| doi:10.2201/NiiPi.2008.5.8 |
| Feature interaction: the security threat from within software systems |
| Armstrong NHLABATSI1,Robin LANEY2,and Bashar NUSEIBEH3 |
| 1,2,3Department of Computing, The Open University
|
(Received: September 14, 2007)
(Revised: December 5, 2007)
(Accepted: Decem
ber 20, 2007)
|
Abstract:
Security engineering is about protecting assets from harm. The feature interaction problem
occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited by attackers. In thispaper, we discuss the feature interaction
problem and some of its possible implications for security requirements. The paper concludes that (1) the detection of the violation of security requirements by feature interactions is not different from other types of requirements - what differs is the impact of such violation; and (2)feature interaction detection approaches can be used as a means for vulnerability analysis.
|
Keywords:
Security requirements, feature interaction detection, vulnerability analysis
|
|
|
| PDF(938KB) | References |
National Institute of Informatics is a member of CrossRef.
|
