Towards Incorporating Discrete-Event Systems in Secure Software Development

When designers and developers create software they often overlook issues related to security. Ideally, protection of the program from illegal usage would be considered at each stage of this program's life cycle. The proposition put forward here is to augment intrusion detection systems (IDSs) and employ them as a tool to support secure software development. Many state-based intrusion detection methods share structural and behavioural similarities with the set of processes known as discrete-event systems (DESs). A common structure for modelling DESs is the deterministic finite-state automaton. There exist several compatible anomaly detection techniques which construct finite- state machine models of normal behaviour through the decomposition of associated data (e.g., system calls, HTTP requests) into sequences of events. This paper proposes the application of decentralized DES theory to formally analyze and enhance these approaches to anomaly detection with misuse prevention. Models of misuse attacks are generated in the same manner as the legal usage representation, then augmented and integrated into the program model to prevent the execution of malicious sequences. The technique described herein simultaneously uses anomaly and misuse approaches to prevent and disable attacks before their completion.

[1]  Giovanni Vigna,et al.  A stateful intrusion detection system for World-Wide Web servers , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  M. Gordeev Intrusion Detection: Techniques and Approaches , 2003 .

[3]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[5]  C. Lucas,et al.  Intrusion detection using a fuzzy genetics-based learning algorithm , 2007, J. Netw. Comput. Appl..

[6]  Julie A. Dickerson,et al.  Fuzzy intrusion detection , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[7]  Stephanie Forrest,et al.  Learning DFA representations of HTTP for protecting web applications , 2007, Comput. Networks.

[8]  Mohammad Zulkernine,et al.  Detecting intrusions specified in a software specification language , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[9]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[11]  Fabio Martinelli,et al.  Through Modeling to Synthesis of Security Automata , 2007, STM.

[12]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[13]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[14]  D. Thorsley,et al.  Intrusion Detection in Controlled Discrete Event Systems , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[15]  Anup Ghosh,et al.  Simple, state-based approaches to program-based anomaly detection , 2002, TSEC.