Component-Based Malicious Software Engineer Intrusion Detection

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI:10.1109/SSIRI.2011.33

M. Shin, Snehadeep Sethia, N. Patel

{"title":"Component-Based Malicious Software Engineer Intrusion Detection","authors":"M. Shin, Snehadeep Sethia, N. Patel","doi":"10.1109/SSIRI.2011.33","DOIUrl":null,"url":null,"abstract":"These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised. This paper describes an approach to detecting malicious code created by malicious software engineers in components. This paper is an extension to our previous work detecting malicious code attacking security-sensitive information within a component. In particular, this paper focuses on detecting malicious code in a component that intrudes security-sensitive information in different components in an application. For this, an application system monitor(s) is designed to detect intrusion between components using the business process encapsulated in the monitor(s). The proposed approach is applied to the ATM system and B2B electronic commerce system to evaluate the performance.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised. This paper describes an approach to detecting malicious code created by malicious software engineers in components. This paper is an extension to our previous work detecting malicious code attacking security-sensitive information within a component. In particular, this paper focuses on detecting malicious code in a component that intrudes security-sensitive information in different components in an application. For this, an application system monitor(s) is designed to detect intrusion between components using the business process encapsulated in the monitor(s). The proposed approach is applied to the ATM system and B2B electronic commerce system to evaluate the performance.

查看原文本刊更多论文

基于组件的恶意软件工程入侵检测

如今，对安全敏感的业务应用程序系统由多个软件工程师开发和维护，其中一些可能是不道德的或恶意的。不道德的软件工程师可以在系统中插入恶意代码或恶意更改系统中的现有代码以获取个人利益。因此，业务应用程序系统的安全性可能会受到损害。本文描述了一种检测恶意软件工程师在组件中编写的恶意代码的方法。本文是我们之前工作的扩展，检测攻击组件中安全敏感信息的恶意代码。特别地，本文着重于检测一个组件中的恶意代码，这些恶意代码侵入了应用程序中不同组件中的安全敏感信息。为此，应用程序系统监视器被设计为使用封装在监视器中的业务流程检测组件之间的入侵。将该方法应用于ATM系统和B2B电子商务系统的性能评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

自引率

0.00%

发文量