Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: New Option of Software and Cyber Security - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Option of Software and Cyber Security
Many systems are deployed with C-based system software, for example Unix or Linux. In many ways, this technology is more than 40 years old and lacks modern features that improve productivity and cyber security. For example, many interfaces within C-based systems include memory addresses, due in part to the relatively weak typing of the C programming language.

The corruption of memory (aka buffer overflow) is one of the most prevalent methods of cyber attack. Therefore, significant potential for vulnerability to these types of attack is included by definition in many systems. Locke Labs suggests avoiding these risks by developing and utilizing new software technology.

The long-term objective of the suggestion is the implementation of an execution environment that is more cyber secure than current alternatives. The execution environment would host system software and applications.

The concept is based on implementing the equivalent of all traditional system software layers (bootloader, kernel, OS, device drivers, and Java Virtual Machine [JVM]) of a system in Java.

The assertion is that a pure Java system would be more secure than any other current options, and provides better features for modularity and reuse in the development of innovative architectures.

If you are interested in this concept please see the Kickstarter campaign at https://www.kickstarter.com/projects/934363194/sparkware-new-tools-for-stem-cyber-makers-and-java?token=63975dd1
Jeff

1 Posts

Sign Up for Free or Log In to start participating in the conversation!