Abstract
AbstractTo protect against security attacks, it is necessary to be aware of typical risks and to have a good understanding of how vulnerabilities can be exploited. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks, but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. Additionally, security patterns are not useful for network forensics purposes because they do not emphasize the modus operandi of the attack. As a complement and improvement, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of information misuse is performed, analyzes the ways of stopping the attack, and considers how to trace the attack once it has happened. To apply this approach, we need a catalog of misuse patterns. In this paper, we restrict our interest to voice over Internet protocol (VoIP) and we present a set of typical and frequent misuse patterns for VoIP: denial of service (DoS), call interception, theft of service, and call hijacking on VoIP. These patterns could be the start of a comprehensive catalog that would be of practical value to developers, testers, users, and researchers. Published in 2009 by John Wiley & Sons, Ltd.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
