Automatic Discovery of Software Attacks via Backward Reasoning. Basile, C., Canavese, D., d'Annoville , J., Sutter, B. D., & Valenza, F. In Proceedings of the 1st IEEE/ACM International Workshop on Software Protection (SPRO 2015), pages 52–58, 2015. IEEE.
![Automatic Discovery of Software Attacks via Backward Reasoning [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper doi abstract bibtex 2 downloads
Paper doi abstract bibtex 2 downloads Security risk management and mitigation are two of the most important items on several companies' agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that allows the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive. © 2015 IEEE.
@InProceedings{2015SPRO,
author = {Cataldo Basile and Daniele Canavese and J{\'{e}}r{\^{o}}me d'Annoville and Bjorn De Sutter and Fulvio Valenza},
booktitle = {Proceedings of the 1st {IEEE/ACM} International Workshop on Software Protection ({SPRO} 2015)},
doi = {10.1109/SPRO.2015.17},
pages = {52--58},
publisher = {{IEEE}},
title = {Automatic Discovery of Software Attacks via Backward Reasoning},
year = {2015},
abstract={Security risk management and mitigation are two of the most important items on several companies' agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that allows the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive. © 2015 IEEE.},
keywords={Threat Analysis},
url = {https://iris.polito.it/retrieve/handle/11583/2615485/426236/2015SPRO_author.pdf},
}Downloads: 2
{"_id":"kiMYQQMMxTxfenYrj","bibbaseid":"basile-canavese-dannoville-sutter-valenza-automaticdiscoveryofsoftwareattacksviabackwardreasoning-2015","authorIDs":["XRFf3mmJNmSCrLeYm","anJrBcCdr4LzzWetx","x5vNTEJ4s3raTsibp"],"author_short":["Basile, C.","Canavese, D.","d'Annoville , J.","Sutter, B. D.","Valenza, F."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["Cataldo"],"propositions":[],"lastnames":["Basile"],"suffixes":[]},{"firstnames":["Daniele"],"propositions":[],"lastnames":["Canavese"],"suffixes":[]},{"firstnames":["Jérôme"],"propositions":["d'Annoville"],"lastnames":[],"suffixes":[]},{"firstnames":["Bjorn","De"],"propositions":[],"lastnames":["Sutter"],"suffixes":[]},{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]}],"booktitle":"Proceedings of the 1st IEEE/ACM International Workshop on Software Protection (SPRO 2015)","doi":"10.1109/SPRO.2015.17","pages":"52–58","publisher":"IEEE","title":"Automatic Discovery of Software Attacks via Backward Reasoning","year":"2015","abstract":"Security risk management and mitigation are two of the most important items on several companies' agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that allows the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive. © 2015 IEEE.","keywords":"Threat Analysis","url":"https://iris.polito.it/retrieve/handle/11583/2615485/426236/2015SPRO_author.pdf","bibtex":"@InProceedings{2015SPRO,\r\n author = {Cataldo Basile and Daniele Canavese and J{\\'{e}}r{\\^{o}}me d'Annoville and Bjorn De Sutter and Fulvio Valenza},\r\n booktitle = {Proceedings of the 1st {IEEE/ACM} International Workshop on Software Protection ({SPRO} 2015)},\r\n doi = {10.1109/SPRO.2015.17},\r\n pages = {52--58},\r\n publisher = {{IEEE}},\r\n title = {Automatic Discovery of Software Attacks via Backward Reasoning},\r\n year = {2015},\r\n abstract={Security risk management and mitigation are two of the most important items on several companies' agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that allows the identification of all the attacks against the assets embedded in a software application. Our approach can be used to perform the identification of the threats that loom over the assets and help to determine the potential countermeasures, that is the protections to deploy for mitigating the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward programming methodology. This approach is very usable as the attack discovery is fully automatic, once the Knowledge Base is populated with the information regarding the application to protect. In addition, it has been proven highly efficient and exhaustive. © 2015 IEEE.},\r\n keywords={Threat Analysis},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2615485/426236/2015SPRO_author.pdf},\r\n}\r\n\r\n","author_short":["Basile, C.","Canavese, D.","d'Annoville , J.","Sutter, B. D.","Valenza, F."],"key":"2015SPRO","id":"2015SPRO","bibbaseid":"basile-canavese-dannoville-sutter-valenza-automaticdiscoveryofsoftwareattacksviabackwardreasoning-2015","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2615485/426236/2015SPRO_author.pdf"},"keyword":["Threat Analysis"],"metadata":{"authorlinks":{"basile, c":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&msg=embed","valenza, f":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&commas=true","valenza, f":"https://bibbase.org/service/mendeley/47be63fe-fca0-3f0f-a864-642602926c3f"}},"downloads":2},"bibtype":"inproceedings","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","creationDate":"2021-01-16T10:07:49.762Z","downloads":2,"keywords":["threat analysis"],"search_terms":["automatic","discovery","software","attacks","via","backward","reasoning","basile","canavese","d'annoville ","sutter","valenza"],"title":"Automatic Discovery of Software Attacks via Backward Reasoning","year":2015,"dataSources":["JbiX35GNqPCF3nids","csYhy47rJJgSM7jjJ"]}