Self-Protection Against Business Logic Vulnerabilities (SEAMS 2020 - 15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems)

Who

Silvan Zeller, Narges Khakpour, Danny Weyns, Daniel Deogun

Track

SEAMS 2020

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 2 Jul 2020 07:10 - 07:15 at SEAMS - Session 5: Design, Verification & Explainability Chair(s): Javier Camara

Abstract

Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such logic attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks that misusing business logic rules. The appraoch maintains up-to-date domain knowledge that is analyzed using runtime verification (RV) to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations. We evaluate the approach using a case in the domain of hotel booking systems.

File attachments

Paper (SEAMS2020ACM.pdf)	568KiB

Silvan Zeller

Omegapoint AB, Sweden

Narges Khakpour

Linnaeus University

Danny Weyns

KU Leuven

Belgium

Daniel Deogun