ABSTRACT
Deciding, as early as the software architecture is designed, whether the resulting system will be secure is challenging. We propose three metrics inspired by a security-related design pattern in the structural architecture model, the "protected entry points" pattern. We evaluate these metrics on the real-life Bitwarden web client and server, as well as a synthetic system.
- Bandar Alshammari, Colin Fidge, and Diane Corney. 2010. Security Metrics for Object-Oriented Designs. In 2010 21st Australian Software Engineering Conference. 55--64. Google ScholarDigital Library
- Xiaoning Du, Bihuan Chen, Yuekang Li, Jianmin Guo, Yaqin Zhou, Yang Liu, and Yu Jiang. 2019. Leopard: identifying vulnerable code for vulnerability assessment through program metrics. In Proceedings of the 41st International Conference on Software Engineering (ICSE '19). 60--71. Google ScholarDigital Library
- Eduardo Fernandez-Buglioni. 2013. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley.Google ScholarDigital Library
- M. Girvan and M. E. J. Newman. 2002. Community structure in social and biological networks. Proceedings of the National Academy of Sciences 99, 12 (June 2002), 7821--7826. Google ScholarCross Ref
- Pratyusa K. Manadhata and Jeannette M. Wing. 2011. An Attack Surface Metric. IEEE Transactions on Software Engineering 37, 3 (May 2011), 371--386. Google ScholarDigital Library
- Michael Waidner, Michael Backes, and Jörn Müller-Quade. 2014. Development of Secure Software with Security By Design. Technical Report SIT-TR-2014-03. Fraunhofer Institute for Secure Information Technology.Google Scholar
- Koen Yskout, Riccardo Scandariato, and Wouter Joosen. 2015. Do security patterns really help designers?. In Proceedings of the 37th International Conference on Software Engineering - Volume 1 (ICSE '15). 292--302. Google ScholarCross Ref
Index Terms
- Deriving metrics for software architectures from the "protected entry points" security patterns
Recommendations
A qualitative analysis of software security patterns
Software security, which has attracted the interest of the industrial and research community during the last years, aims at preventing security problems by building software without the so-called security holes. One way to achieve this goal is to apply ...
Using Security Patterns to Combine Security Metrics
ARES '08: Proceedings of the 2008 Third International Conference on Availability, Reliability and SecurityMeasuring security is an important step in creating and deploying secure applications. In order to efficiently measure the level of security that an application provides, three problems need to be solved: obviously metrics need to be available, a ...
A reimagined catalogue of software security patterns
EnCyCriS '22: Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical SystemsSince their introduction, security patterns had the promise to aid non-security experts to design secure software, yet in practice adoption and thus impact of security patterns remains limited. We believe one of the reasons is that existing security ...
Comments