Software Specification and Attack Languages

Software Specification and Attack Languages

Mohammed Hussein (Queen’s University, Canada)
Copyright: © 2007 |Pages: 17
DOI: 10.4018/978-1-59904-090-5.ch016
OnDemand PDF Download:


General-purpose software specification languages are introduced to model software by providing a better understanding of their characteristics. Nevertheless, these languages may fail to model some nonfunctional requirements such as security and safety. The necessity for simplifying the specification of nonfunctional requirements led to the development of domain-specific languages (e.g., attack description languages). Attack languages are employed to specify intrusion detection related aspects like intrusion signatures, normal behavior, alert correlation, and so forth. They provide language constructs and libraries that simplify the specification of the aforementioned intrusion detection aspects. Attack languages are used heavily due to the rapid growth of computer intrusions. The current trend in software development is to develop the core functionalities of the software based on the requirements expressed in general-purpose software specification languages. Then, attack languages and other security mechanisms are used to deal with security requirements. However, using two sets of languages may result in several disadvantages such as redundant and conflicting requirements (e.g., usability vs. security). Moreover, incorporating security at the latter stages of a software life cycle is more difficult and time consuming. Many research works propose the unification and reconciliation of software engineering and security engineering in various directions. These research efforts aim to enable developers to use the current software engineering tools and techniques to specify security requirements. In this chapter, we present a study on the classification of software specification languages and discuss the current state of the art regarding attack languages. Specification languages are categorized based on their features and their main purposes. A detailed comparison among attack languages is provided. We show the example extensions of the two software specification languages to include some features of the attack languages. We believe that extending certain types of software specification languages to express security aspects like attack descriptions is a major step towards unifying software and security engineering.

Complete Chapter List

Search this Book:
Table of Contents
Peter F. Linington
Djamel Khadraoui, Francine Herrmann
Chapter 1
Sophie Gastellier-Prevost
Within a more and more complex environment, where connectivity, reactivity and availability are mandatory, companies must be “electronically... Sample PDF
Security Architectures
Chapter 2
Eric Garcia
GRID computing implies sharing heterogeneous resources, located in different places belonging to different administrative domains over a... Sample PDF
Security in GRID Computing
Chapter 3
Göran Pulkkis
Security issues of Symbian-based mobile computing devices such as PDAs and smart phones are surveyed. The evolution of Symbian OS architecture is... Sample PDF
Security of Symbian Based Mobile Devices
Chapter 4
Michéle Germain, Alexis Ferrero, Jouni Karvo
Using WLAN networks in enterprises has become a popular method for providing connectivity. We present the security threats of WLAN networks, and the... Sample PDF
Wireless Local Area Network Security
Chapter 5
Mário M. Ferire
This chapter addresses the problem of interoperability among intrusion detection systems. It presents a classification and a brief description of... Sample PDF
Interoperability Among Instrusion Detection Systems
Chapter 6
Snezana Sucurovic
This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic... Sample PDF
Security in E-Health Applications
Chapter 7
Hristo Koshutanski
Autonomic communication and computing is the new paradigm for dynamic service integration over a network. In an autonomic network, clients may have... Sample PDF
Interactive Access Control and Trust Negotiation for Autonomic Communication
Chapter 8
Isaac Agudo
Advanced applications for the Internet need to make use of the authorization service so that users can prove what they are allowed to do and show... Sample PDF
Delegation Services: A Step Beyond Authorization
Chapter 9
Jean-Henry Morin, Michel Pawlak
This chapter introduces digital rights management (DRM) in the perspective of digital policy management (DPM) focusing on the enterprise and... Sample PDF
From DRM to Enterprise Rights and Policy Management: Challenges and Opportunities
Chapter 10
Srinivas Mukkamala
Malware has become more lethal by using multiple attack vectors to exploit both known and unknown vulnerabilities and can attack prescanned targets... Sample PDF
Limitations of Current Anti-Virus Scanning Technologies
Chapter 11
Indranil Bose
Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted... Sample PDF
Phishing: The New Security Threat on the Internet
Chapter 12
Bogdan Hoanca
The field of information security has realized many advances in the past few decades. Some of these innovations include new cryptographic... Sample PDF
Phishing Attacks and Countermeasures: Implications for Enterprise Information Security
Chapter 13
Halim Khelafa
The purpose of this chapter is to provide a wide spectrum of end users with a complete reference on malicious code or malware. End users include... Sample PDF
Prevention and Handling of Malicious Code
Chapter 14
Francine Herrmann, Djamel Khadraoui
This chapter provides a wide spectrum of existing security risk management methodologies. The chapter starts presenting the concept and the... Sample PDF
Security Risk Management Methodologies
Chapter 15
Albin Zuccato
Organizations are required by legal provision to include information system security into their day- today management activities. To do this... Sample PDF
Information System Life Cycles and Security
Chapter 16
Mohammed Hussein
General-purpose software specification languages are introduced to model software by providing a better understanding of their characteristics.... Sample PDF
Software Specification and Attack Languages
Chapter 17
R. Manjunath
Providing security for the content that gets exchanged between physically and geographically different locations is challenging. The cost and... Sample PDF
Dynamic Management of Security Constraints in Advanced Enterprises
Chapter 18
Fredrik Vraalsen, Tobias Mahler
This chapter gives an introduction to the CORAS approach for model-based security risk analysis. It presents a guided walkthrough of the CORAS risk... Sample PDF
Assessing Enterprise Risk Level: The CORAS Approach
About the Contributors