Towards Incorporating Discrete-Event Systems in Secure Software Development

When designers and developers create software they often overlook issues related to security. Ideally, protection of the program from illegal usage would be considered at each stage of this program´s life cycle. The proposition put forward here is to augment intrusion detection systems (IDSs) and employ them as a tool to support secure software development. Many state-based intrusion detection methods share structural and behavioural similarities with the set of processes known as discrete-event systems (DESs). A common structure for modelling DESs is the deterministic finite-state automaton. There exist several compatible anomaly detection techniques which construct finite- state machine models of normal behaviour through the decomposition of associated data (e.g., system calls, HTTP requests) into sequences of events. This paper proposes the application of decentralized DES theory to formally analyze and enhance these approaches to anomaly detection with misuse prevention. Models of misuse attacks are generated in the same manner as the legal usage representation, then augmented and integrated into the program model to prevent the execution of malicious sequences. The technique described herein simultaneously uses anomaly and misuse approaches to prevent and disable attacks before their completion.