• DocumentCode
    2703993
  • Title

    Contract-Based Security Monitors for Service Oriented Software Architecture

  • Author

    Hoole, Alexander M. ; Traore, Issa

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC
  • fYear
    2008
  • fDate
    9-12 Dec. 2008
  • Firstpage
    1239
  • Lastpage
    1245
  • Abstract
    Monitors have been used for real-time systems to ensure proper behavior; however, most approaches do not allow for the addition of relevant fields required to identify and react to security vulnerabilities. Contracts can provide a useful mechanism for identifying and tracking vulnerabilities. Currently, contracts have been proposed for reliability and formal verification; yet, their use in security is limited. Static analysis methods are able to identify many known vulnerabilities; however, they suffer from a high rate of false-positives. The creation of a mechanism that can verify identified vulnerabilities is therefore warranted. We propose a contract-based security assertion monitoring framework (CB SAMF) for reducing the number of security vulnerabilities that are exploitable. CB SAMF will span multiple software layers and be used in an enhanced systems development life cycle (SDLC) including service-oriented analysis and design (SOAD).
  • Keywords
    formal verification; program diagnostics; real-time systems; security of data; software architecture; software reliability; supervisory programs; contract-based security assertion monitoring framework; contract-based security monitors; formal verification; real-time systems; reliability; security vulnerability; service oriented software architecture; service-oriented analysis and design; software layers; static analysis methods; systems development life cycle; Computer displays; Computer security; Contracts; Intrusion detection; Logic; Monitoring; Real time systems; Runtime; Service oriented architecture; Software architecture; contracts; monitors; security engineering; service-oriented architecture;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE
  • Conference_Location
    Yilan
  • Print_ISBN
    978-0-7695-3473-2
  • Electronic_ISBN
    978-0-7695-3473-2
  • Type

    conf

  • DOI
    10.1109/APSCC.2008.169
  • Filename
    4780849