A Hybrid Monitoring of Software Design-Level Security Specifications

Author

Khan, Muhammad Uzair ; Zulkernine, Mohammad

Author_Institution

Sch. of Comput., Queen´s Univ., Kingston, ON, Canada

fYear

2014

fDate

2-3 Oct. 2014

Firstpage

111

Lastpage

116

Abstract

The behavior of the deployed software should be monitored against its security specifications to identify vulnerabilities introduced due to incorrect implementation of secure design decisions. Security specifications, including design-level ones, impose constraints on the behavior of the software. These constraints can be broadly categorized as non-time-critical and time-critical and have to be monitored in a manner that minimizes the monitoring overhead. In this paper, we suggest using a hybrid of event and time monitoring techniques to observe these constraints. The viability of the hybrid technique is assessed by comparing its effectiveness and performance with event and time monitoring techniques. The results indicate that the hybrid monitoring technique is more effective and efficient when compared separately with event or time monitoring.

Keywords

computerised monitoring; security of data; event monitoring techniques; hybrid monitoring technique; hybrid software design-level security specifications monitoring; monitoring overhead; secure design decisions; software behavior; time monitoring techniques; Authentication; Instruments; Monitoring; Software; Software algorithms; Time factors; design-level; monitoring; security specifications;

fLanguage

English

Publisher

ieee

Conference_Titel

Quality Software (QSIC), 2014 14th International Conference on

Conference_Location

Dallas, TX

ISSN

1550-6002

Print_ISBN

978-1-4799-7197-8

Type

conf

DOI

10.1109/QSIC.2014.14

Filename

6958394