Detecting Inter-Component Vulnerabilities in Event-based Systems
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 7
Abstract
Event-based system (EBS) has become popular because of its high flexibility, scalability, and adaptability. These advantages are enabled by its communication mechanism—implicit invocation and implicit concurrency between components. The communication mechanism is based on non-determinism in event processing, which can introduce inherent security vulnerabilities into a system referred to as event attacks. Event attack is a particular type of attack that can abuse, incapacitate, and damage a target system by exploiting the system's event-based communication model. It is hard to prevent event attacks because they are administered in a way that does not differ from ordinary event-based communication in general. While a number of techniques have focused on security threats in EBS, they do not appropriately resolve the event attack issues or suffer from inaccuracy in detecting and preventing event attacks. To address the risk of event attacks, I present a novel vulnerability detection technique for EBSs that are implemented by using message-oriented middleware platform. My technique has been evaluated on 25 open-source benchmark apps and eight real-world EBSs. The evaluation exhibited my technique's higher accuracy in detecting vulnerabilities on event attacks than existing techniques as well as its applicability to real-world EBSs.
Authors and Affiliations
Youn Kyu Lee
Keywords
Related Articles
- EP ID EP611188
- DOI 10.14569/IJACSA.2019.0100704
- Views 88
- Downloads 0
Accuracy Performance Degradation in Image Classification Models due to Concept Drift
Big data is playing a significant role in the current computing revolution. Industries and organizations are utilizing their insights for Business Intelligence by using Deep Learning Networks (DLN). However, dynamic char...
Extracting the Features of Modern Web Applications based on Web Engineering Methods
With the revolution of the information, an advanced version of the web proposed from web 1.0 to web 4.0. In each version, many web applications appeared. In the new versions, modern web applications (MWAs) proposed. Thes...
Contributions to the Analysis and the Supervision of a Thermal Power Plant
Supervision systems play an important role in industry mainly due to the increasing demand for product quality and high efficiency, and to the growing integration of automatic control systems in technical processes. In f...
Integration of Automated Decision Support Systems with Data Mining Abstract: A Client Perspective
Customer’s behavior and satisfaction are always play important role to increase organization’s growth and market value. Customers are on top priority for the growing organization to build up their businesses. In this pap...
On FPGA Implementation of a Continuous-Discrete Time Observer for Sensorless Induction Machine using Simulink HDL Coder
This paper deals with the design of a continuousdiscrete time high gain observer (CDHGO) for sensorless control of an induction machine (IM). Only two weakly sampled stator current measurements are used to achieve a real...