功能交互:来自软件系统内部的安全威胁

... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing Pub Date : 2008-03-01 DOI:10.2201/NIIPI.2008.5.8

A. Nhlabatsi, R. Laney, B. Nuseibeh

{"title":"功能交互:来自软件系统内部的安全威胁","authors":"A. Nhlabatsi, R. Laney, B. Nuseibeh","doi":"10.2201/NIIPI.2008.5.8","DOIUrl":null,"url":null,"abstract":"Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thi sp aper, we discuss the feature interaction problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.","PeriodicalId":91638,"journal":{"name":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","volume":"47 1","pages":"75"},"PeriodicalIF":0.0000,"publicationDate":"2008-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":"{\"title\":\"Feature interaction: the security threat from within software systems\",\"authors\":\"A. Nhlabatsi, R. Laney, B. Nuseibeh\",\"doi\":\"10.2201/NIIPI.2008.5.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thi sp aper, we discuss the feature interaction problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.\",\"PeriodicalId\":91638,\"journal\":{\"name\":\"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing\",\"volume\":\"47 1\",\"pages\":\"75\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"52\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2201/NIIPI.2008.5.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2201/NIIPI.2008.5.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 52

摘要

安全工程是关于保护资产免受伤害。当特征的组合导致不期望的系统行为时，就会出现特征交互问题。通常，这个问题表现为共享上下文中功能的冲突行为。功能交互可能会违反安全需求，从而产生可能被攻击者利用的安全漏洞。在本文中，我们讨论了功能交互问题及其对安全需求的一些可能含义。本文的结论是:(1)特征交互对违反安全需求的检测与其他类型的需求没有什么不同——不同的是这种违反的影响;(2)特征交互检测方法可以作为漏洞分析的手段。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Feature interaction: the security threat from within software systems

Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thi sp aper, we discuss the feature interaction problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing

自引率

0.00%

发文量