Attacks and countermeasures in software system security

Handbook of Software Engineering and Knowledge Engineering: Vol 3: Recent Advances

Volumn , Issue , 2005, Pages 31-61

  Ma, Lu ^a   Tsai, Jeffrey J P ^a  

^a University of Illinois at Chicago   (United States)

Author keywords

Attack; Availability; Confidentiality; Integrity; Mobile agent system; Security

Indexed keywords

AVAILABILITY; COMPUTER SOFTWARE; NETWORK SECURITY;

ATTACK; CONFIDENTIALITY; INTEGRITY; MOBILE AGENT SYSTEM; SECURITY;

MOBILE AGENTS;

EID: 84968912294     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1142/9789812775245_0002     Document Type: Chapter

References (35)

1. D. Anderson, T. F. Lunt, H. Javitz, A. Tamaru and A. Valdes, "Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES)", SRI International Computer Science Laboratory Technical Report SRI-CSL-95-07, May 1995.
2. M. Bishop, Computer Security - Art and Science (Addison-Wesley, ISBN 0-201¬44099-7, 2002).
3. V. Bontchev, "Possible virus attacks against integrity programs and how to prevent them", http://vx. netlux. org/lib/static/vdat/epposatt. htm.
4. CERT Coordination Center Denial of Service, http://www.cert.org/tech-ttps/deniaLofservice.html.
5. D. Chess, C. Harrison and A. Kershenbaum, "Mobile agents: Are they a good idea?" IBM Research Report, J. Watson Research Center, March 1995.
6. W. M. Farmer, j. D. Guttmann and V. Swarup, "Security for mobile agents: Authentication and state appraisal", Proceedings of the Fourth European Symposium on Research in Computer Security, no. 1146 (1996) 118-130.
7. W. M. Farmer, J. D. Guttmann and V. Swarup, "Security for mobile agents: Issues and requirements", Proceedings of the 19th National Information Systems Security Conference 2 (1996) 591-597.
8. Firewall Software White Paper, http://www.firewall-software.com/firewalLfaws/types-of-firewall.html.
9. F. Hohl, "A model of attacks of malicious hosts against mobile agents", 4-th Workshop on Mobile Object Systems (MOS’98): Secure Internet Mobile Computations.
10. F. Hohl, "Time limited blackbox security: Protecting mobile agents from malicious hosts", Mobile Agents and Security, Lecture Notes in Computer Science 1419 (1998) 92-113.
11. C. Ko, M. Ruschitzka and K. Levitt, "Execution monitoring of security-critical programs in distributed system: A specification-based approach", Proceedings of the 1997 IEEE Symposium, on Security and Privacy (May 1997) 175-187.
12. P. Kotzanikolaou, M. Burmester and V. Chrissikopoulos, "Secure transactions with mobile agents in hostile environments", ACISP 2000, Lecture Notes in Computer Science 1841 (2000) 289-297.
13. L. Ma and J. J. P. Tsai, "Formal verification techniques for computer communication security protocols", Handbook of Software Engineering and Knowledge Engineering (2001) 23-45.
14. L. Ma, J. J. P. Tsai, Y. Deng and T. Murata, "Extended elementary object system model for mobile agent security", Proceedings of 2003 World Congress on Integrated Design and Process Technology (December 3-6, 2003) 169-178.
15. L. Ma and J. J. P. Tsai, "Trust server and secure mobility in mobile agent systems", submitted to 15th IEEE International Symposium on Software Reliability Engineering (ISSRE), 2004.
16. L. Ma, J. J. P. Tsai and Z. Yu, "Modeling and analysis of a secure mobile agent system using extended elementary object system", submitted to IEEE Transaction on Software Engineering.
17. S. Kumar and E. Spafford, "A pattern matching model for misuse intrusion detection", Proceedings of the 17th National Computer Security Conference (October 1994) 11-21.
18. V. C. Ramasami, "Security, authentication and access control for mobile communications", http://www.ittc.ku.edu/rvc/documents/865/865-securityreport.pdf.
19. K. Rothermel, F. Hohl and N. Radouniklis, "Mobile agent systems: What is missing?" Distributed Applications and Interoperable Systems (DAIS’97).
20. T. Sander and C. F. Tschudin, "Towards mobile cryptography", 1998 IEEE Symposium on Security and Privacy.
21. T. Sander and C. F. Tschudin, "Protecting mobile agents against malicious hosts", Mobile Agents and Security, Lecture Notes in Computer Science 14P9 (1998) 44-60.
22. T. Sander and C. F. Tschudin, "On the cryptographic protection of mobile code", Workshop on Mobile Agents and Security, October 1997.
23. R. S. Sandhu and P. Samarati, "Authentication, access control, and intrusion detection", The Computer Science and Engineering Handbook (CRC Press, 1997) 1929-1948.
24. G. Stoneburner, C. Hayden and A. Feringa, "Engineering principles for information technology security - A baseline for achieving security", NIST (National Institute of Standards and Technology) Special Publication 800-27, June 2001.
25. G. Stoneburner, "Underlying technical models for information technology security", NIST Special Publication 800-33, December 2001.
26. H. K. Tan and L. Moreau, "Extending execution tracing for mobile code security", Proceedings of Second International Workshop on Security of Mobile MultiAgent Systems (SEMAS’2002) (2002) 51-59.
27. H. K. Tan and L. Moreau, "Trust relationships in a mobile agent system", Mobile Agents, Lecture Notes in Computer Science 2210 (2001) 15-30.
28. P. Uppufuri and R. Sekar, "Experiences with specification-based intrusion detection", Recent Advances in Intrusion Detection (RAID), October 2001.
29. R. Valk, "Petri nets as token objects - An introduction to elementary object nets", 19th International Conference on Application and Theory of Petri, Nets (ICATPN’98), Lecture Notes in Computer Science 1420 (1998) 1-25.
30. R. Valk, "Concurrency in communicating object petri nets", Concurrent Object-Oriented Programming and Petri Nets, Advances in Petri Nets (2001) 164-195.
31. R. Valk, "Relating different semantics for object petri nets - Formal proofs and examples", Technical Report FBI-HH-B-226, University of Hamburg, Department for Computer Science, April 2000, pp. 1-50.
32. G. Vigna, "Protecting mobile agents through tracing", 3rd ECOOP Workshop on Mobile Object Systems.
33. G. Vigna, "Cryptographic traces for mobile agents, mobile agents and security", Lecture Notes in Computer Science ljl9 (1998) 137-150.
34. J. Vitek and G. Castagna, "Towards a calculus of secure mobile computations", Proceedings of Workshop on Internet Programming Languages, Chicago, Illinois, 1998.
35. J. Vitek and G. Castagna, "Seal: A framework for secure mobile computations", Internet Programming Languages, Lecture Notes in Computer Science 1686, 1999.