Skip to main content
Springer Nature Link
Log in

Monitoring and Diagnosing Malicious Attacks with Autonomic Software

  • Conference paper
Conceptual Modeling - ER 2009 (ER 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5829))

Included in the following conference series:

  • 1546 Accesses

Abstract

Monitoring and diagnosing (M&D) software based on requirement models is a problem that has recently received a lot of attention in field of Requirement Engineering. In this context, Wang et al. [1] propose a M&D framework that uses goal models to diagnose failures in software at different levels of granularity. In this paper we extend Wang’s framework to monitor and diagnose malicious attacks. Our extensions include the addition of anti-goals to model attacker intentions, as well as context-based modeling of the domain within which our system operates. The extended framework has been implemented and evaluated through a series of experiments intended to test its scalability.

We are grateful to Yiqiao Wang for providing us with the implementation of her system and helping us understand it while designing its extensions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Wang, Y., McIlraith, S.A., Yu, Y., Mylopoulos, J.: Monitoring and diagnosing software requirements. Automated Software Engineering 16, 3–35 (2009)

    Article  Google Scholar 

  2. Fickas, S., Feather, M.: Requirements monitoring in dynamic environments. In: Proceedings of the Second IEEE International Symposium on Requirements Engineering, vol. 1995, pp. 140–147 (1995)

    Google Scholar 

  3. Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with goal models. In: Spaccapietra, S., March, S.T., Kambayashi, Y. (eds.) ER 2002. LNCS, vol. 2503, pp. 167–181. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering. In: Workshop on Requirements for High Assurance Systems (RHAS 2003), pre-workshop of the 11th International IEEE Conference on Requirements Engineering, Software Engineering Institute Report, September 2003, pp. 49–56 (2003)

    Google Scholar 

  5. Lapouchnian, A., Mylopoulos, J.: Modeling domain variability in requirements engineering with contexts. In: Laender, A.H.F., et al. (eds.) ER 2009. LNCS, vol. 5829, pp. 115–130. Springer, Heidelberg (2009)

    Google Scholar 

  6. Castello, R.: Squirrelmail (2009), http://www.squirrelmail.org

  7. Yu, Y., Wang, Y., Mylopoulos, J., Liaskos, S., Lapouchnian, A., do Prado Leite, J.: Reverse engineering goal models from legacy code. In: Proceedings of the 13th IEEE International Conference on Requirements Engineering, 2005, August -2 September 2005, pp. 363–372 (2005)

    Google Scholar 

  8. Susi, A., Perini, A., Mylopoulos, J., Giorgini, P.: The tropos metamodel and its use. Informatica 29, 401–408 (2005)

    Google Scholar 

  9. Bjork, R.C.: Atm simulation (2009), http://www.cs.gordon.edu/courses/cs211/ATMExample/

  10. Robinson, W.N.: Implementing rule-based monitors within a framework for continuous requirements monitoring. In: HICSS 2005: Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Track 7, p. 188a. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  11. Winbladh, K., Alspaugh, T.A., Ziv, H., Richardson, D.J.: An automated approach for goal-driven, specification-based testing. In: ASE 2006: Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering, Washington, DC, USA, pp. 289–292. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  12. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A framework for security requirements engineering. In: SESS 2006: Proceedings of the 2006 international workshop on Software engineering for secure systems, pp. 35–42. ACM, New York (2006)

    Chapter  Google Scholar 

  13. Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375–390. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Sindre, G., Opdahl, A.L.: Reqsec - requirements for secure information systems, project proposal for fritek (2007), http://www.idi.ntnu.no/~guttors/reqsec/plan.pdf

  15. Rodríguez, A., Fernández-Medina, E., Piattini, M.: M-bPSec: A method for security requirement elicitation from a UML 2.0 business process specification. In: Hainaut, J.-L., Rundensteiner, E.A., Kirchberg, M., Bertolotto, M., Brochhausen, M., Chen, Y.-P.P., Cherfi, S.S.-S., Doerr, M., Han, H., Hartmann, S., Parsons, J., Poels, G., Rolland, C., Trujillo, J., Yu, E., Zimányie, E. (eds.) ER Workshops 2007. LNCS, vol. 4802, pp. 106–115. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Mellado, D., Fernandez-Medina, E., Piattini, M.: Security requirements variability for software product lines, pp. 1413–1420 (March 2008)

    Google Scholar 

  17. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: RE 2005: Proceedings of the 13th IEEE International Conference on Requirements Engineering, Washington, DC, USA, pp. 167–176. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  18. Graves, M., Zulkernine, M.: Bridging the gap: software specification meets intrusion detector. In: PST 2006: Proceedings of the 2006 International Conference on Privacy, Security and Trust, pp. 1–8. ACM, New York (2006)

    Google Scholar 

  19. Hong, D., Chiu, D.K.W., Shen, V.Y.: Requirements elicitation for the design of context-aware applications in a ubiquitous environment. In:ICEC 2005: Proceedings of the 7th international conference on Electronic commerce, pp. 590–596. ACM, New York (2005)

    Chapter  Google Scholar 

  20. Salifu, M., Nuseibeh, B., Rapanotti, L., Tun, T.T.: Using problem descriptions to represent variability for context-aware applications. In: First International Workshop on Variability Modelling of Software-intensive Systems (2007)

    Google Scholar 

  21. Semmak, F., Gnaho, C., Laleau, R.: Extended kaos to support variability for goal oriented requirements reuse. In: Proceedings of the International Workshop on Model Driven Information Systems Engineering: Enterprise, User and System Models (MoDISE-EUS 2008, in conjunction with CAiSE), pp. 22–33 (2008)

    Google Scholar 

  22. Ali, R., Dalpiaz, F., Giorgini, P.: Location-based software modeling and analysis: Tropos-based approach. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 169–182. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering and Computer Science, University of Trento, Italy

    Vítor E. Silva Souza & John Mylopoulos

Authors
  1. Vítor E. Silva Souza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Federal University of Minas Gerais, Av. Antônio Carlos 6627, Prédio do ICEx, sala 4010, Pampulha , Belo, 31270-901, Horizonte, MG, Brazil

    Alberto H. F. Laender

  2. Dipartimento di Scienze dell’Informazione, DICo, Università degli Studi di Milano, Comelico, 39/41, 20135, Milano, Italy

    Silvana Castano

  3. Hewlett-Packard Laboratories, 1501 Page Mill Rd., 94304, Palo Alto, CA, USA

    Umeshwar Dayal

  4. Department of Information Engineering and Computer Science, University of Trento, Via sommarive 14, 38050, Povo (Trento), Italy

    Fabio Casati

  5. Instituto de Informática, Universidade Federal do Rio Grande do Sul (UFRGS), Caixa Postal 15.064, 91.501-970, Porto Alegre, RS, Brasil

    José Palazzo M. de Oliveira

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Souza, V.E.S., Mylopoulos, J. (2009). Monitoring and Diagnosing Malicious Attacks with Autonomic Software. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds) Conceptual Modeling - ER 2009. ER 2009. Lecture Notes in Computer Science, vol 5829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04840-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04840-1_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04839-5

  • Online ISBN: 978-3-642-04840-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics