Component software: beyond object-oriented programming
Component software: beyond object-oriented programming
Building Reliable Component-Based Software Systems
Building Reliable Component-Based Software Systems
Building trust in third-party components using component wrappers in the .NET frameworks
CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
IEEE Software
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Trust-Adapted Enforcement of Security Policies in Distributed Component-Structured Applications
ISCC '01 Proceedings of the Sixth IEEE Symposium on Computers and Communications
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Security Characterisation Framework for Trustworthy Component Based Software Systems
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Secure Systems Development with UML
Secure Systems Development with UML
Towards automatic monitoring of component-based software systems
Journal of Systems and Software - Special issue: Automated component-based software engineering
Deriving Systems Level Security Properties of Component Based Composite Systems
ASWEC '05 Proceedings of the 2005 Australian conference on Software Engineering
Detecting Intrusions Specified in a Software Specification Language
COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
UMLintr: A UML Profile for Specifying Intrusions
ECBS '06 Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems
Distributed component architectures security issues
Computer Standards & Interfaces
A software-based trust framework for distributed industrial management systems
Journal of Systems and Software
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
Journal of Systems and Software
A systematic review of security requirements engineering
Computer Standards & Interfaces
Building components with embedded security monitors
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Hi-index | 0.01 |
Component-Based Software Engineering (CBSE) increases the reusability of software and hence decreases software development time and cost. Unfortunately, developing components for maximum reusability and acquiring third party components invite many security related concerns. The security related issues are more crucial for embedded and real-time systems. Currently, many approaches are proposed to aid the development and evaluation of secure components. However, it is well known among practitioners that, like any other software entities, components cannot be completely secure. This fact leads us to incorporate intrusion detection facilities to equip components with mechanisms to discover intrusions against components. In this paper, we present a framework for developing components with intrusion detection capabilities. This framework uses UMLintr, a UML profile for intrusion specifications. The profile allows developers to specify intrusion scenarios using UML diagrams. Specifying intrusion scenarios using the same language that is used for specifying software behavior eliminates the need for separate languages for describing intrusions. Other software specification languages can be easily adopted into this framework. The outcome of this framework are components equipped with intrusion detectors. Based on UMLintr, a prototype is built and used to generate signatures for some intrusions included in the benchmark DARPA attack datasets. Furthermore, we describe an Intrusion Detection System (IDS) which uses these signatures to detect component intrusions.