AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification

Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets

[1]  Mohammad Zulkernine,et al.  UMLintr: a UML profile for specifying intrusions , 2006, 13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06).

[2]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[3]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[4]  Mohammad Zulkernine,et al.  Detecting intrusions specified in a software specification language , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[5]  LanguagesGiovanni,et al.  Attack Languages , 2007 .

[6]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[7]  Mohammad Zulkernine,et al.  Bridging the gap: software specification meets intrusion detector , 2006, PST.

[8]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[9]  J. Aagedal,et al.  UML Pro?le for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms , 2004 .

[10]  Ketil Stølen,et al.  Towards a UML Profile for Model-Based Risk Assessment , 2002 .

[11]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[12]  Wolfram Schulte,et al.  The ABCs of specification: asml, behavior, and components , 2001, Informatica.

[13]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..