Build and Watch: Towards Intrusion-Aware Software Systems

构建并观察：走向入侵感知软件系统

• 批准号: RGPIN-2014-04294
• 负责人: Zulkernine, Mohammad
• 金额: $ 1.89万
• 依托单位: Queen's University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=670004
• 关键词: Build; Watch; Towards; Intrusion; Aware

Security is of prime importance in the design and implementation of software systems. Nevertheless, in most software development processes, security issues are not addressed from the beginning of a software development life cycle and sometimes even are looked at after the deployment of the software. As a result, these software systems remain vulnerable to various attacks. The growing complexity of software systems requires more serious attention of software engineers and security analysts to monitor software systems for their security. However, the main focus in most secure software development methodologies is not specifically on integrating or monitoring security aspects along the development phases. This research program will focus on building intrusion-aware software systems and then watching or monitoring those at runtime.**The ultimate goal of this research program is to develop methodologies allowing the generation of more secure software systems by enabling them to monitor intrusions automatically in the modern distributed environments. The proposed program will be carried out to achieve this goal using two complementary approaches of development and monitoring: i) Security requirements specification-based; ii) Security pattern-based. A specification method will be proposed which can be used to specify operational behavior of the system both under normal condition and when it is under known attacks. The same specification will be utilized at runtime for identifying the deviation from the specification. Tools will be built for intrusion scenario description and automatic signature generation from the scenarios. Finally, software monitoring systems will be developed to detect any intrusions into the software systems by analyzing the run-time behavior of the systems with respect to the generated signatures. Security patterns will be used to realize security requirements in software design and the violation (absence or presence) of these patterns will be detected by automatic analysis of the patterns employing the observed runtime information. As security patterns are the components of design and correspond to security requirements, any violation of these patterns indicates the violation of the corresponding requirements. The methods and tools derived from this research program will be assessed on case studies from real world security-critical applications. **The outcomes of this research will play a vital role in bridging the gap between software engineering and security engineering practices for modern, complex, and distributed software systems. Security of software systems is more crucial now as it is the basis for the security of new computing paradigms and environments such as Cloud and mobile. One of the unique aspects of this research program is to provide a balanced training facility for five graduate students in both software engineering and security engineering principles preparing them to build secure software products.

安全性在软件系统的设计和实现中是至关重要的。然而，在大多数软件开发过程中，安全问题并没有从软件开发生命周期的一开始就得到解决，有时甚至在软件部署之后才得到解决。因此，这些软件系统仍然容易受到各种攻击。软件系统的日益复杂性要求软件工程师和安全分析师更加认真地关注软件系统的安全性。然而，大多数安全软件开发方法的主要焦点并不是特别关注沿着开发阶段的集成或监控安全方面。该研究计划将专注于构建入侵感知软件系统，然后在运行时监视或监控这些系统。该研究计划的最终目标是开发方法，使他们能够在现代分布式环境中自动监控入侵，从而生成更安全的软件系统。将使用两种互补的开发和监控方法来执行拟议的计划以实现这一目标：i）基于安全需求规范; ii）基于安全模式。将提出一种规范方法，它可以用来指定系统在正常情况下，当它是在已知的攻击下的操作行为。运行时将使用相同的质量标准来识别与质量标准的偏差。将建立入侵情景描述和从情景自动生成特征码的工具。最后，将开发软件监控系统，以通过分析系统相对于生成的签名的运行时行为来检测对软件系统的任何入侵。安全模式将被用来实现软件设计中的安全要求，这些模式的违反（不存在或存在）将被检测到的模式采用所观察到的运行时信息的自动分析。由于安全模式是设计的组成部分，并与安全需求相对应，因此任何违反这些模式的行为都表明违反了相应的需求。从这个研究计划中获得的方法和工具将在真实的世界安全关键应用的案例研究中进行评估。** 本研究的成果将在弥合现代、复杂和分布式软件系统的软件工程和安全工程实践之间的差距方面发挥至关重要的作用。软件系统的安全性现在更加重要，因为它是云和移动的等新计算模式和环境的安全性的基础。该研究计划的独特之处之一是为五名研究生提供软件工程和安全工程原理的平衡培训设施，使他们能够构建安全的软件产品。