Attack Patterns: A New Forensic and Design Tool
ABSTRACT A pattern is an encapsulated solution to a problem in a given context that can be used to guide system design and evaluation. Analysis, design and architectural patterns are established formalisms for designing high quality software. Security patterns guide the secure design of systems by providing generic solutions that prevent a variety of attacks. This paper presents an attack pattern, a new type of pattern that is specified from the point of view of an attacker. The pattern describes how an attack is performed, enumerates the security patterns that can be applied to defeat the attack, and describes how to trace the attack once it has occurred. An example involving DoS attacks on VoIP networks is used to demonstrate the value of the formalism to security designers and forensic investigators. Full Text at Springer, may require registration or fee
- SourceAvailable from: María Mercedes Larrondo Petrie[Show abstract] [Hide abstract]
ABSTRACT: Critical infrastructures are the systems that support our everyday life and include areas such as agriculture, information and telecommunications, food, energy, water, transportation, public health, and finance. We need to protect the information necessary to control and coordinate these systems as well as to control access to the physical structures involved. This information is usually embodied in a process control system (PCS) with its corresponding information system. A PCS typically includes a supervisory, control, and data acquisition (SCADA) system, which monitors and controls switches, valves, and physical quantities (temperature, pressure) and collects and logs field data. SCADA systems are distributed systems, including workstations, wired and wireless sensors, and application software. Databases contain the necessary information. SCADA requirements include 24/7 availability, real-time operation, survivability, and remote control. Their protection includes security and reliability concerns, including authentication, authorization, intrusion detection as well as fault tolerance measures. An extra dimension is the need for safety, avoiding damage to people or costly structures. We have developed a course that provides an understanding of how to coordinate hardware and software to provide data and network protection against internal and external attacks. We study the systems involved through the use of object-oriented patterns and formal models. We analyze how to perform a systematic analysis of attacks against the infrastructure. We see which defenses are available and how to apply them. We study the effect of errors on security and safety. Another aspect considered is the effect of system architecture on security and reliability. Finally, we consider development processes to build secure and safe systems.
- [Show abstract] [Hide abstract]
ABSTRACT: A misuse pattern describes how a misuse is performed from the point of view of the attacker, what system units it uses and how, provides ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and provides forensic information. This pattern is useful for designers and developers of web services, who can then avoid these situations following the prescriptions of the pattern. This pattern could also be a guide to know what happened and to correct the corresponding vulnerabilities that led to the attack. We present here a misuse pattern, Spoofing Web Services. A web service spoofing misuse tries to impersonate the identity of a user, and then with the user´s credentials makes requests in his name, with the intention of accessing a specific web service.
- International Journal of Electronic Security and Digital Forensics 01/2014;