Security Vulnerabilities in Event-Driven Systems
نویسنده
چکیده
The event-driven model is a model commonly used in the implementation of systems such as the Graphical User Interface (GUI). While it offers important advantages over alternative choices, it often exhibits security vulnerabilities due to its architectural characteristics in the handling of events. In this paper we examine the security vulnerabilities of event-driven systems and define the conditions that produce them. We show that a substantial number of these vulnerabilities follow the same principles with buffer overrun vulnerabilities and finally we provide countermeasures.
منابع مشابه
Intelligent buildings: an investigation into current and emerging security vulnerabilities in automated building systems using an applied defeat methodology
Intelligent Buildings (IB) have become increasing popular during the past decade, driven through the need to reduce energy, have more reactive and safer buildings, and increase productivity. IB integrate many systems that were in the past isolated from each other, including fire and life safety, HVAC, lighting, security, etc. Facilities contain commercial-in-confidence material and other valued...
متن کاملIdentifying Inter-Component Communication Vulnerabilities in Event-based Systems
Event based systems are flexible, scalable, and adaptable based on its feature of non-determinism in event communication. However, this may yield security vulnerabilities in event communication between components. For example, malicious components can steal sensitive data or manipulate other components in an intended way. This paper introduces SCUTUM, a novel technique that automatically detect...
متن کاملStandardizing Source Code Security Audits
A source code security audit is a powerful methodology for locating and removing security vulnerabilities. An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploit vulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit research currently remains disjoint with minor discussion of methodologies utilized ...
متن کاملEngineering Self-protection for Autonomous Systems
Security violations occur in systems even if security design is carried out or security tools are deployed. Social engineering attacks, vulnerabilities that can not be captured in the relatively abstract design model (as buffer-overflows), or unclear security requirements are only some examples of such unpredictable or unexpected vulnerabilities. One of the aims of autonomous systems is to reac...
متن کاملAnalysis of Information Security Problem by Probabilistic Risk Assessment
The information security risk assessment is investigated from perspectives of most advanced probabilistic risk assessment (PRA) for nuclear power plants. Accident scenario enumeration by initiating events, mitigation systems and event trees are first described and demonstrated. Assets, confidentiality, integrity, availability, threats, vulnerabilities, impacts, likelihoods, and safeguards are r...
متن کامل