STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Two state-based approaches to program-based anomaly detection
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Software vulnerability analysis
Software vulnerability analysis
Run-time Detection of Buffer Overflow Attacks without Explicit Sensor Data Objects
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
IEEE Security and Privacy
A Dynamic Technique for Eliminating Buffer Overflow Vulnerabilities (and Other Memory Errors)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
A Taxonomy and Catalog of Runtime Software-Fault Monitoring Tools
IEEE Transactions on Software Engineering
StackOFFence: A Technique for Defending Against Buffer Overflow Attacks
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
Self-healing components in robust software architecture for concurrent and distributed systems
Science of Computer Programming - Special issue on system and software architectures(IWSSA'04)
Model-based self-monitoring embedded programs with temporal logic specifications
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Enhancing Security Using Legality Assertions
WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
Efficiently Detecting All Dangling Pointer Uses in Production Servers
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Dynamic code instrumentation to detect and recover from return address corruption
Proceedings of the 2006 international workshop on Dynamic systems analysis
Monitoring the Security Health of Software Systems
ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Use Case Driven Approach to Self-Monitoring in Autonomic Systems
ICAS '07 Proceedings of the Third International Conference on Autonomic and Autonomous Systems
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
ICCGI '08 Proceedings of the 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008)
Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities
CISIS '08 Proceedings of the 2008 International Conference on Complex, Intelligent and Software Intensive Systems
A Biologically-Inspired Preventive Mechanism for Self-Healing of Distributed Software Components
ADVCOMP '08 Proceedings of the 2008 The Second International Conference on Advanced Engineering Computing and Applications in Sciences
Quantifying Security in Secure Software Development Phases
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
Activity and Artifact Views of a Secure Software Development Process
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
An overview of the MOP runtime verification framework
International Journal on Software Tools for Technology Transfer (STTT) - Runtime Verification
Hi-index | 0.00 |
A software component should be trustworthy and behave in a secure manner as it will be reused many times. Despite extensive efforts, usually, it cannot be guaranteed that a developed software component is completely secure. Hence, its execution in the real-world needs to be monitored against its security specifications. Each time components are used to develop a component-based software (CBS), a new monitor has to be designed to observe the behavior of the CBS. This results in recurring costs as such monitors cannot be reused for other CBS. Moreover, development life cycle artifacts are usually not available when a pre-fabricated component is used to build a CBS. Given that, it is imperative that a specification-based security monitor is developed along with the monitored component (when all development artifacts are available) and is embedded in the component to increase the component's trustworthiness. In this paper, we identify the types of constraints that may be imposed by security specifications. These constraints should be taken into account while developing the software components and should also be monitored. Furthermore, we propose a design approach to develop components with built in monitors that are able to observe these security constraints. Components developed following this approach would be self-monitoring, promote greater reusability, and be more trustworthy. We evaluate our approach by analyzing the performance and design complexity of different versions of CBS. These versions are developed by following the traditional and proposed approaches for monitoring security aspects of CBS.