• DocumentCode
    522774
  • Title

    A framework based security-knowledge database for vulnerabilities detection of business logic

  • Author

    Li, Xiaohong ; Meng, Guozhu ; Feng, Zhiyong ; Li, Xu ; Pan, Dong

  • Author_Institution
    Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China
  • Volume
    1
  • fYear
    2010
  • fDate
    10-11 May 2010
  • Firstpage
    292
  • Lastpage
    297
  • Abstract
    This paper presents a framework for vulnerabilities detection of business logic in the software design phase. First, model the business logic in the design phase finite state machine, and extract relevant business processes from the model. Calculate the similarity degree between attack pattern and the business processes. Thus, find out if there are some vulnerabilities in the business logic and generate a report of threats analysis. Finally, Focusing on the business logic of user registration in the web application, we model it as a FSA then detect the model. By analyzing the detection result we conclude that the approach is correct and effective and can improve software security and reliability.
  • Keywords
    Application software; Databases; Fault trees; Information security; Logic design; Phase detection; Programming; Software design; Software engineering; Software systems; Attack Pattern; Finite State Automate; Security Software Engineer; Threats Information; Vulnerabilities;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Optics Photonics and Energy Engineering (OPEE), 2010 International Conference on
  • Conference_Location
    Wuhan, China
  • Print_ISBN
    978-1-4244-5234-7
  • Electronic_ISBN
    978-1-4244-5236-1
  • Type

    conf

  • DOI
    10.1109/OPEE.2010.5508127
  • Filename
    5508127
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=522774