This work supported in part by DARPA contracts F30602-96-1-0331 and N66001-00-C-8032.
Proceedings of the 23rd National Information Systems Security Conference
Adaptive computing systems, Computer networks -- Security measures, Computer security
It has long been known that security is easiest to achieve when it is designed in from the start. Unfortunately, it has also become evident that systems built with security as a priority are rarely selected for wide spread deployment, because most consumers choose features, convenience, and performance over security. Thus security officers are often denied the option of choosing a truly secure solution, and instead must choose among a variety of post hoc security adaptations. We classify security enhancing methods, and compare and contrast these methods in terms of their effectiveness vs. cost of deployment. Our analysis provides practitioners with a guide for when to develop and deploy various kinds of post hoc security adaptations.
"The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques", Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan Walpole, In Proceedings of the 23rd National Information Systems Security Conference, Baltimore, MD, October 16-19, 2000.