1. Notations/ Diagrams Used
Diagrams used
in the article are mainly based on the examples elaborated. The authors used a
lot of examples in order to let the readers to have clearer idea on this SMS. Besides,
they also elaborate the issue level by level (root to leaves). They firstly
give the rough idea on vulnerabilities of application security. Then bring out
the issue of the current practices for preventing of exploitation of
application vulnerabilities. After that, as a main topic, SMS is elaborated in
the aspects of detecting exploits, preventing damage and detecting accuracy.
After the “tree” is drawn, they start
to go further. In order to aid this, they give illustration through giving
simple and clear examples.
2. Aspects in Software
Engineering
SMS includes an event-specification language, called
ASL (Abstract Specification Language). It also uses C++ as the interface
between the specification environment and the runtime environment, decoupling
the two major components of the prototype.
3. Results &
Relevance to the immediate Future
Security
products incorporating system-call interception technology could be marketed as
either development environments or runtime environments. The runtime environments
would include the basic system-call interception mechanism and a growing set of
predefined behavioral specifications for standard applications. The development
plus tools are necessary to allow end-user development of behavioral
specifications. Most end-users would purchase only the runtime environment and
use the supplied defenses. End users with custom security requirements would
purchase the development environment and employ skilled programmers to develop
their own defenses. Therefore, at the same time to solve the problems of
labor-intensive and expensive application reverse engineering, the SMS approach
does empower end users to take security matters into their own hands by
securing themselves.