Intrusion detection aware component-based systems: A specification-based framework

Component-Based Software Engineering (CBSE) increases the reusability of software and hence decreases software development time and cost. Unfortunately, developing components for maximum reusability and acquiring third party components invite many security related concerns. The security related issues are more crucial for embedded and real-time systems. Currently, many approaches are proposed to aid the development and evaluation of secure components. However, it is well known among practitioners that, like any other software entities, components cannot be completely secure. This fact leads us to incorporate intrusion detection facilities to equip components with mechanisms to discover intrusions against components. In this paper, we present a framework for developing components with intrusion detection capabilities. This framework uses UMLintr, a UML profile for intrusion specifications. The profile allows developers to specify intrusion scenarios using UML diagrams. Specifying intrusion scenarios using the same language that is used for specifying software behavior eliminates the need for separate languages for describing intrusions. Other software specification languages can be easily adopted into this framework. The outcome of this framework are components equipped with intrusion detectors. Based on UMLintr, a prototype is built and used to generate signatures for some intrusions included in the benchmark DARPA attack datasets. Furthermore, we describe an Intrusion Detection System (IDS) which uses these signatures to detect component intrusions.

[1]  Ivica Crnkovic,et al.  Building Reliable Component-Based Software Systems , 2002 .

[2]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[3]  Bran Selic,et al.  Using UML for Modeling Complex Real-Time Systems , 1998, LCTES.

[4]  Mohammad Zulkernine,et al.  Towards automatic monitoring of component-based software systems , 2005, J. Syst. Softw..

[5]  Anders Bond,et al.  A Quantitative Evaluation Framework for Component Security in Distributed Information Systems , 2004 .

[6]  Stefanos Gritzalis,et al.  Distributed component software security issues on deploying a secure electronic marketplace , 2000, Inf. Manag. Comput. Secur..

[7]  R. Sekar,et al.  Experiences with Specification-Based Intrusion Detection , 2001, Recent Advances in Intrusion Detection.

[8]  Heiko Krumm,et al.  Trust-adapted enforcement of security policies in distributed component-structured applications , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[9]  Khaled M. Khan,et al.  A security characterisation framework for trustworthy component based software systems , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[10]  Alan W. Brown,et al.  The Current State , 2016 .

[11]  Achim D. Brucker,et al.  Testing Distributed Component Based Systems Using UML/OCL , 2001, GI Jahrestagung.

[12]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Colin Atkinson,et al.  Component-Based Software Development for Embedded Systems - An Introduction , 2005, Component-Based Software Development for Embedded Systems.

[14]  Mohammad Zulkernine,et al.  UMLintr: a UML profile for specifying intrusions , 2006, 13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06).

[15]  Khaled M. Khan,et al.  Deriving systems level security properties of component based composite systems , 2005, 2005 Australian Software Engineering Conference.

[16]  Colin Atkinson,et al.  Component-Based Software Development for Embedded Systems: An Overview of Current Research Trends (Lecture Notes in Computer Science) , 2005 .

[17]  Jan Jürjens,et al.  Component-Based Development of Dependable Systems with UML , 2005, Component-Based Software Development for Embedded Systems.

[18]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[19]  Stefanos Gritzalis,et al.  Distributed component architectures security issues , 2005, Comput. Stand. Interfaces.

[20]  Rayford B. Vaughn,et al.  Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues , 2006 .

[21]  Mohammad Zulkernine,et al.  Detecting intrusions specified in a software specification language , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[22]  Mikio Aoyama,et al.  New Age of Software Development: How Component-Based Software Engineering Changes the Way of Software Development ? , 1998 .

[23]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[24]  Christine Mingins,et al.  Building trust in third-party components using component wrappers in the .NET frameworks , 2002 .

[25]  Philip Koopman,et al.  Embedded System Security , 2004, Computer.

[26]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[27]  Jonathan Korba Windows NT Attacks for the Evaluation of Intrusion Detection Systems , 2000 .