15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

SAM: Security Adaptation Manager

Heather Hinton, hhinton@ee.ryerson.ca, Ryerson Polytechnic Univ., Canada
Crispin Cowan, WireX Communications, USA
Lois Delcambre & Shawn Bowers, Oregon Graduate Institute, USA

In the trade-offs between security and performance, it seems that security is always the loser. If we allow for adaptive security, we can at least ensure that security and performance are treated somewhat equally. Using adaptive security, we can allow a system to exist in a less secure, more performant state until it comes under attack. We the adapt the system to a more secure, less performant implementation. In this paper, we introduce the Security Adaptation Manager, or SAM. We describe SAM and how we have implemented SAM to take advantage of the different protection strengths offered by the StackGuard compiler. Using SAM to provide StackGuard-based adaptive security provides a form of misuse-based intrusion detection, capable of detecting known and novel attacks.