When the Software Goes Beyond its Requirements -- A Software Security Perspective

Abstract

Evidences from current events have shown that, in addition to virus and hacker attacks, many software systems have been embedded with "agents" that pose security threats such as allowing someone to "invade" into computers with such software installed. This will eventually grow into a more serious problem when Cluster and Cloud Computing becomes popular. As this is an area that few have been exploring, we discuss in this paper the issue of software security breaches resulting from embedded sleeping agents. We also investigate some patterns of embedded sleeping agents utilized in software industry. In addition, we review these patterns and propose a security model that identifies different scenarios. This security model will provide a foundation for further study on how to detect and prevent such patterns from becoming security breaches.