Logs, a.k.a. execution traces, provide a glimpse into the functionalities of running systems that have poor, incomplete, or outdated documentation. Logs contain a rich amount of information that can be used to facilitate troubleshooting/debugging, track events, detect security breaches, maintain regulatory requirements, and profile user behavior and workload. Driven by the growing complexity of today's software platforms, reverse engineering of high-level models from system logs has gained momentum in recent years. In this paper, we introduce EVSec, an approach to extract and visualize security scenarios from system logs. The collected logs are first merged, filtered, labeled, and segmented into execution phases. The resulting phases are then visualized using the ITU-T standard, Use Case Maps (UCM) notation, extended with security annotations. We show the applicability of our proposed EVSec approach using two real-world security features, namely, Cisco IOS Login block and Cisco Unicast Reverse Path Forwarding (uRPF).
|Title of host publication||Proceedings of the ACM International Conference on Evaluation and Assessment in Software Engineering, EASE 2022|
|Publisher||Association for Computing Machinery|
|Number of pages||7|
|State||Published - 13 Jun 2022|
|Name||ACM International Conference Proceeding Series|
Bibliographical notePublisher Copyright:
© 2022 ACM.
- Cisco security features
- Use Case Maps (UCM)
- security scenarios
ASJC Scopus subject areas
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications