A simple approach to specifying concurrent systems
Communications of the ACM
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Computer - Special issue: neural computing: companion issue to Spring 1996 IEEE Computational Science & Engineering
Requirements-based monitors for real-time systems
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
ACM Transactions on Information and System Security (TISSEC)
Computer
ARTS '97 Proceedings of the 4th International AMAST Workshop on Real-Time Systems and Concurrent and Distributed Software: Transformation-Based Reactive Systems Development
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Misuse and Abuse Cases: Getting Past the Positive
IEEE Security and Privacy
Building More Secure Software with Improved Development Processes
IEEE Security and Privacy
Software Security: Building Security In
Software Security: Building Security In
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Linux and open source in telecommunications
Linux Journal
Defining Misuse within the Development Process
IEEE Security and Privacy
The Security Development Lifecycle
The Security Development Lifecycle
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Contract-Based Security Monitors for Service Oriented Software Architecture
APSCC '08 Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference
Hi-index | 0.98 |
Telecommunication software systems, containing security vulnerabilities, continue to be created and released to consumers. We need to adopt improved software engineering practices to reduce the security vulnerabilities in modern systems. Contracts can provide a useful mechanism for the identification, tracking, and validation of security vulnerabilities. In this work, we propose a new contract-based security assertion monitoring framework (CB_SAMF) that is intended to reduce the number of security vulnerabilities that are exploitable across multiple software layers, and to be used in an enhanced systems development life cycle (SDLC). We show how contract-based security assertion monitoring can be achieved in a live environment on Linux. Through security activities integrated into the SDLC we can identify potential security vulnerabilities in telecommunication systems, which in turn are used for the creation of contracts defining security assertions. Our contract model is then applied, as runtime probes, against two common security related vulnerabilities in the form of a buffer overflow and a denial of service.