Mandatory protection for Internet server software
暂无分享,去创建一个
Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to "server overrun", an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless there are additional defenses. Mandatory protection mechanisms, like those developed for multilevel security applications, can limit the risks of server overrun to a site. Commercial systems have been developed that use three distinct mechanisms: Unix "chroot" isolation, multilevel security (MLS), and type enforcement. The paper compares and contrasts these three mechanisms for server protection.
[1] William Cheswick,et al. Firewalls and Internet Security , 1994 .
[2] Richard E. Smith. Constructing a High Assurance Mail Guard , 1994 .
[3] O. Sami Saydjari,et al. LOCK trek: navigating uncharted space , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[4] Eugene H. Spafford,et al. The internet worm program: an analysis , 1989, CCRV.