Boutheina Bannour, J. Escobedo, Christophe Gaston, P. L. Gall, Gabriel Pedroza
{"title":"基于场景符号分析的安全弱点检测","authors":"Boutheina Bannour, J. Escobedo, Christophe Gaston, P. L. Gall, Gabriel Pedroza","doi":"10.1109/APSEC.2014.61","DOIUrl":null,"url":null,"abstract":"Remotely-communicating software-based systems are tightly present in modern industrial society and securing their complex architecture is recognized as crucial. In particular, the perspectives to reinforce their security by monitoring are promising. However, monitoring schemes still face challenges as the presence of untrusted components seems unavoidable. Specially, since untrusted components may be placed in unsupervised areas, making them ideal targets for attackers. In this work, we propose a framework intended to support designers during systems conception. The approach mainly relies upon Security Watchdogs committed to detect and signal distrustful activity. A model-based framework is introduced to ease attacks descriptions upon scenarios in the form of UML sequence diagrams. The scenarios endowed with predefined attack patterns are analyzed using models transformations and symbolic techniques. By doing so, the effectiveness of watchdogs is confronted against attacks and the results can be used to reinforce the overall security of the system. The applicability of the proposed method is also shown by means of a Smart Grid case study.","PeriodicalId":380881,"journal":{"name":"2014 21st Asia-Pacific Software Engineering Conference","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Security Weaknesses Detection by Symbolic Analysis of Scenarios\",\"authors\":\"Boutheina Bannour, J. Escobedo, Christophe Gaston, P. L. Gall, Gabriel Pedroza\",\"doi\":\"10.1109/APSEC.2014.61\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Remotely-communicating software-based systems are tightly present in modern industrial society and securing their complex architecture is recognized as crucial. In particular, the perspectives to reinforce their security by monitoring are promising. However, monitoring schemes still face challenges as the presence of untrusted components seems unavoidable. Specially, since untrusted components may be placed in unsupervised areas, making them ideal targets for attackers. In this work, we propose a framework intended to support designers during systems conception. The approach mainly relies upon Security Watchdogs committed to detect and signal distrustful activity. A model-based framework is introduced to ease attacks descriptions upon scenarios in the form of UML sequence diagrams. The scenarios endowed with predefined attack patterns are analyzed using models transformations and symbolic techniques. By doing so, the effectiveness of watchdogs is confronted against attacks and the results can be used to reinforce the overall security of the system. The applicability of the proposed method is also shown by means of a Smart Grid case study.\",\"PeriodicalId\":380881,\"journal\":{\"name\":\"2014 21st Asia-Pacific Software Engineering Conference\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 21st Asia-Pacific Software Engineering Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APSEC.2014.61\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 21st Asia-Pacific Software Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2014.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Weaknesses Detection by Symbolic Analysis of Scenarios
Remotely-communicating software-based systems are tightly present in modern industrial society and securing their complex architecture is recognized as crucial. In particular, the perspectives to reinforce their security by monitoring are promising. However, monitoring schemes still face challenges as the presence of untrusted components seems unavoidable. Specially, since untrusted components may be placed in unsupervised areas, making them ideal targets for attackers. In this work, we propose a framework intended to support designers during systems conception. The approach mainly relies upon Security Watchdogs committed to detect and signal distrustful activity. A model-based framework is introduced to ease attacks descriptions upon scenarios in the form of UML sequence diagrams. The scenarios endowed with predefined attack patterns are analyzed using models transformations and symbolic techniques. By doing so, the effectiveness of watchdogs is confronted against attacks and the results can be used to reinforce the overall security of the system. The applicability of the proposed method is also shown by means of a Smart Grid case study.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
