Browse Prior Art Database

FORTRESS: Fortified System Security Process

IP.com Disclosure Number: IPCOM000021277D
Original Publication Date: 2004-Jan-09
Included in the Prior Art Database: 2004-Jan-09
Document File: 2 page(s) / 9K

Publishing Venue

IBM

Abstract

This is a novel process to test, identify & correct these system security exposures for the entire system configuration. Typically this may encompass all the integrated software components such as the Operating Systems, middleware, communication support, databases, application software, etc.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

FORTRESS: Fortified System Security Process

Disclosed is a security enhancement process that consists of engaging and challenging worldwide technical resources to identify system security weaknesses. These resources may include highly skilled professionals, computer hackers, academia, and other amateur or freelance programmers. Besides the technical challenge and publicity associated with breaking into a secure system, the process would also offer a significant monetary or equivalent reward. Once the current security breach has been identified and corrected, the process restarts with an increased reward posted.

One or more typical system configurations are made accessible to the general public via the Internet. The system is secured such that access to restricted areas is fully protected. Once the intruder gains access to the secure system areas, he can share his approach and then claim the reward and associated success. The rules of the contest would be publicly available on the system.

The process would be most effective early in the release of a system product or Operating System. For example, this would be an ideal time to implement this process for a Linux based system platform.

The process consists of one or more independent system setups and maintained by an administrating agency. This agency could be a private corporation such as IBM, one or more academic institutions, a professional institutions such as IEEE, or a consortium of world wide enterprises. The system and associated process would consist of and support the following features:

The agency would provide test system (typical high-end configuration). The agency would also administer contest rules, rewards & prizes Costs could be shared by other partners and software providers (OS, Linux, Feds., Finan...