A classification methodology for security patterns to help fix software weaknesses

Abstract : Security patterns are generic solutions that can be applied since early stages of software life to overcome recurrent security weaknesses. Their generic nature and growing number make their choice difficult, even for experts in system design. To help them on the pattern choice, this paper proposes a semi-automatic methodology of classification and the classification itself, which exposes relationships among software weaknesses, security principles and security patterns. It expresses which patterns remove a given weakness with respect to the security principles that have to be addressed to fix the weakness. The methodology is based on seven steps, which anatomize patterns and weaknesses into set of more precise sub-properties that are associated through a hierarchical organization of security principles. These steps provide the detailed justifications of the resulting classification and allow its upgrade. Without loss of generality, this classification has been established for Web applications and covers 185 software weaknesses, 26 security patterns and 66 security principles.
Document type :
Conference papers
Complete list of metadatas

Cited literature [17 references]  Display  Hide  Download

https://hal.uca.fr/hal-02019271
Contributor : Sébastien Salva <>
Submitted on : Thursday, February 14, 2019 - 2:20:04 PM
Last modification on : Thursday, February 21, 2019 - 1:27:58 AM
Long-term archiving on: Wednesday, May 15, 2019 - 5:47:14 PM

File

RSB16b.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02019271, version 1

Citation

Loukmen Regainia, Sébastien Salva, Cédric Bouhours. A classification methodology for security patterns to help fix software weaknesses. 13th ACS/IEEE International Conference on Computer Systems and Applications AICCSA 2016, Dec 2016, Agadir, Morocco. ⟨hal-02019271⟩

Share

Metrics

Record views

121

Files downloads

197