Mitigating Security Risks in Systems that Support Pervasive Services and Computing: Access-Driven Verification, Validation and Testing

摘要

Unique operational and environmental characteristics define pervasive services and computing; they, too, define an ideal atmosphere in which security risks flourish. Ever-present accessibility through the networked and wireless infrastructures, dependency on autonomous and often anonymous computing agents, and the ubiquitous nature of pervasive services make them both enticing and easy targets for ill-intentioned activities. To help mitigate that risk, we propose an adaptive, access-driven verification, validation and testing (VV&T) strategy that, through a Process/Object Model of Computation, (a) identifies those resources and software objects most susceptible to attack, (b) enumerates violable constraints and assumptions underlying those attacks, and (c) provides multi-level strategies incorporating resources, software objects, and constraints and assumptions to determine if, and to what extent, systems supporting pervasive computing are vulnerable to security exploits. The VV&T strategies are defined to accommodate various levels of access to the software development process and its artifacts.