Functional Programming Way to Interact with Software Attacks and Vulnerabilities

Abstract

This paper proposes using functional programming style in a way to respond to detection of and interaction with the software attacks and vulnerabilities. Additionally, our approach considers involving Description Logics, as a basis for the use of the Semantic Web and meta-programming to produce executable ontologies and to enable semantic reasoning over behavior and interaction with software attacks and vulnerabilities. Accordingly, we introduce Magic Potion, a recently defined Domain Specific meta-Language that uses Modeling Spaces framework to study heterogeneous modeling and meta-modeling problems inspired by Model Driven Architecture. As an example of formalism for modeling software attacks and vulnerabilities, we explore Attack Tree, which provides a formal methodology for analyzing the security of the system. Based on Attack Tree, which is herein specified for a particular problem of dealing with known attacks and vulnerabilities of the security layer of the Wireless Application Protocol, and which is particularly built on top of Magic Potion specification, we define our specific Domain Specific Language that we call Attack Tree Domain Specific Language. It is envisioned as a tool for modeling and interacting with software attacks and vulnerabilities.