Military and other software systems often face the need to accept untrusted software components into the system. The proposed research will enable secure integration of untrusted software components by (1) isolating these components using application-level (per-process) virtualization; (2) assisting the customer in constructing a security policy tailored to each untrusted component; (3) enforcing that security policy in the field using the virtualization technology; and (4) detecting, where possible, likely sources of security policy violation prior to deployment of the software so that vulnerabilities and malware can be detected early. The security policies will be specified with an interactive tool and will focus on the locations (both local disk and network locations) to which the untrusted component is allowed communication privileges.
Benefit: Military and other uses of the product will be able to accept untrusted software components into trusted systems and tailor security policies specifically to those software components. Violations of the security policies will be detected and prevented.
Keywords: Virtual Machine, Computer Security, Process Virtualization, Least Privilege.