A security pattern detection framework for building more secure software

• Published in: The Journal of systems and software Vol. 171; p. 110838
• Main Authors: Alvi, Aleem Khalid, Zulkernine, Mohammad
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 01.01.2021
• Subjects: Secure architectural design; Security pattern detection technique; Security patterns; Security quality assurance; Software design component; Software design component; Secure architectural design; Security quality assurance; Security patterns; Security pattern detection technique
• ISSN: 0164-1212; 1873-1228
• DOI: 10.1016/j.jss.2020.110838

Security patterns are one of the reusable building blocks of a secure software architecture that provide solutions to particular recurring security problems in given contexts. Incomplete or nonstandard implementation of security patterns may produce vulnerabilities and invite attackers. Therefore, the detection of security patterns improves the quality of security features. In this paper, we propose a security pattern detection (SPD) framework and its internal pattern matching techniques. The framework provides a platform for data extraction, pattern matching, and semantic analysis techniques. We implement ordered matrix matching (OMM) and non-uniform distributed matrix matching (NDMM) techniques. The OMM technique detects a security pattern matrix inside the target system matrix (TSM). The NDMM technique determines whether the relationships between all classes of a security pattern are similar to the relationships between some classes of the TSM. The semantic analysis is used to reduce the rate of false positives. We evaluate and compare the performance of the proposed SPD framework using both matching techniques based on four case studies independently. The results show that the NDMM technique provides the location of the security patterns, and it is highly flexible, scalable and has high accuracy with acceptable memory and time consumption for large projects. •Detection of security patterns ensures the security of the software systems.•Absence of security patterns indicates the presence of vulnerabilities.•A framework is proposed for various pattern detection techniques.•Designed and implemented ordered and non-distributed matrix matching technique.•Detected security patterns and their locations with zero false positives.