Detecting Inter-Component Vulnerabilities in Event-based Systems
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 7
Abstract
Event-based system (EBS) has become popular because of its high flexibility, scalability, and adaptability. These advantages are enabled by its communication mechanism—implicit invocation and implicit concurrency between components. The communication mechanism is based on non-determinism in event processing, which can introduce inherent security vulnerabilities into a system referred to as event attacks. Event attack is a particular type of attack that can abuse, incapacitate, and damage a target system by exploiting the system's event-based communication model. It is hard to prevent event attacks because they are administered in a way that does not differ from ordinary event-based communication in general. While a number of techniques have focused on security threats in EBS, they do not appropriately resolve the event attack issues or suffer from inaccuracy in detecting and preventing event attacks. To address the risk of event attacks, I present a novel vulnerability detection technique for EBSs that are implemented by using message-oriented middleware platform. My technique has been evaluated on 25 open-source benchmark apps and eight real-world EBSs. The evaluation exhibited my technique's higher accuracy in detecting vulnerabilities on event attacks than existing techniques as well as its applicability to real-world EBSs.
Authors and Affiliations
Youn Kyu Lee
Keywords
Related Articles
- EP ID EP611188
- DOI 10.14569/IJACSA.2019.0100704
- Views 97
- Downloads 0
A Survey of Unstructured Text Summarization Techniques
Due to the explosive amounts of text data being created and organizations increased desire to leverage their data corpora, especially with the availability of Big Data platforms, there is not usually enough time to read...
Analysis and Maximizing Energy Harvesting from RF Signals using T-Shaped Microstrip Patch Antenna
The advancement of the modern world requires catering the power crisis. New methodologies for energy harvesting were considered, but their succession in a different environment is still to explore. This paper deals with...
Virtual Identity Approaches Evaluation for Anonymous Communication in Cloud Environments
Since the era’s of Cloud computing beginning, the Identity Management is considered as a permanent challenge especially for the hybrid IT environments that permit for many users’ applications to share the same data cente...
A Modified Clustering Algorithm in WSN
Nowadays many applications use Wireless Sensor Networks (WSN) as their fulfill the purpose of collection of data from a particular phenomenon. Their data centric behavior as well as harsh restrictions on energy makes WSN...
Response Prediction for Chronic HCV Genotype 4 Patients to DAAs
Hepatitis C virus (HCV) is a major cause of chronic liver disease, end stage liver disease and liver cancer in Egypt. Genotype 4 is the prevalent genotype in Egypt and has recently spread to Southern Europe particularly...