Abstract
Several security mechanisms such as digital signature, timestamp audits and trails, encryption, throttling, filtering, protect secrets etc. are available. These security mechanisms are not completely able to stop malicious attacks. For malicious hackers and attackers it is comparatively easy to exploit security loopholes at the user's end side. Behind such type of problem the main reason is bad software design and its implementation without proper risk analysis and mitigation. So, an idea to model availability states an Availability State Transition Model (ASTM) has been proposed in this article. In ASTM methodology, only design level details is required which can be easily retrieved from the software's design.
- Vineet Kumar Maurya, Santhosh Babu G, Jangam Ebenezer, Muni Sekhar V, Asoke K Talukder, Alwyn Roshan Pais, "Suraksha: A Security Designers' Workbench", presented in Hack.in 2009, IIT Kanpur, India, 17-19 March 2009.Google Scholar
- Asoke K Talukder, Vineet Kumar Maurya, Santhosh Babu G, Jangam Ebenezer, Muni Sekhar V, Jevitha K P, Saurabh Samanta, Alwyn Roshan Pais, "Security-aware Software Development Life Cycle (SaSDLC) -- Processes and Tools", presented in WOCN 2009, Cairo, Egypt, 28-30 April 2009. Google ScholarDigital Library
- Bharat B. Madan, Katerina Goseva-Popstojanova, Kalyanaraman Vaidyanathan and Kishor S. Trivedi "Modeling and Quantification of Security Attributes of Software Systems", Proceedings of the International Conference on Dependable Systems and Networks (DSN'02), IEEE, 2002, pp: 505--514. Google ScholarDigital Library
Index Terms
- Availability state transition model
Recommendations
A Survey on XSS Attack Detection and Prevention in Web Applications
ICMLC '20: Proceedings of the 2020 12th International Conference on Machine Learning and ComputingWith the popularity of web technology, web applications become more increasingly vulnerable and are exposed to malicious attacks. Cross Site Scripting(XSS) is a typical attack in web applications. When a vulnerability is exploited, an attacker may ...
Detecting Blind Cross-Site Scripting Attacks Using Machine Learning
SPML '18: Proceedings of the 2018 International Conference on Signal Processing and Machine LearningCross-site scripting (XSS) is a scripting attack targeting web applications by injecting malicious scripts into web pages. Blind XSS is a subset of stored XSS, where an attacker blindly deploys malicious payloads in web pages that are stored in a ...
Unified threat model for analyzing and evaluating software threats
Design-level vulnerabilities are a major source of security problems in software programs. For the purpose of improving the trustworthiness of software designs, this paper presents a unified threat model for representing, analyzing, and evaluating ...
Comments