Abstract
Runtime monitoring is a body of techniques concerning monitoring and analyzing event sequences in software execution. It is widely used to improve software's security and reliability. However, the event pattern languages used in current runtime monitoring frameworks are not fully capable of expressing relations among monitored events. This makes them inadequate to describe some desired event sequences. To this problem, we propose a new event pattern language. Our event pattern language is composed of two level operators. The lower level operators select single events based on only local information, while the higher level operators fully leverage the control flow relation and data flow relation among events. This feature makes our language able to select a larger spectrum of event sequences in a modular and declaration way. We also present a demonstration of preventing SQL injection in this language and implement a compiler for this language.
Original language | English |
---|---|
Title of host publication | 2011 International Conference for Internet Technology and Secured Transactions |
Number of pages | 8 |
Place of Publication | 978-1-4577-0884-8 |
Publisher | IEEE |
Publication date | 01.12.2011 |
Pages | 744-751 |
Article number | 6148431 |
ISBN (Electronic) | 978-1-908320-00-1 |
Publication status | Published - 01.12.2011 |
Event | 2011 International Conference for Internet Technology and Secured Transactions - Abu Dhabi, United Arab Emirates Duration: 11.12.2011 → 14.12.2011 Conference number: 88721 |