Malicious software engineer intrusion detection between components
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This thesis describes an approach to detecting malicious software engineer intrusion between components in application systems using business processes (use cases) of applications. The approach detects malicious codes inserted by malicious software engineers to the system during the software development or the maintenance phase. This research extends a previous research about malicious software engineer intrusion within a component. The proposed approach detects intrusion using system detectors that are designed to encapsulate the relationships between components. Those relationships are represented with the UML state machines. The system detectors communicate with objects in components in order to monitor the communication between components in which the system detectors authenticate the messages from objects. This is to avoid fake messages from malicious code. The proposed approach has been applied to two case studies – Automated Teller Machine System and Electronic Commerce System – and the performance of the system detectors has been evaluated with case studies.