The objective of this proposal is to demonstrate the feasibility of a novel approach to software security based on a new software architecture. Traditional security models rely on a weak chain of logical assumptions for security. If one of those assumptions is broken, whether due to operator error, carelessness, hardware or software changes, or hardware failures, the entire security model collapses. The proposed software architecture is based on a component model to provide a wide range of coverage of possible intrusion points in a simple and uniform manner and to allow the isolation of individual code modules. This architecture uses redundant security measures to reduce both the likelihood and impact of a security breach, particularly under sabotage, errors, or other unfavorable circumstances. Code modules in the proposed architecture are isolated from each other so that all communications occur through a message passing system. Isolating the modules in this manner provides stability, modularity, and allows fine-grain control over security since security modules can monitor all interactions between components. Multiple security modules can be used to provide redundant monitoring in case of security intrusions. Anticipated Benefits/Commercial Applications: The proposed software architecture is designed with redundant security measures on each point of possible intrusion, so that if a hardware failure, software modification, bug, or other unforeseen circumstance occurs that may allow an intruder to circumvent the standard security model, the redundant security measures will resist the intruder. This makes computer systems much more secure and resilient to attacks, since a system can be secure even in unfavorable conditions or if some bug or security hole is overlooked. The fault-tolerance and security benefits of the proposed architecture could save companies which rely on their network servers millions of dollars per year. In June of 1999, the popular online auction company eBay lost more than $5 million in revenues due to a single failure of their servers. As a result, their stock price fell more than 25% in just five days. There is clearly a need for a more robust security architecture.
Keywords: security, fault-tolerance, component, cyberterrorism, survivability, redundancy, software
