Modeling misuse patterns

Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Citations (Scopus)

Abstract

Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

Original languageEnglish
Title of host publicationProceedings - International Conference on Availability, Reliability and Security, ARES 2009
Pages566-571
Number of pages6
DOIs
Publication statusPublished - 2009 Oct 12
EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Fukuoka Prefecture, Japan
Duration: 2009 Mar 162009 Mar 19

Publication series

NameProceedings - International Conference on Availability, Reliability and Security, ARES 2009

Conference

ConferenceInternational Conference on Availability, Reliability and Security, ARES 2009
CountryJapan
CityFukuoka, Fukuoka Prefecture
Period09/3/1609/3/19

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Modeling misuse patterns'. Together they form a unique fingerprint.

  • Cite this

    Fernandez, E. B., Yoshioka, N., & Washizaki, H. (2009). Modeling misuse patterns. In Proceedings - International Conference on Availability, Reliability and Security, ARES 2009 (pp. 566-571). [5066527] (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009). https://doi.org/10.1109/ARES.2009.139