Authors : Sheila Anand and V.Ramachandran
Abstract: The objective of this paper is to propose an integrated security monitor model for protecting business software applications. Security monitors have been designed to directly integrate with the applications and protect them from malicious activities by monitoring all user access to the application resources. Rule-base approach has been used to define permissible actions of users. User requests are analyzed before being processed by the application and the application response to the user requests are also analyzed to block access to unauthorized information. Knowledge of application characteristics enables such monitors to be specifically tailored to protect against misuse of application resources. User activities and usage of application resources have been logged for future analysis. Security offered is two-fold; protection from external intruders and protection from internal intruders being legitimate users who misuse their access privileges to gain unauthorized access to confidential information. The proposed model is a general one and can be implemented for any application. The model has been successfully tested with Email and File Transfer applications.
Sheila Anand and V.Ramachandran , 2004. Integrated Security Monitor Model for Enhancing Application Security . Asian Journal of Information Technology, 3: 1152-1158.