A framework for development of runtime monitors

Software Testing is the process used to assure the correctness, completeness, performance, security and reliability of the software. Different software testing techniques are used during pre-deployment phase of the software. But, these do not ensure that all possible behaviors of implementation are analyzed, executed and tested. Because of the incomplete assurance from the testing methodology, software can sometimes behave very differently during the post-deployment phase. This is termed as software anomaly and they are caused mostly by external attacks such as SQL injection, cross-site scripting, path-traversal attack, etc. To detect such anomalies and to ensure the security and reliability of software during the post-deployment phase, a technique known as runtime monitoring can be used. This paper presents a framework for the development of runtime monitors to accomplish post-deployment monitoring of software to detect and prevent path traversal attack.

[1]  Jehad Al Dallal,et al.  Dynamic data flow analysis for Java programs , 2000, Inf. Softw. Technol..

[2]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[3]  Qishi Wu,et al.  AVOIDIT: A Cyber Attack Taxonomy , 2009 .

[4]  Marcelo d'Amorim,et al.  Monitoring-Oriented Programming: A Tool-Supported Methodology for Higher Quality Object-Oriented Software , 2004 .

[5]  Dongxia Wang,et al.  Data-flow based vulnerability analysis and java bytecode , 2007 .

[6]  W C GRATER Path testing. , 1961, Annals of allergy.

[7]  Andrew Cain,et al.  An Object Oriented Approach towards Dynamic Data Flow Analysis (Short Paper) , 2008, 2008 The Eighth International Conference on Quality Software.

[8]  Sajjan G. Shiva,et al.  A Holistic Game Inspired Defense Architecture , 2012 .

[9]  Der-Tsai Lee,et al.  Web Application Security—Past, Present, and Future , 2005 .

[10]  Mohd. Ehmer Khan Different Approaches To Black box Testing Technique For Finding Errors , 2011 .

[11]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[12]  Xiaowei Li,et al.  The Automatic Generation of Basis Set of Path for Path Testing , 2005, 14th Asian Test Symposium (ATS'05).

[13]  Hua Chen,et al.  Data-Flow Based Analysis of Java Bytecode Vulnerability , 2008, 2008 The Ninth International Conference on Web-Age Information Management.

[14]  Mark Curphey,et al.  Web application security assessment tools , 2006, IEEE Security & Privacy.

[15]  Marcelo d'Amorim,et al.  Checking and Correcting Behaviors of Java Programs at Runtime with Java-MOP , 2006, RV@CAV.

[16]  Jehad Al Dallal,et al.  Anomaly detection in concurrent Java programs using dynamic data flow analysis , 2001, Inf. Softw. Technol..

[17]  Dipankar Dasgupta,et al.  Game theory for cyber security , 2010, CSIIRW '10.

[18]  Joseph P. Poole A Method to Determine a Basis Set of Paths to Perform Program Testing | NIST , 1995 .

[19]  Hong Tang,et al.  The Vulnerability Analysis Framework for Java Bytecode , 2009, 2009 15th International Conference on Parallel and Distributed Systems.

[20]  Alessandro Orso Monitoring, analysis, and testing of deployed software , 2010, FoSER '10.

[21]  Ann Q. Gates,et al.  A taxonomy and catalog of runtime software-fault monitoring tools , 2004, IEEE Transactions on Software Engineering.

[22]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[23]  Andrew Cain,et al.  An Object Oriented Approach towards Dynamic Data Flow Analysis , 2008 .