Availability enforcement by obligations and aspects identification

Information systems are more and more victim of denial of service attacks. Thus, availability is a critical property which is more and more difficult to achieve. In this paper, we devise a new approach to design programs that enforce availability requirements. This approach is based on a formal security model called Nomad which combines deontic and temporal logics. We show how to use this model to specify availability requirements. Our proposal is then based on aspect programming. For this purpose, availability requirements expressed in the Nomad model are transformed into availability aspects. Using aspect programming languages such as AspectJ, we can then weave these availability aspects to transform an insecure program into a secure one.

[1]  Jonathan K. Millen,et al.  A resource allocation model for denial of service , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Virgil D. Gligor,et al.  A Specification and Verification Method for Preventing Denial of Service , 1990, IEEE Trans. Software Eng..

[3]  Nora Cuppens-Boulahia,et al.  Nomad: a security model with non atomic actions and deadlines , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[4]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[5]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[6]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[7]  Virgil D. Gligor,et al.  A Note on the Denial-of-Service Problem , 1983, 1983 IEEE Symposium on Security and Privacy.

[8]  Edward Amoroso,et al.  A policy model for denial of service , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[9]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[10]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[11]  Ravishankar K. Iyer,et al.  Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities by Pointer Taintedness Semantics , 2004, SEC.

[12]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.