SEAMS 2020
Mon 29 June - Fri 3 July 2020
co-located with ICSE 2020
Thu 2 Jul 2020 07:10 - 07:15 at SEAMS - Session 5: Design, Verification & Explainability Chair(s): Javier Camara

Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such logic attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks that misusing business logic rules. The appraoch maintains up-to-date domain knowledge that is analyzed using runtime verification (RV) to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations. We evaluate the approach using a case in the domain of hotel booking systems.

Paper (SEAMS2020ACM.pdf)568KiB

Thu 2 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

07:00 - 08:20: Session 5: Design, Verification & ExplainabilitySEAMS 2020 at SEAMS
Chair(s): Javier CamaraUniversity of York
07:00 - 07:05
Collective Risk Minimization via a Bayesian Model for Statistical Software TestingTechnical
SEAMS 2020
Joachim HaenselHasso Plattner Institute, University of Potsdam, Germany, Christian Medeiros AdrianoHasso-Plattner-Institute, Potsdam, Johannes DyckHasso Plattner Institute for Software Systems Engineering, Germany, Holger GieseHasso Plattner Institute, University of Potsdam
Pre-print Media Attached
07:05 - 07:10
Expecting the Unexpected: Developing Autonomous-System Design Principles for Reacting to Unpredicted Events and ConditionsNIER
SEAMS 2020
Assaf MarronWeizmann Institute of Science, Israel, Lior LimonadIBM Corporation, Israel, Sarah PollackWeizmann Institute of Science, Israel, David HarelWeizmann Institute of Science, Israel
Media Attached
07:10 - 07:15
Self-Protection Against Business Logic VulnerabilitiesNIER
SEAMS 2020
Silvan ZellerOmegapoint AB, Sweden, Narges KhakpourLinnaeus University, Danny WeynsKU Leuven, Daniel DeogunOmegapoint AB, Sweden
Media Attached File Attached
07:15 - 07:20
Towards Highly Scalable Runtime Models with HistoryNIER
SEAMS 2020
Lucas SakizloglouHasso Plattner Institute, University of Potsdam, Sona GhahremaniHasso Plattner Institute, University of Potsdam, Thomas Brand, Matthias BarkowskyHasso Plattner Institute, University of Potsdam, Germany, Holger GieseHasso Plattner Institute, University of Potsdam
DOI Pre-print Media Attached
07:20 - 08:20
Q&A and Discussion (Session 5)
SEAMS 2020