Architectural solutions to mitigate security vulnerabilities in software systems

Priya Anand, Jungwoo Ryoo

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider architectural relations to introduce an effective security solution. In this research, we focused on the taint-style vulnerabilities that can induce injection-based attacks like XSS, SQLI in web applications. With numerous tools available to detect the taint-style vulnerabilities in the web applications, we scanned for the presence of repetition of a vulnerable code pattern in the software. Very importantly, we attempted to identify the architectural source files or modules by developing a tool named ArT Analyzer. We conducted a case study on a leading health-care software by applying the proposed architectural taint analysis and identified the vulnerable spots. We could identify the architectural roots for those vulnerable spots with the use of our tool ArT Analyzer. We verified the results by sharing it with the lead software architect of the project. By adopting an architectural solution, we avoided changes to be done on 252 different lines of code by merely introducing 2 lines of code changes at the architectural roots. Eventually, this solution was integrated into the latest updated release of the health-care software.

Original languageEnglish (US)
Title of host publicationARES 2018 - 13th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450364485
StatePublished - Aug 27 2018
Event13th International Conference on Availability, Reliability and Security, ARES 2018 - Hamburg, Germany
Duration: Aug 27 2018Aug 30 2018

Publication series

NameACM International Conference Proceeding Series


Other13th International Conference on Availability, Reliability and Security, ARES 2018

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Architectural solutions to mitigate security vulnerabilities in software systems'. Together they form a unique fingerprint.

Cite this