Advanced search
1 file | 214.17 KB Add to list
Author
Organization
Project
Abstract
Security risk management and mitigation are two of the most important items on several companies’ agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that allows the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive.

Downloads

  • (...).pdf
    • full text
    • |
    • UGent only
    • |
    • PDF
    • |
    • 214.17 KB

Citation

Please use this url to cite or link to this publication:

MLA
Basile, Cataldo et al. “Automatic Discovery of Software Attacks via Backward Reasoning.” 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO). IEEE, 2015. 52–58. Print.
APA
Basile, C., Canavese, D., d’ Annoville, J., De Sutter, B., & Valenza, F. (2015). Automatic discovery of software attacks via backward reasoning. 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO) (pp. 52–58). Presented at the IEEE/ACM 1st International Workshop on Software Protection (SPRO), IEEE.
Chicago author-date
Basile, Cataldo, Daniele Canavese, Jerome d’ Annoville, Bjorn De Sutter, and Fulvio Valenza. 2015. “Automatic Discovery of Software Attacks via Backward Reasoning.” In 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), 52–58. IEEE.
Chicago author-date (all authors)
Basile, Cataldo, Daniele Canavese, Jerome d’ Annoville, Bjorn De Sutter, and Fulvio Valenza. 2015. “Automatic Discovery of Software Attacks via Backward Reasoning.” In 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), 52–58. IEEE.
Vancouver
1.
Basile C, Canavese D, d’ Annoville J, De Sutter B, Valenza F. Automatic discovery of software attacks via backward reasoning. 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO). IEEE; 2015. p. 52–8.
IEEE
[1]
C. Basile, D. Canavese, J. d’Annoville, B. De Sutter, and F. Valenza, “Automatic discovery of software attacks via backward reasoning,” in 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), Florence, ITALY, 2015, pp. 52–58.
@inproceedings{6847850,
  abstract     = {{Security risk management and mitigation are two of  the most important items on several companies’  agendas. In  this scenario, software attacks pose a major threat to the reliable execution of  services, thus bringing negative effects on businesses. This paper presents a formal model  that  allows  the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for  mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed  to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming  methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive.}},
  author       = {{Basile, Cataldo and Canavese, Daniele and d'Annoville, Jerome and De Sutter, Bjorn and Valenza, Fulvio}},
  booktitle    = {{2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO)}},
  isbn         = {{978-1-4673-7094-3}},
  language     = {{eng}},
  location     = {{Florence, ITALY}},
  pages        = {{52--58}},
  publisher    = {{IEEE}},
  title        = {{Automatic discovery of software attacks via backward reasoning}},
  url          = {{http://dx.doi.org/10.1109/SPRO.2015.17}},
  year         = {{2015}},
}

Altmetric
View in Altmetric
Web of Science
Times cited: