Security

Vol. 5 No. 1 – February 2007

Security

Articles

One Step Ahead

Every day IT departments are involved in an ongoing struggle against hackers trying to break into corporate networks. A break-in can carry a hefty price: loss of valuable information, tarnishing of the corporate image and brand, service interruption, and hundreds of resource hours of recovery time. Unlike other aspects of information technology, security is adversarial; it pits IT departments against hackers.

by Vlad Gorelik

Open vs. Closed: Which Source is More Secure?

There is no better way to start an argument among a group of developers than proclaiming Operating System A to be "more secure" than Operating System B. I know this from first-hand experience, as previous papers I have published on this topic have led to reams of heated e-mails directed at me including some that were, quite literally, physically threatening. Despite the heat (not light!) generated from attempting to investigate the relative security of different software projects, investigate we must.

by Richard Ford

Realtime Garbage Collection

Traditional computer science deals with the computation of correct results. Realtime systems interact with the physical world, so they have a second correctness criterion: they have to compute the correct result within a bounded amount of time. Simply building functionally correct software is hard enough. When timing is added to the requirements, the cost and complexity of building the software increase enormously.

by David F. Bacon

Intellectual Property and Software Piracy: The Power of IP Protection and Software Licensing, an interview with Aladdin vice president Gregg Gronowski

Intellectual Property (IP) - which ranges from ideas, inventions, technologies, and patented, trademarked or copyrighted work and products - can account for as much as 80% of a software company's total market value. Since IP is considered a financial asset in today's business climate, the threats to IP create a real concern. In an interview with ACM Queuecast host Michael Vizard, Aladdin vice president Gregg Gronowski explains how Software Digital Rights Management solutions are the de-facto standard today for protecting software IP, preventing software piracy, and enabling software licensing and compliance.

Interviews

A Conversation with Jamie Butler

Rootkitting out all evil Rootkit technology hit center stage in 2005 when analysts discovered that Sony BMG surreptitiously installed a rootkit as part of its DRM (digital rights management) solution. Although that debacle increased general awareness of rootkits, the technology remains the scourge of the software industry through its ability to hide processes and files from detection by system analysis and anti-malware tools.

Custom Processing

Today general-purpose processors from Intel and AMD dominate the landscape, but advances in processor designs such as the cell processor architecture overseen by IBM chief scientist Peter Hofstee promise to bring the costs of specialized system on a chip platforms in line with cost associated with general purpose computing platforms, and that just may change the art of system design forever.

Reporting for Duty

All too often the reporting tools that developers select for their applications are a little more than an afterthought. In this Premium ACM Queuecast, Vice President of Product Management for Actuate, Paul Clenahan, explains why it's in the interest of developer to select richer sets of reporting tools and how these tools more readily accessible though the Eclipse Foundation's BIRT project, spearheaded by Actuate.

Five Steps to a Better Vista Installation - Transcript

Unravel the mysteries and learn the best practices associated with mastering the new application installation routines for Vista applications. In this Premium Queuecast hosted by Michael Vizard, Bob Corrigan, senior manager for global product marketing at Macrovision, and Robert Dickau, principal trainer, reveal the five most crucial things you need to know about Vista application installations.

Software Operations' Profit Potential

Today's software producer faces many challenges in building and keeping a satisfied customer base. In this ACM Premium Queuecast, Macrovision FLEXnet Publisher Product Manager Mitesh Pancholy discusses how companies can solve their license management challenges and turn their software operations into a profit center.

The Silent Security Epidemic

Although the industry is generally getting better with dealing with routine types of security attacks, developers are today being challenged by more complex attacks that not only flow below the radar, but also specifically target certain types of applications. In this Queuecast edition, Ryan Sherstobitoff, CTO of Panda Software describes what new types of sophisticated attacks are being created and what proactive steps developers need to take to protect their applications.

The Power of IP Protection and Software Licensing

Intellectual Property (IP) - which ranges from ideas, inventions, technologies, and patented, trademarked or copyrighted work and products - can account for as much as 80% of a software company's total market value. Since IP is considered a financial asset in today's business climate, the threats to IP create a real concern. In an interview with ACM Queuecast host Michael Vizard, Aladdin vice president Gregg Gronowski explains how Software Digital Rights Management solutions are the de-facto standard today for protecting software IP, preventing software piracy, and enabling software licensing and compliance.

A Behavioral Approach to Security

The CTO of Finjan, Yuval Ben-Itzhak, makes a strong case for a new approach to security that relies more on analyzing the behavior of suspicious code than signatures that have to developed after the attacks have already started.

Curmudgeon

DOA with SOA

Adopting this architectural style is no cure-all.

by Alex Bell

Kode Vicious

A License to Kode

Dear KV, I'm in the QA group for a medium-size startup in Silicon Valley, and one of our VPs sits on the board of a company that makes code-scanning software--you know, the stuff that spits out warnings about all the bad things you can do in C and C++. We've definitely found our share of buffer overflows and other problems in our code, but this stuff is expensive, more than $5,000 a seat and I'm just not sure its worth it. What do you think of these tools?

by George Neville-Neil