【 摘 要 】

Current techniques for software security vulnerability identification include the use of abstract, graph-based models to represent information about an attack.These models can be in the form of attack trees or attack nets and can be accompanied with a supporting text-based profile.Matching the abstract models to specific system architectures for effective vulnerability identification can be a challenging process.This thesis suggests that abstract regular expressions can be used to represent events of known attacks for the identification of security vulnerabilities in future applications.The process of matching the events in the regular expression to a sequence of components in a system design may facilitate the means of identifying vulnerabilities.Performing the approach in the design phase of a software process encourages security to be integrated early into a software application.Students in an undergraduate security course demonstrated a strong ability to accurately match regular expressions to a system design.The identification of vulnerabilities is limited to known attacks of other systems and does not offer descriptions of what new attacks are possible to a future application.Extending the approach to incorporate new attacks is an avenue of future work.

【 预 览 】

附件列表

Files	Size	Format	View
Analyzing Security Attacks to Generate Signatures from Vulnerable Architectural Patterns	1580KB	PDF	download