Name
Title | ||
|---|---|---|
Application of contract-based security assertion monitoring framework for telecommunications software engineering |
Abstract | ||
|---|---|---|
Telecommunication software systems, containing security vulnerabilities, continue to be created and released to consumers. We need to adopt improved software engineering practices to reduce the security vulnerabilities in modern systems. Contracts can provide a useful mechanism for the identification, tracking, and validation of security vulnerabilities. In this work, we propose a new contract-based security assertion monitoring framework (CB_SAMF) that is intended to reduce the number of security vulnerabilities that are exploitable across multiple software layers, and to be used in an enhanced systems development life cycle (SDLC). We show how contract-based security assertion monitoring can be achieved in a live environment on Linux. Through security activities integrated into the SDLC we can identify potential security vulnerabilities in telecommunication systems, which in turn are used for the creation of contracts defining security assertions. Our contract model is then applied, as runtime probes, against two common security related vulnerabilities in the form of a buffer overflow and a denial of service. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1016/j.mcm.2010.03.038 | Mathematical and Computer Modelling |
Keywords | Field | DocType |
improved software engineering practice,contracts,common security,telecommunications software engineering,enhanced systems development life,monitors,security assertion,multiple software layer,security,security engineering,new contract-based security assertion,software quality engineering,potential security vulnerability,security activity,security vulnerability,contract-based security assertion monitoring,software systems,software engineering,software quality,system development life cycle,buffer overflow,denial of service | Security testing,Security through obscurity,Computer security,Software security assurance,Security service,Security bug,Security information and event management,Secure coding,Computer security model,Mathematics | Journal |
Volume | Issue | ISSN |
53 | 3-4 | Mathematical and Computer Modelling |
Citations | PageRank | References |
1 | 0.34 | 16 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Alexander M. Hoole | 1 | 10 | 1.99 |
| Issa Traore | 2 | 306 | 32.31 |
| Isabelle Simplot-Ryl | 3 | 90 | 11.35 |