An Architecture-Centric Approach to Detecting Security Patterns in Software

Bunke, Michaela; Sohr, Karsten

doi:10.1007/978-3-642-19125-1_12

Cited by 11 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We assume that this binding cannot be detected with static analysis or is bundled with other patterns which partly cover these security patterns. Furthermore, other problems concerning security patterns were identified and must be solved prior to a mature recognition process [27]. 6) Conclusions of the Case Study: In summary, we conclude that the Bauhaus tool helped us during the review process.…”

Section: ) Issuesmentioning

confidence: 80%

An Android Security Case Study with Bauhaus

Berger

Bunke

Sohr

2011

2011 18th Working Conference on Reverse Engineering

Self Cite

View full text Add to dashboard Cite

Abstract-Software security has made great progress; code analysis tools are widely-used in industry for detecting common implementation-level security bugs. However, given the fact that we must deal with legacy code we plead to employ the techniques long been developed in the research area of program comprehension for software security. In cooperation with a security expert, we carried out a case study with the mobile phone platform Android, and employed the reverse engineering tool-suite Bauhaus for this security assessment. During the investigation we found some inconsistencies in the implementation of the Android security concepts. Based on the lessons learned from the case study, we propose several research topics in the area of reverse engineering that would support a security analyst during security assessments.

show abstract

Section: ) Issuesmentioning

confidence: 80%

An Android Security Case Study with Bauhaus

Berger

Bunke

Sohr

2011

2011 18th Working Conference on Reverse Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Few report post-implementation phases such as "Maintenance" and "Evolution," suggesting that security pattern research in later phases may be a frontier field. Cutting-edge topics include pattern classification [16], pattern detection from the source code [41], improvement of legacy systems using security patterns [10], and security patterns for operation dynamics [181]. In contrast, classifying patterns for the system lifecycle, defining patterns that respond to dynamic behaviors, and utilizing defined patterns in existing systems are topics that should be further examined.…”

Section: Topicmentioning

confidence: 99%

Systematic Literature Review of Security Pattern Research

Washizaki¹,

Xia²,

Kamata³

et al. 2020

Preprint

View full text Add to dashboard Cite

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

show abstract

“…have introduced the security patterns, claiming their functions to contribute to security in various levels of architecture‐driven development. They have proposed an approach to detecting such patterns within the program code by using reverse engineering processes .…”

Section: Literature Reviewmentioning

confidence: 99%

A security framework for developing service-oriented software architectures

Rafe

Hosseinpouri

2015

Security Comm. Networks

View full text Add to dashboard Cite

The usually heterogeneous and decentralized nature of entities in the service-oriented architecture has paved the ground for the implementation of approaches distributed according to the constantly changing needs of business. Also, as the distribution of entities and processes increases, the need to provide security over software and hardware sources, which have reached the public thanks to an open space as a result of the service-oriented architecture, is felt. Therefore, security modeling at the level of service-oriented architecture can boost system reliability and enhance its stability once applied and employed. This research provides a secure framework through which to develop software based on the service-oriented architecture. The proposed framework has been modeled using the SoaML profile, which has been introduced for modeling service-oriented environments. The framework's security aspects have been tested by the modeling and specification language Alloy, which is based on the first-order logic. Its accuracy has also been well investigated. Tapping into the modeldriven development, this framework can provide an answer to existing security challenges for service-oriented architecture software.

show abstract

An Architecture-Centric Approach to Detecting Security Patterns in Software

Cited by 11 publications

References 18 publications

An Android Security Case Study with Bauhaus

An Android Security Case Study with Bauhaus

Systematic Literature Review of Security Pattern Research

A security framework for developing service-oriented software architectures

Contact Info

Product

Resources

About