Applying the Layered Decision Model to the Design of Language-Based Security Systems

Abstract

Safeguarding practices for networked systems involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defense strategies, and implementation of real-time defense tactics. These practices also apply to the language-based defense mechanism for a software system, which is a subset of a networked security system. Although much research has been conducted to develop language-based defense mechanisms to improve the security of software systems, the most comprehensive requirement is still the enforcement of security policies through the end-to-end control mechanism. However, the security enforcement cannot be easily achieved without a comprehensive decision model that integrates decisions about security policies, cost-effective defense strategies, and real-time defense tactics into a single, efficient framework to guide security experts in designing, developing and deploying language-based defense mechanisms in a software system. To address these problems this paper first reviews progress in language-based security defense and the layered decision modeling (LDM) technique. It then explores how to apply the LDM in the design of cost-effective language-based defense mechanisms for software systems through a sample analysis.