{"title":"Feature interaction: the security threat from within software systems","authors":"A. Nhlabatsi, R. Laney, B. Nuseibeh","doi":"10.2201/NIIPI.2008.5.8","DOIUrl":null,"url":null,"abstract":"Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thi sp aper, we discuss the feature interaction problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.","PeriodicalId":91638,"journal":{"name":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","volume":"47 1","pages":"75"},"PeriodicalIF":0.0000,"publicationDate":"2008-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2201/NIIPI.2008.5.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 52
Abstract
Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thi sp aper, we discuss the feature interaction problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
