Attack Patterns: A New Forensic and Design Tool

International Federation for Information Processing Digital Library; Advances in Digital Forensics III; 11/2007; DOI: 10.1007/978-0-387-73742-3_24
Source: OAI


A pattern is an encapsulated solution to a problem in a given context that can be used to guide system design and evaluation. Analysis, design and architectural patterns are established formalisms for designing high quality software. Security patterns guide the secure design of systems by providing generic solutions that prevent a variety of attacks. This paper presents an attack pattern, a new type of pattern that is specified from the point of view of an attacker. The pattern describes how an attack is performed, enumerates the security patterns that can be applied to defeat the attack, and describes how to trace the attack once it has occurred. An example involving DoS attacks on VoIP networks is used to demonstrate the value of the formalism to security designers and forensic investigators. Full Text at Springer, may require registration or fee

13 Reads
  • Source
    • "Discovering vulnerabilities in VoIP networks is complex and as an aid we have proposed in [1] a new type of pattern, the attack pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what system units it uses and how), proposes ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and helps analyzing the attack once it has happened by indicating where we can find forensics data as well as what type of data. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In VoIP, in order to avoid attacks and discover security vulnerabilities, it is necessary to be aware of typical risks and to have a good understanding of how vulnerabilities can be exploited. In a previous paper we presented the concept of misuse patterns. Attack patterns describe from the point of view of the attacker, how a type of attack is performed (what system units it uses and how), analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present a set of misuse patterns for VoIP: Denial of Service (DoS), Call Interception, and Theft of Service on VoIP.
    Security and Communication Networks 11/2009; 2(6):635-653. DOI:10.1145/1772070.1772072 · 0.72 Impact Factor
  • Source
    • "If the enciphered call makes sense to the callee, since only the caller's private key could have been used to generate a meaningful call after decipherment by the callee, both parties can trust each other and are successfully authenticated. Public key cryptography-based authentication is the only means of authentication that scales up to arbitrarily large networks by making it possible to securely distribute keys relatively easily through unsecured networks [12]. Fig. 7 shows a sequence diagram (Refer to the class diagram of Figure 1) illustrating an authenticated call. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Voice over IP (VoIP) has had a strong effect on global communications by allowing human voice and fax information to travel over existing packet data networks along with traditional data packets. The convergence of voice and data in the same network brings both benefits and constraints to users. Among the several issues that need to be addressed when deploying this technology, security is one of the most critical. We give an overview of VoIP and provide UML models of some aspects of its infrastructure, including architectures and basic use cases. We present some security patterns that describe mechanisms that can control many of the possible attacks and which could be used to design secure systems.
    08/2007; 2(2). DOI:10.1109/ICCGI.2007.57
  • Source
    • "A pattern is a reusable solution to a recurrent systems problem and their use has increased consistently in software development, being now adopted by any vendors and developers. We have proposed the idea of expressing standards as patterns and use these patterns to understand and compare the standards [2]. These patterns are also useful to evaluate existing products by checking if they include specific patterns. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We completed a one-year project funded by the U.S. Dept. of Defense to evaluate the state of the art of web services security and reliability. There are numerous standards for security and reliability and we analyzed their possible value for system design. In any large system we need to incorporate a good number of COTS components and we also considered what relevant products are available and what standards they support. Tools that can help designers build this type of systems were another objective. Finally, we studied how to use all this in a systematic lifecycle-based methodology to build secure and reliable systems. A byproduct was the development of several architectural patterns to be used in such a methodology to help designers incorporate standards in products and evaluate existing products. The project included three faculty members and two MS-level students. Several publications and two MS theses resulted from this work.
Show more