AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it