Title :
A Hybrid Monitoring of Software Design-Level Security Specifications
Author :
Khan, Muhammad Uzair ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´s Univ., Kingston, ON, Canada
Abstract :
The behavior of the deployed software should be monitored against its security specifications to identify vulnerabilities introduced due to incorrect implementation of secure design decisions. Security specifications, including design-level ones, impose constraints on the behavior of the software. These constraints can be broadly categorized as non-time-critical and time-critical and have to be monitored in a manner that minimizes the monitoring overhead. In this paper, we suggest using a hybrid of event and time monitoring techniques to observe these constraints. The viability of the hybrid technique is assessed by comparing its effectiveness and performance with event and time monitoring techniques. The results indicate that the hybrid monitoring technique is more effective and efficient when compared separately with event or time monitoring.
Keywords :
computerised monitoring; security of data; event monitoring techniques; hybrid monitoring technique; hybrid software design-level security specifications monitoring; monitoring overhead; secure design decisions; software behavior; time monitoring techniques; Authentication; Instruments; Monitoring; Software; Software algorithms; Time factors; design-level; monitoring; security specifications;
Conference_Titel :
Quality Software (QSIC), 2014 14th International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4799-7197-8
DOI :
10.1109/QSIC.2014.14
