Accession Number:

ADA415561

Title:

Applications That Participate in Their Own Defense (APOD)

Descriptive Note:

Final technical rept. Jul 1999-Jul 2002

Corporate Author:

BBN TECHNOLOGIES CAMBRIDGE MA

Report Date:

2003-05-01

Pagination or Media Count:

89.0

Abstract:

The goal of the APOD project was to give software applications an increased resistance against malicious attack even when they run in an environment that is not completely secured. We call any such application defense enabled. Note that defense enabling is less ambitious than building a secure system rather than protect the entire system, defense enabling concentrates on the survival and integrity of essential applications, possibly sacrificing other parts of the system to the attacker. Defense enabling also gives priority to some security properties over others we are much more concerned with defending the integrity of an applications data than its confidentiality. Defense enabling is representation of a relatively recent trend in computer security, often called survivability or 3rd generation security. Several factors distinguish the APOD approach to survivability from others. First, dynamic adaption is a key theme of our approach. Intrusions cause changes in the system, and a survivable system much cope with these changes. As a consequence, defense enabled applications must be very agile and will make use of the flexibility possible in todays dynamic, networked environments. Second, a defense enabled application has a defense strategy that is typically application an mission specific. Such strategies complement and go beyond traditional approaches to security in which protection mechanisms are typically not aware of the applications they aim to protect. Third, defense enabling builds the defense in middleware, intermediate between the application and the networks and operating systems on which the application runs. Defense strategies implemented in middleware can be reused relatively easily in the context of other applications because they are only loosely coupled to the application.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE