TY - GEN
T1 - A Pattern-based Security Solution for Software Systems with Architectural Weaknesses
AU - Anand, Priya
AU - Ryoo, Jungwoo
N1 - Publisher Copyright:
©2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Security patterns are solutions to recurring security issues that can be applied to mitigate vulnerabilities in a software system. Application developers may be unaware of the vulnerabilities of their own system, leaving it vulnerable to attacks. To improve security, the system needs security implementation in its architecture instead of implementing at local levels. This, in turn, requires an effort in building security into the design. Applying security patterns would be one way to accomplish this task. Security patterns define ways to express security requirements and solutions concisely, as well as providing vocabulary for designers seeking security controls in their systems. Little research has been done in the area of matching a security pattern with a particular vulnerability existing in a software system. In this research, authors have primarily focused on filling this gap to map a security pattern that could be a potential solution to a major security vulnerability found in the system. The authors’ previous research proposed a methodology to identify the missing security pattern to provide an architectural security solution. In this research, authors conducted a case-study on a software application that has little architectural design for security. The research results show that architectural security solutions are applicable even for a software system that lack an architectural design.
AB - Security patterns are solutions to recurring security issues that can be applied to mitigate vulnerabilities in a software system. Application developers may be unaware of the vulnerabilities of their own system, leaving it vulnerable to attacks. To improve security, the system needs security implementation in its architecture instead of implementing at local levels. This, in turn, requires an effort in building security into the design. Applying security patterns would be one way to accomplish this task. Security patterns define ways to express security requirements and solutions concisely, as well as providing vocabulary for designers seeking security controls in their systems. Little research has been done in the area of matching a security pattern with a particular vulnerability existing in a software system. In this research, authors have primarily focused on filling this gap to map a security pattern that could be a potential solution to a major security vulnerability found in the system. The authors’ previous research proposed a methodology to identify the missing security pattern to provide an architectural security solution. In this research, authors conducted a case-study on a software application that has little architectural design for security. The research results show that architectural security solutions are applicable even for a software system that lack an architectural design.
UR - https://www.scopus.com/pages/publications/85217282184
UR - https://www.scopus.com/pages/publications/85217282184#tab=citedBy
U2 - 10.1109/ICSSA53632.2021.00014
DO - 10.1109/ICSSA53632.2021.00014
M3 - Conference contribution
AN - SCOPUS:85217282184
T3 - Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021
SP - 31
EP - 36
BT - Proceedings - 2021 International Conference on Software Security and Assurance, ICSSA 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th International Conference on Software Security and Assurance, ICSSA 2021
Y2 - 10 November 2021 through 11 November 2021
ER -