Towards an architecture-centric approach to security analysis

Qiong Feng, Rick Kazman, Yuanfang Cai, Ran Mo, Lu Xiao

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    29 Scopus citations

    Abstract

    Recently there has been increased attention to the consequences of architecture design decisions and their impact on security. Architectural design decisions have been identified as being critical for achieving high levels of software system security. However the majority of this research has been anecdotal and there are few tools or methods for understanding the architectural relations among files, and their impact on security. In this paper we employ a DRSpace-based analysis approach to identify architectural design flaws and we show, via an empirical study of 10 open source projects, that areas of a software architecture that suffer from greater numbers of design flaws are highly correlated with security bugs, and high levels of churn associated with those security bugs. Finally, we show that a specific type of design flaw - unstable interface - is correlated with the greatest increase in software security bugs.

    Original languageEnglish
    Title of host publicationProceedings - 2016 13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016
    Pages221-230
    Number of pages10
    ISBN (Electronic)9781509021314
    DOIs
    StatePublished - 19 Jul 2016
    Event13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016 - Venice, Italy
    Duration: 5 Apr 20168 Apr 2016

    Publication series

    NameProceedings - 2016 13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016

    Conference

    Conference13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016
    Country/TerritoryItaly
    CityVenice
    Period5/04/168/04/16

    Keywords

    • design flaw
    • software architecture
    • software security

    Fingerprint

    Dive into the research topics of 'Towards an architecture-centric approach to security analysis'. Together they form a unique fingerprint.

    Cite this