Software architectures that are centered on security historically contain layers to implement security controls, with the layered structure tending towards a series of rings. John Warden devised a five-ring model to assess enemy systems for strategic warfare attacks. We propose applying this same model to the domain of software in order to create a security-centric ring-based software architecture. This architecture would provide a foundation for software systems that would be highly resistant to malicious software.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Neumann, P. 2000. Practical Architectures for Survivable Systems and Networks. SRI International Computer Science Laboratory, Menlo Park, CA. www.csl.sri.com/users/neumann. Accessed on 3 Sep 2006.
	2	Gemini. 2000. Gemini Strong Access Control Solutions. Slide presentation by Gemini Computers, Inc. www.geminisecure.com.Accessed on 3 Sep 2006.
	3	R. Schell, Information Security: Science, Pseudoscience, and Flying Pigs, Proceedings of the 17th Annual Computer Security Applications Conference, p.205, December 10-14, 2001
	4	Nguyen, T. and T. Levin. 2003. Policy Enforced Remote Login, NPS Technical Report NPS-CS-03-004. Computer Science Department, U.S. Naval Postgraduate School (Feb), Monterey, CA.
	5	Mary Shaw , Paul C. Clements, A Field Guide to Boxology: Preliminary Classification of Architectural Styles for Software Systems, Proceedings of the 21st International Computer Software and Applications Conference, p.6-13, August 11-15, 1997
	6	Bachmann, F.; L. Bass; J. Carriere; P. Clements; D. Garlan; J. Ivers; R. Nord; and R. Little. 2000. Software Architecture Documentation in Practice: Documenting Architectural Layers, Special Report CMU/SEI-2000-SR-004. Software Engineering Institute, Carnegie-Mellon University, Pittsburgh, PA. (Mar.).
	7	Fernandez, E. 2003. Unit 8 - Effect of the Hardware on Security. Instructor Notes from CIS 6370 Computer Data Security; www.cse.fau.edn/~ed. Accessed on 3 Sep 2006.
	8	Fernandez, E. 2002. Patterns for Operating Systems Access Control. In Proceedings of the 2002 Conference on Pattern Languages of Programs (Monticello, IL, Sep 8--12). http://www.hillside.net. Accessed on 3 Sep 2006.
	9	Warden, J. 1995. The Enemy As A System. Airpower Journal. Spring 1995. http://www.airpower.maxwell.af.mil. Accessed on 3 Sep 2006.
	10	Andrew S. Tanenbaum, Computer Networks, Prentice Hall PTR, Upper Saddle River, NJ, 1985
	11	Kopp, C. 1993. A Doctrine for the Use of ElectroMagnetic Pulse Bombs (Revised Draft of RAAF APSC Working Paper #15, July, 1993). Royal Australian Air Force Air Power Studies Centre. Canberra, Australia.
	12	Premkumar T. Devanbu , Stuart Stubblebine, Software engineering for security: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.227-239, June 04-11, 2000, Limerick, Ireland  [doi>10.1145/336512.336559]
	13	Patrick Schaumont , Ingrid Verbauwhede, Domain-Specific Codesign for Embedded Security, Computer, v.36 n.4, p.68-74, April 2003  [doi>10.1109/MC.2003.1193231]
	14	Sotiris Ioannidis , Steven M. Bellovin , Jonathan M. Smith, Sub-operating systems: a new approach to application security, Proceedings of the 10th workshop on ACM SIGOPS European workshop, July 01-01, 2002, Saint-Emilion, France  [doi>10.1145/1133373.1133394]