] Software Security Analysis Based on the Principle of Defense-in-Depth
    Jalali, Ahmad
    Hadavi, Mohammad Ali
    2018 15TH INTERNATIONAL ISC (IRANIAN SOCIETY OF CRYPTOLOGY) CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2018,
  • [4] Defense-in-depth and diverse qualification of safety-critical software
    Miedl, Horst
    Lee, Jang-Soo
    Lindner, Arndt
    Hoffman, Ernst
    Martz, Josef
    Lee, Young-Jun
    Choi, Jong-Gyun
    Kim, Jang-Yeol
    Chal, Kyoung-Ho
    Cheon, Se-Woo
    Lee, Cheol-Kwon
    Park, Gee-Yong
    Kwon, Kee-Choon
    COMPUTER SAFETY, RELIABILITY, AND SECURITY, PROCEEDINGS, 2007, 4680 : 258 - +
  • [5] Efficient Reliability Analysis of Concurrent Software Applications Considering Software Architecture
    El Kharboutly, Rehab
    Gokhale, Swapna S.
    INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2014, 24 (01) : 43 - 60
  • [6] Towards Building Active Defense Systems for Software Applications
    Perumal, Zara
    Veeramachaneni, Kalyan
    CYBER SECURITY CRYPTOGRAPHY AND MACHINE LEARNING, CSCML 2018, 2018, 10879 : 144 - 161
  • [7] Defense Applications Software to Enhance the US Department of Defense's Technical Advantage INTRODUCTION
    Osburn, Jeanie
    Kevorkian, Aram
    Sekar, Balu
    COMPUTING IN SCIENCE & ENGINEERING, 2010, 12 (05) : 14 - 17
  • [8] Defense in Depth
    Langerman, Neal
    JOURNAL OF CHEMICAL HEALTH & SAFETY, 2014, 21 (01): : 43 - 45
  • [9] Defense in depth
    Shasha, DE
    SCIENTIFIC AMERICAN, 2002, 286 (05) : 101 - 101
  • [10] Empirical Study on Enhancing the Accuracy of Software Cost Estimation Model for Defense Software Development Project Applications
    Lee, Taeho
    Choi, Donoh
    Baik, Jongmoon
    12TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY: ICT FOR GREEN GROWTH AND SUSTAINABLE DEVELOPMENT, VOLS 1 AND 2, 2010, : 1117 - 1122
12345