Title :
A Taxonomy of Time and State Attacks
Author :
Corcalciuc, Horia V.
Author_Institution :
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
Abstract :
Software classifications have been created with the purpose of keeping track of attack patterns as well as providing a history of incidents for software packages. This article focuses on one single class of such attacks, conventionally known as "Time and State" attacks. We offer a method of analyzing the anatomy of such attacks by reasoning about vulnerabilities using "swimlane" diagrams annotated with some semantics of concurrent programming, such as the notions of traces and stability. We summarize our conclusions with a taxonomy based on abstraction layers, implying thereby some form of tree hierarchy where vulnerabilities inherit properties from the upper layers and share code-level flaws on the lower layers. This approach allows us to classify attacks by what they share in common, which is different from other classification attempts.
Keywords :
pattern classification; programming language semantics; security of data; software engineering; software packages; abstraction layers; code-level flaws; concurrent programming semantics; software classifications; software packages; state attacks; swimlane diagrams; time attacks; tree hierarchy; Abstracts; Databases; Kernel; Security; Servers; Taxonomy; Vegetation; attacks; classification; concurrency; exceptions; lock; patterns; security; signals; stability; taxonomy; vulnerability;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.30
