Securing Network Connected Applications with Proposed Security Models

Abstract: In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies. An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.