Skip to main content
SpringerLink
Log in

An Architecture-Centric Approach to Detecting Security Patterns in Software

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6542))

Included in the following conference series:

Abstract

Today, software security is an issue with increasing importance. Developers, software designers, end users, and enterprises have their own needs w.r.t. software security. Therefore, when designing software, security should be built in from the beginning, for example, by using security patterns. Utilizing security patterns already improves the security of software in early software development stages. In this paper, we show how to detect security patterns in code with the help of a reverse engineering tool-suite Bauhaus. Specifically, we describe an approach to detect the Single Access Point security pattern in two case studies using the hierarchical reflexion method implemented in Bauhaus.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Austrem, P.G.: Runtime mix’n and match design pattern. In: Proc. of the 15th Pattern Languages of Programs, pp. 1–8. ACM, New York (2008)

    Google Scholar 

  2. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns. Wiley, Chichester (1996)

    Google Scholar 

  3. Chess, B., McGraw, G.: Static analysis for security. IEEE Security and Privacy 2, 76–79 (2004)

    Article  Google Scholar 

  4. Ernst, A.M.: Enterprise architecture management patterns. In: Proc. of the 15th Pattern Languages of Programs, pp. 1–20. ACM, New York (2008)

    Google Scholar 

  5. Fortify Software. Fortify source code analyser (2009), http://www.fortify.com/products

  6. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Object-Oriented Software. Addison Wesley, Reading (1995)

    MATH  Google Scholar 

  7. Google Inc. Android development (2010), http://developer.android.com/index.html

  8. Hafiz, M., Adamczyk, P., Johnson, R.E.: Organizing security patterns. IEEE Software 24, 52–60 (2007)

    Article  Google Scholar 

  9. Hafiz, M., Johnson, R.: Security patterns and their classification schemes. Technical report, Technical Report for Microsoft’s Patterns and Practices Group (September 2006)

    Google Scholar 

  10. Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G.: A qualitative analysis of software security patterns. Computers & Security 25(5), 379–392 (2006)

    Article  MATH  Google Scholar 

  11. Hammer, C.: Experiences with pdg-based ifc. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 44–60. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proc. of 3rd International Workshop on Software Engineering for Secure Systems. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  13. Jive Software. Spark - project page (2010), http://www.igniterealtime.org/projects/spark/index.jsp

  14. Jürjens, J., Shabalin, P.: Automated verification of uMLsec models for security requirements. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds.) UML 2004. LNCS, vol. 3273, pp. 365–379. Springer, Heidelberg (2004)

    Google Scholar 

  15. Koschke, R.: Incremental reflexion analysis. In: European Conference on Software Maintenance and Reengineering. IEEE Computer Society Press, Los Alamitos (2010)

    Google Scholar 

  16. Koschke, R., Simon, D.: Hierarchical reflexion models. In: Proc. of 10th Working Conference on Reverse Engineering, pp. 36–45 (November 2003)

    Google Scholar 

  17. Mermerkaya, A.O.: Simple android instant messaging application - project page (2010), http://code.google.com/p/simple-android-instant-messaging-application/

  18. Murphy, G.C., Notkin, D., Sullivan, K.J.: Software reflexion models: Bridging the gap between design and implementation. IEEE Transactions on Software Engineering 27(4), 364–380 (2001)

    Article  Google Scholar 

  19. Niere, J., Schäfer, W., Wadsack, J.P., Wendehals, L., Welsh, J.: Towards pattern-based design recovery. In: Proc. of the 24th International Conference on Software Engineering, pp. 338–348. ACM, New York (2002)

    Google Scholar 

  20. Ounce Labs Inc. (2010), http://www.ouncelabs.com/

  21. Raza, A., Vogel, G., Plödereder, E.: Bauhaus – A tool suite for program analysis and reverse engineering. In: Pinho, L.M., González Harbour, M. (eds.) Ada-Europe 2006. LNCS, vol. 4006, pp. 71–82. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Ryoo, J., Laplante, P., Kazman, R.: In search of architectural patterns for software security. Computer 42, 98–100 (2009)

    Article  Google Scholar 

  23. Schumacher, M.: Merging security patterns. In: Proc. of 6th European Conference on Pattern Languages of Programs (2001), http://www.voelter.de/data/workshops/europlop2001/merging_security_patterns.pdf

  24. Schumacher, M., Fernandez, E., Hybertson, D., Buschmann, F.: Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, Chichester (2005)

    Google Scholar 

  25. Sohr, K., Berger, B.: Towards architecture-centric security analysis of software. In: Proc. of International Symposium on Engineering Secure Software and Systems. Springer, Heidelberg (2010)

    Google Scholar 

  26. The H Security. Number of critical, but unpatched, vulnerabilities is rising (2010), http://www.h-online.com/security/news/item/Number-of-critical-but-unpatched-vulnerabilities-is-rising-1067495.html

  27. Van Hilst, M., Fernandez, E.B.: Reverse engineering to detect security patterns in code. In: Proc. of 1st International Workshop on Software Patterns and Quality. Information Processing Society of Japan (December 2007)

    Google Scholar 

  28. Washizaki, H., Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: Improving the classification of security patterns. In: Workshop on International Conference on Database and Expert Systems Applications, pp. 165–170 (2009)

    Google Scholar 

  29. Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: Proc. of 4th Pattern Languages of Programs, Monticello/IL (1997)

    Google Scholar 

  30. Yoshioka, N., Washizaki, H., Maruyma, K.: A survey on security patterns. Progress in Informatics 5, 35–47 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technologie-Zentrum Informatik, Bremen, Germany

    Michaela Bunke & Karsten Sohr

Authors
  1. Michaela Bunke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karsten Sohr
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google Inc., 1288 Pear Ave, 94043, Mountain View, CA, USA

    Úlfar Erlingsson

  2. Computer Science Department, University of Twente, Drienerlolaan 5, 7522 NB, Enschede, The Netherlands

    Roel Wieringa

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612 AZ, Eindhoven, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bunke, M., Sohr, K. (2011). An Architecture-Centric Approach to Detecting Security Patterns in Software. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19125-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19124-4

  • Online ISBN: 978-3-642-19125-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation