Operational system testing for designed in security


ÖZÇELİK İ., Brooks R. R.

8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013, Oak Ridge, TN, Amerika Birleşik Devletleri, 8 - 10 Ocak 2013 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Cilt numarası:
  • Doi Numarası: 10.1145/2459976.2460038
  • Basıldığı Şehir: Oak Ridge, TN
  • Basıldığı Ülke: Amerika Birleşik Devletleri
  • Eskişehir Osmangazi Üniversitesi Adresli: Evet

Özet

To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. How- ever, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities. Copyright 2012 ACM.