lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Self-protection against business logic vulnerabilities
Omegapoint AB, Sweden.
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (PROSSES;ERES)ORCID iD: 0000-0002-0377-5595
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). Catholic University of Leuven, Belgium. (DISA)ORCID iD: 0000-0002-1162-0817
Omegapoint AB, Sweden.
2020 (English)In: 15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS@ICSE 2020), ACM Publications, 2020, p. 174-180Conference paper, Published paper (Refereed)
Abstract [en]

Attacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a system against the exploitation of business logic vulnerabilities. The approach empowers a system with a self-protecting layer to protect it against attacks aimed at misusing business logic rules. The approach maintains up-to-date domain knowledge which is analyzed using runtime verification to detect logical attacks. When attacks are discovered they are dynamically mitigated by applying proper system reconfigurations at runtime. We evaluate the approach using a case from the domain of hotel booking systems.

Place, publisher, year, edition, pages
ACM Publications, 2020. p. 174-180
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-93173DOI: 10.1145/3387939.3391609Scopus ID: 2-s2.0-85093116275ISBN: 9781450379625 (electronic)OAI: oai:DiVA.org:lnu-93173DiVA, id: diva2:1417368
Conference
15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS@ICSE 2020, Seoul, South Korea, October 5-11, 2020
Projects
PROSSESAvailable from: 2020-03-27 Created: 2020-03-27 Last updated: 2022-04-12Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Khakpour, NargesWeyns, Danny

Search in DiVA

By author/editor
Khakpour, NargesWeyns, Danny
By organisation
Department of computer science and media technology (CM)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 349 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf