Self-Protection Against Business Logic VulnerabilitiesNIER
Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such logic attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks that misusing business logic rules. The appraoch maintains up-to-date domain knowledge that is analyzed using runtime verification (RV) to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations. We evaluate the approach using a case in the domain of hotel booking systems.
Paper (SEAMS2020ACM.pdf) | 568KiB |
Thu 2 Jul Times are displayed in time zone: (UTC) Coordinated Universal Time change
07:00 - 08:20: Session 5: Design, Verification & ExplainabilitySEAMS 2020 at SEAMS Chair(s): Javier CamaraUniversity of York | |||
07:00 - 07:05 Talk | Collective Risk Minimization via a Bayesian Model for Statistical Software TestingTechnical SEAMS 2020 Joachim HaenselHasso Plattner Institute, University of Potsdam, Germany, Christian Medeiros AdrianoHasso-Plattner-Institute, Potsdam, Johannes DyckHasso Plattner Institute for Software Systems Engineering, Germany, Holger GieseHasso Plattner Institute, University of Potsdam Pre-print Media Attached | ||
07:05 - 07:10 Talk | Expecting the Unexpected: Developing Autonomous-System Design Principles for Reacting to Unpredicted Events and ConditionsNIER SEAMS 2020 Assaf MarronWeizmann Institute of Science, Israel, Lior LimonadIBM Corporation, Israel, Sarah PollackWeizmann Institute of Science, Israel, David HarelWeizmann Institute of Science, Israel Media Attached | ||
07:10 - 07:15 Talk | Self-Protection Against Business Logic VulnerabilitiesNIER SEAMS 2020 Silvan ZellerOmegapoint AB, Sweden, Narges KhakpourLinnaeus University, Danny WeynsKU Leuven, Daniel DeogunOmegapoint AB, Sweden Media Attached File Attached | ||
07:15 - 07:20 Talk | Towards Highly Scalable Runtime Models with HistoryNIER SEAMS 2020 Lucas SakizloglouHasso Plattner Institute, University of Potsdam, Sona GhahremaniHasso Plattner Institute, University of Potsdam, Thomas Brand, Matthias BarkowskyHasso Plattner Institute, University of Potsdam, Germany, Holger GieseHasso Plattner Institute, University of Potsdam DOI Pre-print Media Attached | ||
07:20 - 08:20 Other | Q&A and Discussion (Session 5) SEAMS 2020 |