Towards security monitoring patterns
George Spanoudakis,Christos Kloukinas,Kelly Androutsopoulos +2 more
- pp 1518-1525
TLDR
In this paper, the authors propose patterns for expressing three basic types of security requirements, namely confidentiality, integrity and availability, in a formal temporal first order language, Event Calculus.Abstract:
Runtime monitoring is performed during system execution to detect whether the system's behaviour deviates from that described by requirements. To support this activity we have developed a monitoring framework that expresses the requirements to be monitored in event calculus - a formal temporal first order language. Following an investigation of how this framework could be used to monitor security requirements, in this paper we propose patterns for expressing three basic types of such requirements, namely confidentiality, integrity and availability. These patterns aim to ease the task of specifying confidentiality, integrity and availability requirements in monitorable forms by non-expert users. The paper illustrates the use of these patterns using examples of an industrial case study.read more
Citations
More filters
Journal ArticleDOI
Aligning Qualitative, Real-Time, and Probabilistic Property Specification Patterns Using a Structured English Grammar
TL;DR: A comprehensive framework combining qualitative, real-time, and probabilistic property specification patterns has remained elusive and a unified catalogue is presented that combines all known plus 40 newly identified or extended patterns.
Journal ArticleDOI
A Systematic Survey of Self-Protecting Software Systems
TL;DR: By proposing and applying a comprehensive taxonomy to classify and characterize the state-of-the-art research in self-protecting software systems, this article has identified key patterns, trends and challenges in the existing approaches, which reveals a number of opportunities that will shape the focus of future research efforts.
Proceedings ArticleDOI
Architecture-based self-protecting software systems
TL;DR: This paper presents several architecture adaptation patterns that provide reusable detection and mitigation strategies against well-known web application security threats and describes the ongoing work in realizing these patterns on top of Rainbow, an existing architecture-based adaptation framework.
Book ChapterDOI
Monitoring WS-Agreement s: An Event Calculus–Based Approach
Khaled Mahbub,George Spanoudakis +1 more
TL;DR: This chapter presents a framework that is developed to support the monitoring of service level agreements (SLAs), and an extension of WS-Agreement that uses an event calculus–based language, called EC-Assertion, for the specification of the service guarantee terms in a service level agreement that need to be monitored at runtime.
References
More filters
Book
The Temporal Logic of Reactive and Concurrent Systems: Specification
Amir Pnueli,Zohar Manna +1 more
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Journal ArticleDOI
Automatic verification of finite-state concurrent systems using temporal logic specifications
TL;DR: It is argued that this technique can provide a practical alternative to manual proof construction or use of a mechanical theorem prover for verifying many finite-state concurrent systems.
Book
The temporal logic of reactive and concurrent systems
Zohar Manna,Amir Pnueli +1 more
TL;DR: Temporal logic is a formal tool/language which yields excellent results in specifying reactive systems, and this volume (the first two), offers an introduction to temporal logic and to the computational model for reactive programs which has been developed by the authors as mentioned in this paper.
Book ChapterDOI
The Ponder Policy Specification Language
TL;DR: The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java.