Self-Protection from Malicious Software Engineer Intrusion
While many organizations institute mandatory code reviews for development of systems and use stringent configuration processes for control of changes of systems, several insiders such as malicious software engineers are able to inject malicious code into the systems. Though the review of all the program code in a system can detect malicious code, it is not cost-effective in practice. Ineffective change control processes contribute to insider's ability to insert malicious code to the systems as well. This research describes an approach to providing internal intrusion protection from malicious software engineers once the intrusion has been detected by the software system. Security-relevant objects in components should get approval every time before their operations execute. When an intrusion is detected in a system, sensitive information in security-relevant objects is not changed or released through the approached proposed in this research. This research also analyzes the performance overhead of the proposed approach. The ATM system is used for a case study.