Intrusion detection aware component-based systems: A specification-based framework

Component-Based Software Engineering (CBSE) increases the reusability of software and hence decreases software development time and cost. Unfortunately, developing components for maximum reusability and acquiring third party components invite many security related concerns. The security related issues are more crucial for embedded and real-time systems. Currently, many approaches are proposed to aid the development and evaluation of secure components. However, it is well known among practitioners that, like any other software entities, components cannot be completely secure. This fact leads us to incorporate intrusion detection facilities to equip components with mechanisms to discover intrusions against components. In this paper, we present a framework for developing components with intrusion detection capabilities. This framework uses UMLintr, a UML profile for intrusion specifications. The profile allows developers to specify intrusion scenarios using UML diagrams. Specifying intrusion scenarios using the same language that is used for specifying software behavior eliminates the need for separate languages for describing intrusions. Other software specification languages can be easily adopted into this framework. The outcome of this framework are components equipped with intrusion detectors. Based on UMLintr, a prototype is built and used to generate signatures for some intrusions included in the benchmark DARPA attack datasets. Furthermore, we describe an Intrusion Detection System (IDS) which uses these signatures to detect component intrusions.