The main goal of the B4 Security and Integrity Project is to prevent attacks against software components that are part to the CCC system. It does so by establishing security protection contracts (SPCs) for each software component and then monitoring their execution. Violation of an SPC triggers the security system to take action.The security framework we developed comprises three stages: (a) establishment of security policy, (b) monitoring - enforcement of policy, and (c) detection, response, recovery in the event of security violations.In the first stage, the components submit their security policies and negotiate with the CCC system security contracts. This is part of the contracting mechanisms developed in project B2. In stage 2, the contracts have been agreed, the software component has been admitted into the system, and execution begins with the security system making sure that the SPCs are enforced. We only enter the third stage if a security violation occurs. In this case the system selects the best available response to the violation. The response may be non-discretionary, or it may be negotiated as part of the contracting stage.SPCs describe two aspects of each software component: (a) its behavior, and (b) the communications requirements of that component. In Phase 1 of CCC, we used library call invocation as the means to monitor the state of the executing task, while in Phase 2 we intend to employ more sophisticated mechanisms such as call flow integrity. In addition, we intend to use voluntary statements of intent (by the component itself) and statistical methods, which we developed earlier, to determine the level of scrutiny for specific code segments.Given the distributed CCC environment envisioned for the second phase of this project, we intend to address the issues of secure communication between distinct CCC peers. This will be achieved through the development of contract-based mechanisms to ensure the trustworthiness of communication end-points, the efficiency and security of communication links and the protection of internal services from unauthorized communications.Thus, in the second phase of CCC, the B4 project will expand on the phase 1 work on the security aspects of the contracts negotiated by the B2 project opening the way for additional mechanisms for the control of the execution of programs. In phase 2, the execution policy enforcement will be integrated in the RTE developed by A1, and the C2 project will be used for the evaluation of the effectiveness and applicability of the policy mechanisms. In addition, the distributed scenario will be investigated in cooperation with the A2 and A3 projects and in particular the adaptation and application to the area of external communications of the security architecture developed in phase 1 for the internal communications of the CCC platform. The concepts developed will be evaluated in cooperation with project C1 that relies on a distributed communications environment.

DFG Programme Research Units

Subproject of FOR 1800:  Controlling Concurrent Change (CCC)