Title :
Service Security Analysis Based on i*: An Approach from the Attacker Viewpoint
Author :
Li, Tong ; Liu, Lin ; Elahi, Golnaz ; Yu, Eric ; Bryant, Barrett R.
Author_Institution :
Sch. of Software, Tsinghua Univ., Beijing, China
Abstract :
Security analysis is a knowledge intensive process, in which the attackers and the system owners are competing with their knowledge about how the system is built, what are the weakest points of the system, and how to exploit or to protect them. In other words, it is a race of knowledge. In this paper, we present a service security modeling approach based on the agent-oriented requirement modeling framework, i*. In this approach, we first model system actors´ rationale for delivery of the service function. Then, we model a malicious actor whose intention is to disable the system functionality by exploiting their knowledge about the service and potential attacks. We assume that attackers have full knowledge about the system, which is the worst case scenario. Finally, the method automatically identifies attack routes across the actors´ dependency network based on the available knowledge. We use a recent network attack event to a major Internet service provider to illustrate the approach.
Keywords :
Internet; computer network security; invasive software; software architecture; Internet service provider; agent-oriented requirement modeling; attack routes; attacker viewpoint; knowledge intensive process; malicious actor; service function; service security analysis; system owners; Service security; agent-orientation; attacker; risk;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th Annual
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-8089-0
Electronic_ISBN :
978-0-7695-4105-1
DOI :
10.1109/COMPSACW.2010.98
