Self-Protection Mechanisms for Web Applications - A Case Study

Claudia Raibulet, Alberto Leporati, Andrea Metelli

Abstract

Self-protection mechanisms aim to improve security of software systems at runtime. They are able to automatically prevent and/or react to security threats by observing the state of a system and its execution environment, by reasoning on the observed state, and by applying enhanced security strategies appropriate for the current threat. Self-protection mechanisms complement traditional security solutions which are mostly static and focus on the boundaries of a system, missing in this way the overall picture of a system's security. This paper presents several self-protection mechanisms which have been developed in the context of a case study concerning a home banking system. Essentially, the mechanisms described in this paper aim to improve the security of the system in the following two scenarios: users' login and bank operations. Furthermore, the proposed self-protection mechanisms are presented through the taxonomy proposed in (Yuan, 2014).

References

  1. Anderson, R.J., 2008. Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition. Wiley.
  2. Cheng, B.H.C., de Lemos, R., Giese, H., Inverardi, P., Magee, J., 2009. Software Engineering or SelfAdaptive Systems. LNCS 5525, Springer.
  3. de Lemos, R., Giese, H., Muller, H., Shaw, M., 2013. Software Engineering for Self-Adaptive Systems II. LNCS 7475, Springer.
  4. Pfleeger, C.P., Pfleeger, S.L, 2006. Security in Computing, 4th Edition Prentice Hall.
  5. Schmerl, B., Camara, J., Gennari, J., Garlan, D., Casanova, P., Moreno, G. A., Glazier, T. J., Barnes, J. M., 2014. Architecture-based self-protection: composing and reasoning about denial-of-service mitigations. In Proceedings of the 2014 Symposium and Bootcamp on the Science of Security.
  6. Stallings. W., 2013. Network Security Essentials: Applications and Standards, 5th ed. Pearson, 2013.
  7. Tor Project, 2015. www.torproject.org.
  8. Yuan, E., Esfahani, N., Malek, S.,2014. A Systematic Survey of Self-Protecting Software Systems. In ACM Transactions on Autonomous and Adaptive Systems, Vol. 8, Issue 4, Article No. 17.
  9. Yuan, E., Malek, S., 2012. A Taxonomy and Survey of Self-Protecting Software Systems. In Symposium on Software Engineering for Adaptive and Self-Managing Systems, pp. 109-118.
  10. Yuan, E., Malek, S., Schmerl, B., Garlan, D., Gennari, J., 2013. Architecture-based self-protecting software systems. In 9th International ACM Sigsoft Conference on Quality of Software Architectures, pp. 33-42.
Download


Paper Citation


in Harvard Style

Raibulet C., Leporati A. and Metelli A. (2016). Self-Protection Mechanisms for Web Applications - A Case Study . In Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-189-2, pages 181-188. DOI: 10.5220/0005869101810188


in Bibtex Style

@conference{enase16,
author={Claudia Raibulet and Alberto Leporati and Andrea Metelli},
title={Self-Protection Mechanisms for Web Applications - A Case Study},
booktitle={Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE,},
year={2016},
pages={181-188},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005869101810188},
isbn={978-989-758-189-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE,
TI - Self-Protection Mechanisms for Web Applications - A Case Study
SN - 978-989-758-189-2
AU - Raibulet C.
AU - Leporati A.
AU - Metelli A.
PY - 2016
SP - 181
EP - 188
DO - 10.5220/0005869101810188