Towards an Architecture-Centric Approach to Security Analysis

Qiong Feng; Rick Kazman; Yuanfang Cai; Ran Mo; Lu Xiao; IEEE

doi:10.1109/WICSA.2016.41

Back

Conference proceeding

Towards an Architecture-Centric Approach to Security Analysis

Qiong Feng, Rick Kazman, Yuanfang Cai, Ran Mo, Lu Xiao and IEEE

2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), pp.221-230

Apr 2016

DOI: https://doi.org/10.1109/WICSA.2016.41

Additional Links

Abstract

Computer architecture

Computer bugs

Concrete

design flaw

Microprocessors

Observers

Security

Software

software architecture

software security

Recently there has been increased attention to the consequences of architecture design decisions and their impact on security. Architectural design decisions have been identified as being critical for achieving high levels of software system security. However the majority of this research has been anecdotal and there are few tools or methods for understanding the architectural relations among files, and their impact on security. In this paper we employ a DRSpace-based analysis approach to identify architectural design flaws and we show, via an empirical study of 10 open source projects, that areas of a software architecture that suffer from greater numbers of design flaws are highly correlated with security bugs, and high levels of churn associated with those security bugs. Finally, we show that a specific type of design flaw -- unstable interface -- is correlated with the greatest increase in software security bugs.

Metrics

6 Record Views

17 Citations (source Web of Science)

Details

Title: Towards an Architecture-Centric Approach to Security Analysis
Creators: Qiong Feng - Drexel University
Rick Kazman - University of Hawaii System
Yuanfang Cai - Drexel University
Ran Mo - Drexel University
Lu Xiao - Drexel University
IEEE
Publication Details: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), pp.221-230
Conference: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), 13th
Publisher: IEEE
Number of pages: 1
Resource Type: Conference proceeding
Language: English
Academic Unit: Computer Science (Computing)
Identifiers: 991019167703504721

InCites Highlights

These are selected metrics from InCites Benchmarking & Analytics tool, related to this output

Collaboration types: Domestic collaboration
Web of Science research areas: Computer Science, Hardware & Architecture; Computer Science, Software Engineering

Towards an Architecture-Centric Approach to Security Analysis

Additional Links

Abstract

Metrics

Details

InCites Highlights

Drexel University Social media