Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. The goal of the APOD project was to give software applications an increased resistance against malicious attack even when they run in an environment that is not completely secured. We call any such application "defense enabled". Note that defense enabling is less ambitious than building a secure system: rather than protect the entire system, defense enabling concentrates on the survival and integrity of essential applications, possibly sacrificing other parts of the system to the attacker. Defense enabling also gives priority to some security properties over others: we are much more concerned with defending the integrity of an application's data than its confidentiality. Defense enabling is representative of a relatively recent trend in computer security, often called survivability or 3rd generation security. Several factors distinguish the APOD approach to survivability from others. First, dynamic adaption is a key theme of our approach. Intrusions cause changes in the system, and a survivable system much cope with these changes. As a consequence, defense enabled applications must be very agile and will make use of the flexibility possible in today's dynamic, networked environments. Second, a defense enabled application has a defense strategy that is typically application and mission specific. Such strategies complement and go beyond traditional approaches to security in which protection mechanisms are typically not aware of the applications they aim to protect. Third, defense enabling builds the defense in middleware, intermediate between the application and the networks and operating systems on which the application runs. Defense strategies implemented in middleware can be reused relatively easily in the context of other applications because they are only loosely coupled to the application.
NUMBER OF PAGES
89
SUBJECT TERMS
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.