Modeling misuse patterns

Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    31 Citations (Scopus)

    Abstract

    Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

    Original languageEnglish
    Title of host publicationProceedings - International Conference on Availability, Reliability and Security, ARES 2009
    Pages566-571
    Number of pages6
    DOIs
    Publication statusPublished - 2009
    EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Fukuoka Prefecture
    Duration: 2009 Mar 162009 Mar 19

    Other

    OtherInternational Conference on Availability, Reliability and Security, ARES 2009
    CityFukuoka, Fukuoka Prefecture
    Period09/3/1609/3/19

    Fingerprint

    Industry

    ASJC Scopus subject areas

    • Software
    • Safety, Risk, Reliability and Quality

    Cite this

    Fernandez, E. B., Yoshioka, N., & Washizaki, H. (2009). Modeling misuse patterns. In Proceedings - International Conference on Availability, Reliability and Security, ARES 2009 (pp. 566-571). [5066527] https://doi.org/10.1109/ARES.2009.139

    Modeling misuse patterns. / Fernandez, Eduardo B.; Yoshioka, Nobukazu; Washizaki, Hironori.

    Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. p. 566-571 5066527.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Fernandez, EB, Yoshioka, N & Washizaki, H 2009, Modeling misuse patterns. in Proceedings - International Conference on Availability, Reliability and Security, ARES 2009., 5066527, pp. 566-571, International Conference on Availability, Reliability and Security, ARES 2009, Fukuoka, Fukuoka Prefecture, 09/3/16. https://doi.org/10.1109/ARES.2009.139
    Fernandez EB, Yoshioka N, Washizaki H. Modeling misuse patterns. In Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. p. 566-571. 5066527 https://doi.org/10.1109/ARES.2009.139
    Fernandez, Eduardo B. ; Yoshioka, Nobukazu ; Washizaki, Hironori. / Modeling misuse patterns. Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. pp. 566-571
    @inproceedings{6f6827038df7490994a5b2f89c766bf0,
    title = "Modeling misuse patterns",
    abstract = "Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.",
    author = "Fernandez, {Eduardo B.} and Nobukazu Yoshioka and Hironori Washizaki",
    year = "2009",
    doi = "10.1109/ARES.2009.139",
    language = "English",
    isbn = "9780769535647",
    pages = "566--571",
    booktitle = "Proceedings - International Conference on Availability, Reliability and Security, ARES 2009",

    }

    TY - GEN

    T1 - Modeling misuse patterns

    AU - Fernandez, Eduardo B.

    AU - Yoshioka, Nobukazu

    AU - Washizaki, Hironori

    PY - 2009

    Y1 - 2009

    N2 - Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

    AB - Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

    UR - http://www.scopus.com/inward/record.url?scp=70349706065&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=70349706065&partnerID=8YFLogxK

    U2 - 10.1109/ARES.2009.139

    DO - 10.1109/ARES.2009.139

    M3 - Conference contribution

    AN - SCOPUS:70349706065

    SN - 9780769535647

    SP - 566

    EP - 571

    BT - Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

    ER -