Research Article
Mitigating Security Risks in Systems that Support Pervasive Services and Computing: Access-Driven Verification, Validation and Testing
@INPROCEEDINGS{10.1109/PERSER.2007.4283900, author={James D. Arthur and Richard E. Nance and Anil Bazaz and Osman Balci}, title={Mitigating Security Risks in Systems that Support Pervasive Services and Computing: Access-Driven Verification, Validation and Testing}, proceedings={1st International IEEE Conference on Pervasive Services}, publisher={IEEE}, proceedings_a={ICPS}, year={2007}, month={8}, keywords={Constraints and Assumptions Exploits Pervasive Services Process/ObjectModel Security Risk Testing Validation Verification Vulnerabilities}, doi={10.1109/PERSER.2007.4283900} }
- James D. Arthur
Richard E. Nance
Anil Bazaz
Osman Balci
Year: 2007
Mitigating Security Risks in Systems that Support Pervasive Services and Computing: Access-Driven Verification, Validation and Testing
ICPS
IEEE
DOI: 10.1109/PERSER.2007.4283900
Abstract
Unique operational and environmental characteristics define pervasive services and computing; they, too, define an ideal atmosphere in which security risks flourish. Ever-present accessibility through the networked and wireless infrastructures, dependency on autonomous and often anonymous computing agents, and the ubiquitous nature of pervasive services make them both enticing and easy targets for ill-intentioned activities. To help mitigate that risk, we propose an adaptive, access-driven verification, validation and testing (VV&T) strategy that, through a Process/Object Model of Computation, (a) identifies those resources and software objects most susceptible to attack, (b) enumerates violable constraints and assumptions underlying those attacks, and (c) provides multi-level strategies incorporating resources, software objects, and constraints and assumptions to determine if, and to what extent, systems supporting pervasive computing are vulnerable to security exploits. The VV&T strategies are defined to accommodate various levels of access to the software development process and its artifacts.