Pattern-oriented software architecture: a system of patterns
Pattern-oriented software architecture: a system of patterns
A UML-based aspect-oriented design notation for AspectJ
AOSD '02 Proceedings of the 1st international conference on Aspect-oriented software development
Security Architecture: Design, Deployment, and Operations
Security Architecture: Design, Deployment, and Operations
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Aspects to Design a Secure System
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
Introducing Security Aspects with Model Transformations
ECBS '05 Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems
An Aspect-Oriented Approach to Mobile Agent Access Control
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
XacT: a bridge between resource management and access control in multi-layered applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Using Aspects for Security Engineering of Web Service Compositions
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Software Security: Building Security In
Software Security: Building Security In
UMLintr: A UML Profile for Specifying Intrusions
ECBS '06 Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems
Context based Application Level Intrusion Detection System
ICNS '06 Proceedings of the International conference on Networking and Services
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
Developing secure data warehouses with a UML extension
Information Systems
Towards an Aspect-Oriented Intrusion Detection Framework
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
ACIR: An Aspect-Connector for Intrusion Response
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Secure Systems Development with UML
Secure Systems Development with UML
An aspect oriented model of efficient and secure card-based payment system
Proceedings of the 2011 International Conference on Communication, Computing & Security
Building components with embedded security monitors
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
An aspect-oriented approach for mobile embedded software modeling
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part II
A Tool Support for Secure Software Integration
International Journal of Secure Software Engineering
Eliminating SQL injection and cross site scripting using aspect oriented programming
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
Security is a critical issue for software systems, especially for those systems which are connected to networks and the Internet, since most of them suffer from various malicious attacks. Intrusion detection is an approach to protect software against such attacks. However, security vulnerabilities that are exploited by intruders cut across multiple modules in software systems and are difficult to address and monitor. These kinds of concerns, called cross-cutting concerns, can be handled by aspect-oriented software development (AOSD) for better modularization. A number of works have utilized AOSD to address security issues of software systems, but none of them has employed AOSD for intrusion detection. In this paper, we propose a model-based aspect-oriented framework for building intrusion-aware software systems. We model attack scenarios and intrusion detection aspects using an aspect-oriented Unified Modeling Language (UML) profile. Based on the UML model, the intrusion detection aspects are implemented and woven into the target system. The resulting target system has the ability to detect the intrusions automatically. We present an experimental evaluation by applying this framework for some of the most common attacks included in the Web Application Security Consortium (WASC) web security threat classification. The experimental results demonstrate that the framework is effective in specifying and implementing intrusion detection and can be applied for a wide range of attacks.