Containing the Ultimate Trojan Horse
Franz, M.
Univ. of California, Irvine;
This paper appears in: Security & Privacy, IEEE
Publication Date: July-Aug. 2007
Volume: 5,
Issue: 4
On page(s): 52-56
ISSN: 1540-7993
INSPEC Accession Number: 9628145
Digital Object Identifier: 10.1109/MSP.2007.77
Current Version Published: 2007-08-13
Abstract
Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than inside application programs. A Trojan horse is a program that has "read" access to a secret and "write" access to a public channel, and then abuses its simultaneous access to both of these channels to leak the secret downward to a lower security level.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
