Automated Generation of Attack Routes for Service Security Analysis - A Preliminary Report
نویسندگان
چکیده
i* modeling has been used to characterize service-oriented computing in terms of intentional concepts such as agents, goals, dependencies, as well as services they provide or consume. The intentional models provide a rich basis for various security related reasoning, such as vulnerability analysis, attack and countermeasure evaluation, risk assessment, etc. In this work, we aim to explore a reasoning method over the i* models that goes beyond evaluating the satisfaction of security properties. We propose a service security modeling approach for automated generation of attack routes against a specific service. We analyze the security level for each service by using the resulting models. We aim to discover countermeasures and incorporate them into the security analysis process.
منابع مشابه
Secure Bio-Cryptographic Authentication System for Cardless Automated Teller Machines
Security is a vital issue in the usage of Automated Teller Machine (ATM) for cash, cashless and many off the counter banking transactions. Weaknesses in the use of ATM machine could not only lead to loss of customer’s data confidentiality and integrity but also breach in the verification of user’s authentication. Several challenges are associated with the use of ATM smart card such as: card clo...
متن کاملRESCUE: Reputation based Service for Cloud User Environment
Exceptional characteristics of Cloud computing has replaced all traditional computing. With reduced resource management and without in-advance investment, it has been victorious in making the IT world to migrate towards it. Microsoft announced its office package as Cloud, which can prevent people moving from Windows to Linux. As this drift is escalating in an exponential rate, the cloud environ...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010