Title :
A framework based security-knowledge database for vulnerabilities detection of business logic
Author :
Li, Xiaohong ; Meng, Guozhu ; Feng, Zhiyong ; Li, Xu ; Pan, Dong
Author_Institution :
Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China
Abstract :
This paper presents a framework for vulnerabilities detection of business logic in the software design phase. First, model the business logic in the design phase finite state machine, and extract relevant business processes from the model. Calculate the similarity degree between attack pattern and the business processes. Thus, find out if there are some vulnerabilities in the business logic and generate a report of threats analysis. Finally, Focusing on the business logic of user registration in the web application, we model it as a FSA then detect the model. By analyzing the detection result we conclude that the approach is correct and effective and can improve software security and reliability.
Keywords :
Application software; Databases; Fault trees; Information security; Logic design; Phase detection; Programming; Software design; Software engineering; Software systems; Attack Pattern; Finite State Automate; Security Software Engineer; Threats Information; Vulnerabilities;
Conference_Titel :
Optics Photonics and Energy Engineering (OPEE), 2010 International Conference on
Conference_Location :
Wuhan, China
Print_ISBN :
978-1-4244-5234-7
Electronic_ISBN :
978-1-4244-5236-1
DOI :
10.1109/OPEE.2010.5508127
