Malicious software engineer intrusion detection between components

Date

2010-12

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

This thesis describes an approach to detecting malicious software engineer intrusion between components in application systems using business processes (use cases) of applications. The approach detects malicious codes inserted by malicious software engineers to the system during the software development or the maintenance phase. This research extends a previous research about malicious software engineer intrusion within a component. The proposed approach detects intrusion using system detectors that are designed to encapsulate the relationships between components. Those relationships are represented with the UML state machines. The system detectors communicate with objects in components in order to monitor the communication between components in which the system detectors authenticate the messages from objects. This is to avoid fake messages from malicious code. The proposed approach has been applied to two case studies – Automated Teller Machine System and Electronic Commerce System – and the performance of the system detectors has been evaluated with case studies.

Description

Keywords

Intrusion detection, Internal intrusion, Security, Malicious engineer intrusion, Software engineer intrusion, Intrusion detection between components

Citation