Self-Protection Against Business Logic Vulnerabilities (SEAMS 2020 - 15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems)

Who

Silvan Zeller, Narges Khakpour, Danny Weyns, Daniel Deogun

Track

SEAMS 2020

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

Apply

When

Thu 2 Jul 2020 07:10 - 07:15 at SEAMS - Session 5: Design, Verification & Explainability Chair(s): Javier Camara

Abstract

Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such logic attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks that misusing business logic rules. The appraoch maintains up-to-date domain knowledge that is analyzed using runtime verification (RV) to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations. We evaluate the approach using a case in the domain of hotel booking systems.

File attachments

Paper (SEAMS2020ACM.pdf)	568KiB

Silvan Zeller

Omegapoint AB, Sweden

Narges Khakpour

Linnaeus University

Danny Weyns

KU Leuven

Belgium

Daniel Deogun

Omegapoint AB, Sweden

Self-Protection Against Business Logic Vulnerabilities

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

Apply

Session Program

Thu 2 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

07:00 - 08:20: SEAMS 2020 - Session 5: Design, Verification & Explainability at SEAMS
Chair(s): Javier CamaraUniversity of York

07:00 - 07:05
Talk

Collective Risk Minimization via a Bayesian Model for Statistical Software TestingTechnical

Joachim HaenselHasso Plattner Institute, University of Potsdam, Germany, Christian Medeiros AdrianoHasso-Plattner-Institute, Potsdam, Johannes DyckHasso Plattner Institute for Software Systems Engineering, Germany, Holger GieseHasso Plattner Institute, University of Potsdam

Pre-print Media Attached

07:05 - 07:10
Talk

Expecting the Unexpected: Developing Autonomous-System Design Principles for Reacting to Unpredicted Events and ConditionsNIER

Assaf MarronWeizmann Institute of Science, Israel, Lior LimonadIBM Corporation, Israel, Sarah PollackWeizmann Institute of Science, Israel, David HarelWeizmann Institute of Science, Israel

Media Attached

07:10 - 07:15
Talk

Self-Protection Against Business Logic VulnerabilitiesNIER

Silvan ZellerOmegapoint AB, Sweden, Narges KhakpourLinnaeus University, Danny WeynsKU Leuven, Daniel DeogunOmegapoint AB, Sweden

Media Attached File Attached

07:15 - 07:20
Talk

Towards Highly Scalable Runtime Models with HistoryNIER

Lucas SakizloglouHasso Plattner Institute, University of Potsdam, Sona GhahremaniHasso Plattner Institute, University of Potsdam, Thomas Brand, Matthias BarkowskyHasso Plattner Institute, University of Potsdam, Germany, Holger GieseHasso Plattner Institute, University of Potsdam

DOI Pre-print Media Attached

07:20 - 08:20
Other

Q&A and Discussion (Session 5)