Matching attack patterns to security vulnerabilities in software-intensive system designs

SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Volumn , Issue , 2005, Pages

  Gegick, Michael ^a   Williams, Laurie ^a  

^a North Carolina State University   (United States)

Author keywords

Design; Regular expression; Security

Indexed keywords

APPLICATION PROGRAMS; DESIGN; SECURITY OF DATA; STUDENTS; SYSTEMS ANALYSIS;

ABSTRACT REPRESENTATION; REGULAR EXPRESSIONS; SECURITY; SECURITY VULNERABILITIES; SOFTWARE DEVELOPMENT PROCESS; SOFTWARE INTENSIVE SYSTEMS; SOFTWARE VULNERABILITIES; VULNERABILITY DATABASE;

SOFTWARE DESIGN;

EID: 85085406935     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1083200.1083211     Document Type: Conference Paper

References (19)

1. C. Alexander, S. Ishikawa, M. Silverstein, M. Jacobson, I. Fiksadahl-King, and S. Angel, A Pattern Language. New York: Oxford University Press, 1977.
2. W. A. Arbaugh, W. L. Fithen, and J. McHugh, "Windows of Vulnerability: A Case Study Analysis, " IEEE, vol. 3, 12 pp. 52-59, 2000.
3. B. Boehm, "Industrial Metrics Top 10 List, " IEEE Software, vol. 4, 5 pp. 84-85, 1987.
4. J. Carlstedt, R. Bisbey II, and G. Popek, "Pattern-Directed Protection Evaluation, " USC Information Sciences Institute, Marina del Rey ISI/RR-75-31, June 1975.
5. H. Chen and J. Shapiro, "Using Build-Integrated Static Checking to Preserve Correctness Invariants, " ACM, 2004.
6. H. Chen and D. Wagner, "MOPS: an Infrastructure for Examining Security Properties of Software, " ACM CCS, 2002.
7. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns. Boston: Adison-Wesley, 1995.
8. M. Gegick, "Analyzing Security Attacks to Generate Patterns from Vulnerable Architectural Patterns", MS, NCSU, Raleigh. July, 2004
9. G. Hoglund and G. McGraw, Exploiting Software. Boston: Addison-Wesley, 2004.
10. M. Howard and D. LeBlanc, Writing Secure Code, 2nd ed. Redmond: Microsoft Corporation, 2003.
11. IEEE, "ANSI/IEEE Standard Glossary of Software Engineering Terminology, " 1990.
12. I. Krsul, "Software Vulnerability Analysis", PhD, Purdue University, West Lafayette.
13. S. Kumar and E. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection, " Proceedings of the 17th National Computer Security Conference, West Lafayette, 1994.
14. J. P. McDermott, "Attack Net Penetration Testing, " ACM SIGSAC, pp. 15-21, 2000.
15. A. P. Moore, R. J. Ellison, and R. C. Linger, "Attack Modeling for Information Security and Survivability, " Carnegie Mellon University March 2001.
16. B. Schneier, "Attack Trees: Modeling Security Threats, " Dr. Dobb's Journal, 1999.
17. M. Schumacher and U. Roedig, "Security Engineering with Patterns, " 8th Conference on Pattern Languages of Programs, 2001.
18. J. Steffan and M. Schumacher, "Collaborative Attack Modeling, " Proceedings of the 2002 ACM Symposium on Applied Computing (SAC'02, Madrid, Spain), pp. 253-259, 2002.
19. J. Viega and G. McGraw, Building Secure Software How to Avoid Security Problems the Right Way. Boston: Addison-Wesley, 2002.