A Hybrid Monitoring of Software Design-Level Security Specifications

The behavior of the deployed software should be monitored against its security specifications to identify vulnerabilities introduced due to incorrect implementation of secure design decisions. Security specifications, including design-level ones, impose constraints on the behavior of the software. These constraints can be broadly categorized as non-time-critical and time-critical and have to be monitored in a manner that minimizes the monitoring overhead. In this paper, we suggest using a hybrid of event and time monitoring techniques to observe these constraints. The viability of the hybrid technique is assessed by comparing its effectiveness and performance with event and time monitoring techniques. The results indicate that the hybrid monitoring technique is more effective and efficient when compared separately with event or time monitoring.