{"title":"针对攻击场景规范的抽象状态机语言的扩展","authors":"M. Raihan, Mohammad Zulkernine","doi":"10.1109/ARES.2007.45","DOIUrl":null,"url":null,"abstract":"Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification\",\"authors\":\"M. Raihan, Mohammad Zulkernine\",\"doi\":\"10.1109/ARES.2007.45\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.45\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification
Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
