Analyzing Security Attacks to Generate Signatures from Vulnerable Architectural Patterns

Show full item record

Title: Analyzing Security Attacks to Generate Signatures from Vulnerable Architectural Patterns
Author: Gegick, Michael
Advisors: Dr. Annie Anton, Committee Member
Dr. Laurie Williams, Committee Chair
Dr. Julie Earp, Committee Member
Abstract: Current techniques for software security vulnerability identification include the use of abstract, graph-based models to represent information about an attack. These models can be in the form of attack trees or attack nets and can be accompanied with a supporting text-based profile. Matching the abstract models to specific system architectures for effective vulnerability identification can be a challenging process. This thesis suggests that abstract regular expressions can be used to represent events of known attacks for the identification of security vulnerabilities in future applications. The process of matching the events in the regular expression to a sequence of components in a system design may facilitate the means of identifying vulnerabilities. Performing the approach in the design phase of a software process encourages security to be integrated early into a software application. Students in an undergraduate security course demonstrated a strong ability to accurately match regular expressions to a system design. The identification of vulnerabilities is limited to known attacks of other systems and does not offer descriptions of what new attacks are possible to a future application. Extending the approach to incorporate new attacks is an avenue of future work.
Date: 2004-08-24
Degree: MS
Discipline: Computer Science
URI: http://www.lib.ncsu.edu/resolver/1840.16/1923


Files in this item

Files Size Format View
etd.pdf 1.543Mb PDF View/Open

This item appears in the following Collection(s)

Show full item record