SEAMS 2020
Mon 29 June - Fri 3 July 2020
co-located with ICSE 2020
Thu 2 Jul 2020 07:10 - 07:15 at SEAMS - Session 5: Design, Verification & Explainability Chair(s): Javier Camara

Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such logic attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks that misusing business logic rules. The appraoch maintains up-to-date domain knowledge that is analyzed using runtime verification (RV) to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations. We evaluate the approach using a case in the domain of hotel booking systems.

Paper (SEAMS2020ACM.pdf)568KiB

Thu 2 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

07:00 - 08:20
Session 5: Design, Verification & ExplainabilitySEAMS 2020 at SEAMS
Chair(s): Javier Camara University of York
07:00
5m
Talk
Collective Risk Minimization via a Bayesian Model for Statistical Software TestingTechnical
SEAMS 2020
Joachim Haensel Hasso Plattner Institute, University of Potsdam, Germany, Christian Medeiros Adriano Hasso-Plattner-Institute, Potsdam, Johannes Dyck Hasso Plattner Institute for Software Systems Engineering, Germany, Holger Giese Hasso Plattner Institute, University of Potsdam
Pre-print Media Attached
07:05
5m
Talk
Expecting the Unexpected: Developing Autonomous-System Design Principles for Reacting to Unpredicted Events and ConditionsNIER
SEAMS 2020
Assaf Marron Weizmann Institute of Science, Israel, Lior Limonad IBM Corporation, Israel, Sarah Pollack Weizmann Institute of Science, Israel, David Harel Weizmann Institute of Science, Israel
Media Attached
07:10
5m
Talk
Self-Protection Against Business Logic VulnerabilitiesNIER
SEAMS 2020
Silvan Zeller Omegapoint AB, Sweden, Narges Khakpour Linnaeus University, Danny Weyns KU Leuven, Daniel Deogun Omegapoint AB, Sweden
Media Attached File Attached
07:15
5m
Talk
Towards Highly Scalable Runtime Models with HistoryNIER
SEAMS 2020
Lucas Sakizloglou Hasso Plattner Institute, University of Potsdam, Sona Ghahremani Hasso Plattner Institute, University of Potsdam, Thomas Brand , Matthias Barkowsky Hasso Plattner Institute, University of Potsdam, Germany, Holger Giese Hasso Plattner Institute, University of Potsdam
DOI Pre-print Media Attached
07:20
60m
Other
Q&A and Discussion (Session 5)
SEAMS 2020