Skip to main content
SpringerLink
Log in
Book cover

International Conference on Software Engineering and Computer Systems

ICSECS 2011: Software Engineering and Computer Systems pp 361–375Cite as

Analyzing Framework for Alternate Execution of Workflows for Different Types of Intrusion Threats

  • Conference paper

  • 1725 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 180))

Abstract

The main objective of the research is to conduct an analysis of the framework for alternate execution of workflows under intrusion threat with respect to different types of threats. Framework for alternate execution of workflows under threat makes the system available to the end user no matter if it is under attack by some intrusion threat. The assessment is required to be made for the framework in consideration in terms of what types of threats and how many types of threats for which it may work. For this purpose, 34 different types of threats as described by SOPHOS have been considered. Firstly the types of threats have been categorized based on their goals. Then for each category, framework in consideration is assessed. On the basis of that assessment it is analyzed for what types of threats, the framework can be enabled completely and partially. The number of threats for which the framework is enabled completely is also found. Based on the analysis, the recommendations have been made for possible extensions in the framework where it is enabled partially.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Safdar, S., Hassan, M.F., Qureshi, M.A., Akbar, R.: Framework for Alternate Execution of workflows under threat. In: 2nd International Conference on Communication Software and Networks ICCSN, Singapore (2010)

    Google Scholar 

  2. Safdar, S., Hassan, M.F.: Moving Towards Two Dimensional Passwords. In: International Symposium on Information Technology ITSIM, Malaysia (2010)

    Google Scholar 

  3. SOPHOS: a to z of Computer Secutity Threats SOPHOS (2006) , http://security.ucdavis.edu/sophos_atoz.pdf (retrieved on January 17, 2011)

  4. Yang, D., Yang, B.: A New Password Authentication Scheme Using Fuzzy Extractor with Smart Card. In: 2009 International Conference on Computational Intelligence and Security, pp. 278–282 (2009)

    Google Scholar 

  5. Oorschot, P.C.V., Thorpe, J.: On Predictive Models and User-Drawn Graphical Passwords. ACM Transactions on Information and System Security 10(4), article 17 (2008)

    Google Scholar 

  6. ChunLei, L., YunHong, W., LiNing, L.: A Biometric Templates Secure Transmission Method Based on Bi-layer Watermarking and PKI. In: 2009 International Conference on Multimedia Information Networking and Security, China (2009)

    Google Scholar 

  7. Meng, Y., Peng, L., Wanyu, Z.: Multi-Version Attack Recovery for Workflow Systems. In: 19th Annual Computer Security Applications Conference ACSAC,1063-9527/03. IEEE, Los Alamitos (2003)

    Google Scholar 

  8. Meng, Y., Peng, L., Wanyu, Z.: Self-Healing Workflow Systems under Attacks. In: 24th International Conference on Distributed Computing Systems ICDCS, 1063-6927/04. IEEE, Los Alamitos (2004)

    Google Scholar 

  9. Fung, C.K., Hung, P.C.K.: System Recovery through Dynamic Regeneration of Workflow Specification. In: Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing ISORC, 0-7695-2356-0/05. IEEE, Los Alamitos (2005)

    Google Scholar 

  10. Fung, C.K., Hung, P.C.K., Kearns, W.M., Uczekaj, S.A.: Dynamic Regeneration of Workflow Specification with Access Control Requirements in MANET. In: International Conference on Web Services ICWS, 0-7695-2669-1/06. IEEE, Los Alamitos (2006)

    Google Scholar 

  11. Xiao, K., Chen, N., Ren, S., Kwiat, K., Macalik, M.: A Workflow-based Non-intrusive Approach for Enhancing the Survivability of Critical Infrastructures in Cyber Environment. In: Third International Workshop on Software Engineering for Secure Systems SESS, 0-7695-2952-6/07. IEEE, Los Alamitos (2007)

    Google Scholar 

  12. Goluch, G., Ekelhart, A., Fenz, S., Jakoubi, S., Tjoa, S., Mück, T.: Integration of an Ontological Information Security Concept in Risk-Aware Business Process Management. In: 41st Hawaii International Conference on System Sciences. IEEE, Los Alamitos (2008)

    Google Scholar 

  13. Meier, J.D.: Web Application Security Engineering. IEEE Security Magazine,1540-7993/06, 16–24 (2006)

    Google Scholar 

  14. Virdell, M.: Business processes and workflow in the Web services world, http://www.ibm.com/developerworks/webservices/library/ws-work.html , IBM (2003) (retrieved on January 17, 2011)

  15. Mitchell, S.: Encrypting Sensitive Data in a Database. In: MSDN Spotlight (2005)

    Google Scholar 

  16. Hsueh, S.: Database Encryption in SQL Server 2008. Enterprise Edition SQL Server Technical Article (2008)

    Google Scholar 

  17. Ammann, P., Jajodia, S., Liu, P.: Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering 14, 1167–1185 (2002)

    Article  Google Scholar 

  18. Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)

    Google Scholar 

  19. Chrysanthis. P.: A framework for modeling and reasoning out extended transactions. PhD thesis, University of Massachusetts, Amherst, Amherst, Massachusetts (1991)

    Google Scholar 

  20. Eder, J., Liebhart, W.: Workflow Recovery. In: Conference on Cooperative Information Systems, pp. 124–134 (1996)

    Google Scholar 

  21. Gore, M.M., Ghosh, R.K.: Recovery in Distributed Extended Long-lived Transaction Models. In: 6th International Conference DataBase Systems for Advanced Applications, pp. 313–320 (1998)

    Google Scholar 

  22. Kiepuszewski, B., Muhlberger, R., Orlowska, M.: Flowback: Providing backward recovery for workflow systems. In: International Conference on Management of Data, pp. 555–557. ACM SIGMOD, New York (1998)

    Google Scholar 

  23. Lala, C., Panda, B.: Evaluating damage from cyber attacks. IEEE Transactions on Systems, Man and Cybernetics 31(4), 300–303 (2001)

    Article  Google Scholar 

  24. Red Kestral, Random Password Strength (2004), http://www.redkestrel.co.uk/Articles/RandomPasswordStrength.html Red Kestral Consulting (retrieved on September14, 2009)

  25. Safdar, S., Hassan, M.F., Qureshi, M.A., Akbar, R.: Biologically Inspired Execution Framework for Vulnerable Workflow Systems. International Journal of Computer Science and Information Security IJCSIS 6(1), 47–51 (2009)

    Google Scholar 

  26. Safdar, S., Hassan, M.F., Qureshi, M.A., Akbar, R.: Authentication Model Based on Reformation Mapping Method. In: International Conference on Information and Emerging Technologies ICIET IEEE, Pakistan (2010)

    Google Scholar 

  27. Safdar, S., Hassan, M.F., Qureshi, M.A., Akbar, R.: Data Hibernation Framework for Workflows under Intrusion Threat. In: 2011 IEEE Symposium on Computers and Informatics ISCI. IEEE, Los Alamitos (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Bandar Seri Iskandar, Tronoh, Perak, Malaysia

    Sohail Safdar & Mohd Fadzil Hassan

Authors
  1. Sohail Safdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohd Fadzil Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300 Gambang, Kuantan, Pahang, Malaysia

    Jasni Mohamad Zain

  2. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300, Gambang, Kuantan, Pahang, Malaysia

    Wan Maseri bt Wan Mohd

  3. Information Systems Department, King Saud University, 11543, Riyadh, Saudi Arabia

    Eyas El-Qawasmeh

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Safdar, S., Hassan, M.F. (2011). Analyzing Framework for Alternate Execution of Workflows for Different Types of Intrusion Threats. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22191-0_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22191-0_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22190-3

  • Online ISBN: 978-3-642-22191-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation