Event-based system (EBS) is prevalent in various systems including mobile cyber physical systems (MCPSs), Internet of Things (IoT) applications, mobile applications, and web applications, because of its particular communication model that uses implicit invocation and concurrency between components. However, an EBS’s non-determinism in event processing can introduce inherent security vulnerabilities into the system. Multiple types of attacks can incapacitate and damage a target EBS by exploiting this event-based communication model. To minimize the risk of security threats in EBSs, security efforts are required by determining the types of security flaws in the system, the relationship between the flaws, and feasible techniques for dealing with each flaw. However, existing security flaw taxonomies do not appropriately reflect the security issues that originate from an EBS’s characteristics. In this paper, we introduce a new taxonomy that defines and classifies the particular types of inherent security flaws in an EBS, which can serve as a basis for resolving its specific security problems. We also correlate our taxonomy with security attacks that can exploit each flaw and identify existing solutions that can be applied to preventing such attacks. We demonstrate that our taxonomy handles particular aspects of EBSs not covered by existing taxonomies.

中文翻译：

---

基于事件的系统中安全缺陷的分类法

基于事件的系统（EBS）在包括移动网络物理系统（MCPS），物联网（IoT）应用程序，移动应用程序和Web应用程序在内的各种系统中都很普遍，这是因为其特定的通信模型使用了组件之间的隐式调用和并发性。 。但是，EBS在事件处理中的不确定性可能会将固有的安全漏洞引入系统。通过利用这种基于事件的通信模型，多种类型的攻击可能会使目标EBS失去能力并受到破坏。为了最大程度地降低EBS中的安全威胁风险，需要通过确定系统中安全缺陷的类型，缺陷之间的关系以及用于处理每个缺陷的可行技术来进行安全工作。然而，现有的安全缺陷分类法不能适当反映源自EBS特性的安全问题。在本文中，我们介绍了一种新的分类法，该分类法定义并分类了EBS中固有的安全缺陷的特定类型，可以作为解决其特定安全问题的基础。我们还将分类法与可以利用每个漏洞并确定可用于防止此类攻击的现有解决方案的安全攻击相关联。我们证明了我们的分类法处理了现有分类法未涵盖的EBS的特定方面。我们还将分类法与可以利用每个漏洞并确定可用于防止此类攻击的现有解决方案的安全攻击相关联。我们证明了我们的分类法处理了现有分类法未涵盖的EBS的特定方面。我们还将分类法与可以利用每个漏洞并确定可用于防止此类攻击的现有解决方案的安全攻击相关联。我们证明了我们的分类法处理了现有分类法未涵盖的EBS的特定方面。