Attack patterns: A new forensic and design tool

IFIP International Federation for Information Processing

Volumn 242, Issue , 2007, Pages 345-357

  Fernandez, Eduardo ^a   Pelaez, Juan ^b   Larrondo Petrie, Maria ^c  

^a Florida Atlantic University   (United States)

^b U S ARMY RESEARCH LABORATORY   (United States)

^c FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

Attack patterns; Forensics; Secure systems design; VoIP networks

Indexed keywords

DENIAL-OF-SERVICE ATTACK; DESIGN; ELECTRONIC CRIME COUNTERMEASURES; INTERNET TELEPHONY; SYSTEMS ANALYSIS; VOICE/DATA COMMUNICATION SYSTEMS;

ARCHITECTURAL PATTERN; ATTACK PATTERNS; FORENSICS; GENERIC SOLUTIONS; HIGH-QUALITY SOFTWARE; SECURE DESIGNS; SECURE SYSTEM; SECURITY PATTERNS;

QUALITY CONTROL;

EID: 36448967526     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-73742-3_24     Document Type: Conference Paper

References (23)

1. Z. Anwar, W. Yurcik, R. Johnson, M. Hafiz and R. Campbell, Multiple design patterns for VoIP security, Proceedings of the Twenty-Fifth IEEE Conference on Performance, Computing and Communications, 2006.
2. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad and M. Stal, Pattern-Oriented Software Architecture: A System of Patterns, Volume 1 Wiley, Chichester, United Kingdom, 1996.
3. E. Casey, Investigating sophisticated security breaches, Communications of the ACM, vol. 43(2), 48-54, 2006.
4. CERT Coordination Center, Carnegie Mellon University, Pittsburgh, Pennsylvania (www.cert.org).
5. M. Collier, The value of VoIP security (www.cconvergence.com/ showArticle.jhtml?articleID=22103933), 2004.
6. E. Fernandez and A. Kumar, A security pattern for rule-based intrusion detection, Proceedings of the Nordic Conference on Pattern Languages of Programs, 2005.
7. E. Fernandez, M. Larrondo-Petrie, T. Sorgente and M. VanHilst, A methodology to develop secure systems using patterns, in Integrating Security and Software Engineering: Advances and Future Vision, H. Mouratidis and P. Giorgini (Eds.), IGI Publishing, Hershey, Pennsylvania, pp. 107-126, 2006.
8. E. Fernandez and J. Pelaez, Security patterns for voice over IP networks. Proceedings of the International Multiconference on Computing in the Global Information Technology, p. 33, 2007.
9. E. Fernandez, M. VanHilst, M. Larrondo-Petrie and S. Huang, Defining security requirements through misuse actions, in Advanced Software Engineering: Expanding the Frontiers of Software Technology, S. Ochoa and G. Roman (Eds.), Springer, New York, 123-137, 2006.
10. E. Gamma, R. Helm, R. Johnson and J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley/ Pearson, Boston, Massachusetts, 1994.
11. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Addison-Wesley/Pearson, Boston, Massachusetts, 2004.
12. K. Kent, S. Chevalier, T. Grance and H. Dang, Guide to Integrating Forensic Techniques into Incident Response, NIST Special Publication 800-86, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.
13. P. Laplante and C. Neill, AntiPatterns: Identification, Refactoring and Management, CRC Press, Boca Raton, Florida, 2006.
14. N. Leveson, M. Heimdahl, H. Hildreth and J. Reese, Requirements specification for process-control systems, IEEE Transactions on Software Engineering, vol. 20(9), pp. 684-707, 1994.
15. J. McDermott, Attack net penetration testing, Proceedings of the New Security Paradigms Workshop, pp. 15-22, 2000.
16. A. Moore, R. Ellison and R. Linger, Attack modeling for information security and survability, Technical Note CMU/SEI-2001-TN-001, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 2001.
17. J. Pelaez, Security in VoIP networks. Master's Thesis, Department of Computer Science and Engineering, Florida Atlantic University, Boca Raton, Florida, 2004.
18. M. Schumacher, E. Fernandez, D. Hybertson, F. Buschmann and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, Wiley, Chichester, United Kingdom, 2006.
19. K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, ForNet: A distributed forensics network, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 1-16, 2003.
20. J. Steffan and M. Schumacher, Collaborative attack modeling, Proceedings of the ACM Symposium on Applied Computing, pp. 253-259, 2002.
21. Symantec, Antivirus Research Center (www.symantec.com).
22. TMCnet.com, CRN finds security risk in VoIP applications (www.tmcnet.com/ usubmit/2006/01/27/1320122.htm), January 27 2006.
23. C. Wieser, J. Roning and A. Takanen, Security analysis and experiments for VoIP RTP media streams, Proceedings of the Eighth International Symposium on Systems and Information Security, 2006.