Abstract
There are many current classifications and taxonomies relating to computer security. One missing classification is the Trustworthiness of Information being received by the security system, which we define. This new classification along with Timeliness of Detection and Security level of the Security System present motivation for hardware-based security solutions. Including hardware is not an automatic solution to the limitations of software solutions. Advantages are only gained from hardware through design that ensures at least First-hand Information, dedicated monitors, explicit hardware communication, dedicated storage, and dedicated security processors.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digital Investigation 1 (2004)
Özdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A.: Smashguard: A hardware solution to prevent security attacks on the function return address. IEEE Transactions on Computers 55 (2006)
Gordon-Ross, A., Vahid, F.: Frequent loop detection using efficient non-intrusive on-chip hardware. In: CASES 2003: Proceedings of the 2003 international conference on Compilers, architecture and synthesis for embedded systems (2003)
Molina, J., Arbaugh, W.: Using independent auditors as instrusion detection systems. In: Information and Communications Security: 4th International Conference (December 2003)
Mott, S.: Exploring hardware-based primitives to enhance parallel security monitoring in a novel computing architecture. Master’s thesis, Air Force Institute of Technology (March 2007)
Petroni, N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot-a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th USENIX Security Symposium, pp. 179–194 (2004)
Williams, P.D., Spafford, E.H.: Cupids: An exploration of highly focused, co-processor-based information system protection. Computer Networks, 51 (April 2007)
Song, H., Lockwood, J.W.: Efficient packet classification for network intrusion detection using FPGA. In: FPGA 2005: Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays (2005)
Yi, S., koo Kim, B., Oh, J., Jang, J., Kesidis, G., Das, C.R.: Memory-efficient content filtering hardware for high-speed intrusion detection systems. In: SAC 2007: Proceedings of the 2007 ACM symposium on Applied computing (2007)
Gonzalez, J.M., Paxson, V., Weaver, N.: Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security (2007)
Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: FCCM 2002: 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, vol. 00 (2002)
Hart, S.: APHID: Anomoly processor in hardware for intrusion detection. Master’s thesis, Air Force Institute of Technology (March 2007)
Bu, L., Chandy, J.A.: FPGA based network intrusion detection using content addressable memories. In: Proceedings - 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2004, CA 90720-1314, United States, April 2004, IEEE Computer Society, Los Alamitos (2004)
Bazaz, A., Arthur, J.D.: Towards a taxonomy of vulnerabilities. In: Hawaii International Conference on System Sciences (2007)
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical report, Chalmers University of Technology (March 2000)
Williams, P.D.: CuPIDS: Increasing Information System Security Through The Use of Dedicated Co-Processing. PhD thesis, Purdue University (August 2005)
Kuperman, B.A.: A Categorization of Computer Security Monitoring Systems and the Impact on the Design of Audit Sources. PhD thesis, Purdue University (2004)
Stakhanova, N., Basu, S., Wong, J.: A taxonomy of intrusion response systems. Technical Report 06-05, Department of Computer Science, Iowa State University (2006)
Lee, R.B., Karig, D.K., McGreggor, J.P., Shi, Z.: Enlisting hardware architecture to thwart malicious code injection. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 237–252. Springer, Heidelberg (2004)
Rutkowska, J.: Beyond the CPU: Defeating hardware based RAM acquisition (February 2007), http://invisiblethings.org/papers.html
Rootkit, F.U.: http://www.rootkit.com/project.php?id=12
Levine, J., Grizzard, J.O.H.: A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table. In: Information Assurance Workshop, 2004. Proceedings. Second IEEE International, April 2004, pp. 107–125 (2004)
Tummala, A.K., Patel, P.: Distributed ids using reconfigurable hardware. In: 21st International Parallel and Distributed Processing Symposium, IPDPS 2007. Institute of Electrical and Electronics Engineers Computer Society, Piscataway, NJ 08855-1331, United States (March 2007)
Mott, S., Hart, S., Montminy, D., Williams, P., Baldwin, R.: A hardware-based architecture to support flexible real-time parallel intrusion detection. In: Proc. 2007 IEEE International Conference on System of Systems Engineering (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Judge, M., Williams, P., Kim, Y., Mullins, B. (2008). Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds) Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. WISTP 2008. Lecture Notes in Computer Science, vol 5019. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79966-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-79966-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79965-8
Online ISBN: 978-3-540-79966-5
eBook Packages: Computer ScienceComputer Science (R0)