A model-based aspect-oriented framework for building intrusion-aware software systems

Zhu, Zhi Jian; Zulkernine, Mohammad

doi:10.1016/j.infsof.2008.05.007

Cited by 17 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The idea has been evolved to propose context‐aware semantic intrusion detection systems for web applications [6]. Having the ability to detect intrusion for a specific application, a new research thread for building intrusion‐aware application development frameworks [41, 42] has also emerged in recent years.…”

Section: Related Workmentioning

confidence: 99%

HPCgnature: a hardware‐based application‐level intrusion detection system

Musavi

Hashemi

2019

IET Information Security

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

HPCgnature: a hardware‐based application‐level intrusion detection system

Musavi

Hashemi

2019

IET Information Security

View full text Add to dashboard Cite

“…The application layer remains the weakest link in the security chain and this is largely attributed to the fact that, good programming skill is simply not sufficient in guaranteeing software security at the application layer. The OWASP [4] and WASC [5] top 10 list from the year 2015 are presented below.…”

Section: Application Layer As a Security Focusmentioning

confidence: 99%

Saudi cloud infrastructure: a security analysis

Rajeh

Jin

Zou

2017

Sci. China Inf. Sci.

View full text Add to dashboard Cite

The growing demand and dependence upon cloud services have garnered an increasing level of threat to user data and security. Some of such critical web and cloud platforms have become constant targets for persistent malicious attacks that attempt to breach security protocol and access user data and information in an unauthorized manner. While some of such security compromises may result from insider data and access leaks, a substantial proportion continues to remain attributed to security flaws that may exist within the core web technologies with which such critical infrastructure and services are developed. This paper explores the direct impact and significance of security in the Software Development Life Cycle (SDLC) through a case study that covers some 70 public domain web and cloud platforms within Saudi Arabia. Additionally, the major sources of security vulnerabilities within the target platforms as well as the major factors that drive and influence them are presented and discussed through experimental evaluation. The paper reports some of the core sources of security flaws within such critical infrastructure by implementation with automated security auditing and manual static code analysis. The work also proposes some effective approaches, both automated and manual, through which security can be ensured throughout the SDLC and safeguard user data integrity within the cloud.

show abstract

“…al. [15] is designed to model potential threats on a system in an aspect-oriented matter. These additions are designed to model an attacker-and-victim-relation in different types of UML diagrams.…”

Section: Aspect Oriented Software Developmentmentioning

confidence: 99%

Using Model Driven Security Approaches in Web Application Development

Hochreiner

Kieseberg

et al. 2014

Information and Communication Technology

View full text Add to dashboard Cite

Abstract. With the rise of Model Driven Engineering (MDE) as a software development methodology, which increases productivity and, supported by powerful code generation tools, allows a less error-prone implementation process, the idea of modeling security aspects during the design phase of the software development process was first suggested by the research community almost a decade ago. While various approaches for Model Driven Security (MDS) have been proposed during the years, it is still unclear, how these concepts compare to each other and whether they can improve the security of software projects. In this paper, we provide an evaluation of current MDS approaches based on a simple web application scenario and discuss the strengths and limitations of the various techniques, as well as the practicability of MDS for web application security in general.

show abstract

A model-based aspect-oriented framework for building intrusion-aware software systems

Cited by 17 publications

References 16 publications

HPCgnature: a hardware‐based application‐level intrusion detection system

HPCgnature: a hardware‐based application‐level intrusion detection system

Saudi cloud infrastructure: a security analysis

Using Model Driven Security Approaches in Web Application Development

Contact Info

Product

Resources

About