Abstract
Securing software systems against malicious attack, corruption, and subversion has been an ongoing research problem. Novel applications of software configuration technology may provide solutions to these problems. Three interesting problems and potentials solutions are presented. The problems are intrusion tolerance, misuse protection, and cyber-forensics. The first two can be addressed using dynamic reconfiguration to modify the behavior of a software system. The last problem can be addressed using configuration information as a comprehensive framework on which to hang a variety of other information necessary for forensic analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hall, R., Heimbigner, D., Wolf, A.: A Cooperative Approach to Support Software Deployment Using the Software Dock. In: Proc. of the 1999 Int’l Conf. on Software Engineering, ACM (1999) 174–183
Heimbigner, D., Krane, S.: A Graph Transform Model for Configuration Management Environments,. In: Proc. of the Third ACM-SIGSOFT Symposium on Software Development Environments, Boston, Mass. (1988) 216–225
Rutherford, M., Anderson, K., Carzaniga, A., Heimbigner, D., Wolf, A.: Reconfiguration in the Enterprise JavaBean Component Model. In: Proc. of IFIP/ACM Working Conf. on Component Deployment, Berlin, FRG (2002)
van der Hoek, A., Carzaniga, A., Heimbigner, D., Wolf, A.: A Testbed for Configuration Management Policy Programming. IEEE Transactions on Software Engineering 28 (2002) 79–99
van der Hoek, A., Heimbigner, D., Wolf, A.: A Generic, Peer-to-Peer Repository for Distributed Configuration Management. In: Proc. of the 18th Int’l Conf. on Software Engineering, Berlin, FRG, (1996)
Hall, R., Heimbigner, D., Wolf, A.: Evaluating Software Deployment Languages and Schema. In: Proc. of the 1998 Int’l Conf. on Software Maintenance, IEEE Computer Society (1998) 177–185
Knight, J., Heimbigner, D., Wolf, A., Carzaniga, A., Hill, J., Devanbu, P.: The Willow Survivability Architecture. In: Proc. of the Fourth Information Survivability Workshop, Vancouver, B.C. (2002)
Cohen, F.: A Mathematical Structure of Simple Defensive Network Deceptions. Technical report, Fred Cohen and Associates Technical Report (1999) http://all.net/journal/deception/mathdeception/mathdeception.html .
Cohen, F., D. Lambert, Preston, C., Berry, N., Stewart, C., Thomas, E.: A Framework for Deception. Technical report, Fred Cohen and Associates Technical Report (2001) http://all.net/journal/deception/Framework/Framework.html .
Farmer, D., Venema, W.: Coroner’s Toolkit Web Page. (1999) http://www.fish.com/tct .
van der Hoek, A.: Configurable Software Architecture in Support of Configuration Management and Software Deployment. In: Proc. of the ICSE99 Doctoral Workshop, Los Angeles, California (1999)
Ko, C., Brutch, P., Rowe, J., Tsafnat, G., Levitt, K.: System Health and Intrusion Monitoring Using a Hierarchy of Constraints. In: Proc. Recent Advances in Intrusion Detection. (2001) 190–203
Anderson, K., Sherba, S., Lepthien, W.: Towards Large-Scale Information Integration. In: Proc. of the 24th Int’l Conf. on Software Engineering, Orlando, Florida (2002) 524–535
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Heimbigner, D. (2003). Applications of Configuration Information to Security. In: Westfechtel, B., van der Hoek, A. (eds) Software Configuration Management. SCM SCM 2001 2003. Lecture Notes in Computer Science, vol 2649. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39195-9_19
Download citation
DOI: https://doi.org/10.1007/3-540-39195-9_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14036-8
Online ISBN: 978-3-540-39195-1
eBook Packages: Springer Book Archive