1. “A Map of Security Risks Associated with Using COTS” Ulf Lindqvist, Erland Jonssson IEEE Computer, June 1998 “Combining Internet connectivity and COTS-based systems results in increased threats from both internal and external sources.”

2. Outline of Presentation Definition of COTS software components Outline of security issues in COTS components Analysis of risks in COTS products Controlled intrusion experiment A risk management approach

3. COTS = Commercial Off-The-Shelf Products Use of customer-specific solutions is dwindling –COTS usage is typically cheaper and less time- consuming –Less prone to error “More and more members of the security community realize the impracticability and insufficiency of risk avoidance as the sole doctrine.”

4. Security Issues in COTS Components “Any type of COTS component might have an impact on the overall system security…” Not all COTS products are designed with adequate focus on security What level of security can be obtained when using combinations of COTS products? –Difficult to make overall system security independent of behaviour of individual components. Security often enforced directly and indirectly by using COTS components –Operating systems are one of the more widespread COTS products and exhibit different levels of security functionality.

5. Main Risks With COTS Usage Component Design –COTS component may be inadvertently or intentionally flawed, either through bugs or intentional security flaws such as backdoors. Component Procurement and Integration –Security requirement of customer may not correspond with that of the component, and often the security level “must be set to the lowest common denominator to make the products work together.” Internet Connection of System –Provides communication path to system for potential attackers that would not otherwise be available. –Intrusion tools and information readily available for potential attackers. System Use –Insufficient user understanding of security limitations of system and subsequent use of system in a unintended manner.

6. Controlled Intrusion Experiment Experiments carried out using “ordinary” students granted with user accounts –Insider threat monitored –Performed on SunOS 4.x and Novel NetWare systems Results of experiment: –“Almost all attackers performed successful intrusions” –Several severe intrusions performed, granting users administration privileges –Known vulnerabilities exploited without technical expertise

7. Risk Management Approach Confinement of Untrusted Components –Desirable for COTS products –Difficult to determine level of resources required for component to function Flaw Remediation –“A system owner should strive to remove all known vulnerabilities in a system as soon as they are discovered.” –Particularly important with COTS components, as exploit scripts are readily available for known vulnerabilities

8. Question The article states that more and more members of the security community realise that insufficiency of risk avoidance as the sole doctrine. Especially with respect to COTS components, why is this the case?