SECURITY CONTROL FOR COTS COMPONENTS

Using COTS components poses serious threats to system security. The au thors analyze the risks and describe how their sandbox method can conf ine the damage potential of COTS components. The sandbox model was ori ginally developed for fault tolerance. Rather than eliminating actual failures, it pro vides a restricted environment to confine application behavior. The approach confines the damage caused if an application a ccidentally or maliciously misbehaves. The authors' sandbox method dif fers from Java's, in that it is built with OS support rather than with support from a particular language. In this article, they describe th e Sendmail version of their sandbox method. Their approach requires B- level security features not found on most conventional OSs. Typically developed for government or military use, B-level-certified OSs have m ore sophisticated security features. The authors explain that their me thod does not eliminate security problems but rather mitigates the dam age caused by compromised applications and thus prevents most common s ecurity breaches. Untrusted COTS components can thus be safely plugged into a system without major reengineering, provided there is a suitab le security platform.