Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information

There are many current classifications and taxonomies relatingto computer security. One missing classification is the Trustworthinessof Information being received by the security system, which wedefine. This new classification along with Timeliness of Detection andSecurity level of the Security System present motivation for hardware-based security solutions. Including hardware is not an automatic solutionto the limitations of software solutions. Advantages are only gained fromhardware through design that ensures at least First-hand Information,dedicated monitors, explicit hardware communication, dedicated storage,and dedicated security processors.

[1]  Benjamin A. Kuperman,et al.  A categorization of computer security monitoring systems and the impact on the design of audit sources , 2004 .

[2]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[3]  Eugene H. Spafford,et al.  CuPIDS: An exploration of highly focused, co-processor-based information system protection , 2007, Comput. Networks.

[4]  Joe Grand,et al.  A hardware-based memory acquisition procedure for digital investigations , 2004, Digit. Investig..

[5]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[6]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[7]  Henry L. Owen,et al.  A methodology to detect and characterize Kernel level rootkit exploits involving redirection of the system call table , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[8]  John A. Chandy,et al.  FPGA based network intrusion detection using content addressable memories , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[9]  Eugene H. Spafford,et al.  Cupids: increasing information system security through the use of dedicated co-processing , 2005 .

[10]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[11]  Vern Paxson,et al.  Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention , 2007, CCS '07.

[12]  Frank Vahid,et al.  Frequent loop detection using efficient non-intrusive on-chip hardware , 2003, CASES '03.

[13]  William A. Arbaugh,et al.  Using Independent Auditors as Intrusion Detection Systems , 2002, ICICS.

[14]  Frank Vahid,et al.  Frequent loop detection using efficient nonintrusive on-chip hardware , 2005, IEEE Transactions on Computers.

[15]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[16]  Paul D. Williams,et al.  A Hardware-based Architecture to Support Flexible Real-Time Parallel Intrusion Detection , 2007, 2007 IEEE International Conference on System of Systems Engineering.

[17]  Anil Bazaz,et al.  Towards a Taxonomy of Vulnerabilities , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[18]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.

[19]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[20]  Stephen Mott,et al.  Exploring Hardware-Based Primitives to Enhance Parallel Security Monitoring in a Novel Computing Architecture , 2007 .

[21]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[22]  Chita R. Das,et al.  Memory-efficient content filtering hardware for high-speed intrusion detection systems , 2007, SAC '07.

[23]  Parimal Patel,et al.  Distributed IDS using Reconfigurable Hardware , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.