A framework based security-knowledge database for vulnerabilities detection of business logic

机译：基于框架的安全知识库，用于业务逻辑的漏洞检测

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper presents a framework for vulnerabilities detection of business logic in the software design phase. First, model the business logic in the design phase finite state machine, and extract relevant business processes from the model. Calculate the similarity degree between attack pattern and the business processes. Thus, find out if there are some vulnerabilities in the business logic and generate a report of threats analysis. Finally, Focusing on the business logic of user registration in the web application, we model it as a FSA then detect the model. By analyzing the detection result we conclude that the approach is correct and effective and can improve software security and reliability.

机译：本文介绍了软件设计阶段业务逻辑漏洞的框架。首先，在设计阶段有限状态机中模拟业务逻辑，并从模型中提取相关的业务流程。计算攻击模式与业务流程之间的相似度。因此，找出业务逻辑中存在一些漏洞并生成威胁分析的报告。最后，专注于Web应用程序中用户注册的业务逻辑，我们将其模拟为FSA，然后检测模型。通过分析检测结果，我们得出结论，该方法是正确的，有效的，可以提高软件安全性和可靠性。

著录项

来源
《International Conference on Optics, Photonics and Energy Engineering》|2010年||共6页
会议地点
作者
Xiaohong Li; Guozhu Meng; Zhiyong Feng; Xu Li; Dong Pan;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TB133-53;
关键词
Security Software Engineer; Attack Pattern; Finite State Automate; Vulnerabilities; Threats Information;

机译：安全软件工程师;攻击模式;有限状态自动化;漏洞;威胁信息;

相似文献

外文文献
中文文献
专利

1. Token based Detection and Neural Network based Reconstruction framework against code injection vulnerabilities [J] . Teresa K. George, K. Poulose Jacob, Rekha K. James Information Security Technical Report . 2018,第AUGa期

机译：针对代码注入漏洞的基于令牌的检测和基于神经网络的重构框架
2. A comprehensive framework for modeling set-based business rules during conceptual database design [J] . Sudha Ram, Vijay Khatri Information Systems . 2005,第2期

机译：在概念数据库设计过程中为基于集合的业务规则建模的综合框架
3. DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data [J] . IEEE Transactions on Reliability . 2020,第1期

机译：DIAVA：基于流量的框架，用于检测SQL注入攻击和泄漏数据的漏洞分析
4. A framework based security-knowledge database for vulnerabilities detection of business logic [C] . Xiaohong Li, Guozhu Meng, Zhiyong Feng, 2010 International Conference on Optics Photonics and Energy Engineering.;vol. 1. . 2010

机译：基于框架的安全知识数据库，用于业务逻辑的漏洞检测
5. Toward Automated Detection of Logic Vulnerabilities in Web Applications [D] . Felmetsger, Viktoria V. 2010

机译：实现Web应用程序中逻辑漏洞的自动检测
6. Personnel Training Course for Businesses Regarding the Response to Stranded Persons Focusing on Vulnerable People from the Perspective of Business Continuity [O] . Yuki Shibamura, Noriko Sudo, Gengaku Mashiro, 2020

机译：从业务连续性角度出发的针对弱势群体的对受困者的应对的企业人员培训课程
7. An XML-based framework for electronic business document integration with relational databases [O] . Shamsedin Tekieh Razieh Sadat Information Systems Technology Management Australian School of Business UNSW 2009

机译：基于XML的电子商务文档与关系数据库集成的框架
8. Deductive Databases and Logic Programming: Abduction in Deductive Databases andKnowledge-Based Systems. Proceedings of the ICLP'95 Joint Workshop. Held in Shonan Village Center, Japan on June 17, 1995 [R] . Decker, H., Muenchen, S., Geske, U., 1995

机译：演绎数据库和逻辑编程：演绎数据库和基于知识的系统中的绑定。 ICLp'95联合研讨会的会议记录。 1995年6月17日在日本湘南村中心举行

A framework based security-knowledge database for vulnerabilities detection of business logic

摘要

著录项

相似文献

相关主题

期刊订阅