Abstract
The use of Commercial Off-The-Shelf (COTS) software products as components of large-scale systems has become more and more pervasive. One of the interesting questions that has arisen is “Can you build secure applications using insecure components?” We have been investigating ways to protect data that is shared between two or more independent, insecure applications. Our initial attempts to accomplish secure data storage and transfer have been directed toward building data encryption tools that interact with various COTS products. The goal was to test our theory that security wrappers for COTS products are feasible. This paper describes a security wrapper technology that we have implemented for selected (COTS) software products. The technology focuses on interchangeability for COTS software components, portability for the wrapper, and security for communications between applications via the wrapper. By applying this security wrapper technology, one COTS software component to be wrapped can be replaced by another without significantly modifying the wrapper; the wrapper can work with a variety of operating systems; and data can be encrypted and stored temporarily or permanently.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Tran, Tam: Interoperability and Security Support for Heterogeneous COTS. Master’s thesis, United States Naval Postgraduate School Monterey Ca, (2000).
Badger, L, Feldman. M., Ko, C.: Secure Execution Environments, Generic Software Wrappers-DARPA/ITO Project Summary. September (2000), http://www.pgp.com/research/nailabs/secure-execution/wrappers-darpa.asp.
Mitchum, Terrence: Hypervisors for Security and Robustness. Secure Computing Corp Roseville Mn, (1999).
Meeson, Reginald: Analysis of Secure Wrapping Technologies. Institute for Defense Analyses Alexandria Va, (1997).
Dean, J.C.: SecurityWrapper Technology for COTS Software Products. 13th Annual Software Technology Conference, Salt Lake City, Utah, May (2001).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dean, J.C., Li, L. (2002). Issues in Developing Security Wrapper Technology for COTS Software Products. In: Dean, J., Gravel, A. (eds) COTS-Based Software Systems. ICCBSS 2002. Lecture Notes in Computer Science, vol 2255. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45588-4_8
Download citation
DOI: https://doi.org/10.1007/3-540-45588-4_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43100-8
Online ISBN: 978-3-540-45588-2
eBook Packages: Springer Book Archive