Architectural solutions to mitigate security vulnerabilities in software systems

Priya Anand, Jungwoo Ryoo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider architectural relations to introduce an effective security solution. In this research, we focused on the taint-style vulnerabilities that can induce injection-based attacks like XSS, SQLI in web applications. With numerous tools available to detect the taint-style vulnerabilities in the web applications, we scanned for the presence of repetition of a vulnerable code pattern in the software. Very importantly, we attempted to identify the architectural source files or modules by developing a tool named ArT Analyzer. We conducted a case study on a leading health-care software by applying the proposed architectural taint analysis and identified the vulnerable spots. We could identify the architectural roots for those vulnerable spots with the use of our tool ArT Analyzer. We verified the results by sharing it with the lead software architect of the project. By adopting an architectural solution, we avoided changes to be done on 252 different lines of code by merely introducing 2 lines of code changes at the architectural roots. Eventually, this solution was integrated into the latest updated release of the health-care software.

Original languageEnglish (US)
Title of host publicationARES 2018 - 13th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450364485
DOIs
StatePublished - Aug 27 2018
Event13th International Conference on Availability, Reliability and Security, ARES 2018 - Hamburg, Germany
Duration: Aug 27 2018Aug 30 2018

Publication series

NameACM International Conference Proceeding Series

Other

Other13th International Conference on Availability, Reliability and Security, ARES 2018
CountryGermany
CityHamburg
Period8/27/188/30/18

Fingerprint

Health care
Application programs

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Anand, P., & Ryoo, J. (2018). Architectural solutions to mitigate security vulnerabilities in software systems. In ARES 2018 - 13th International Conference on Availability, Reliability and Security [3233766] (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3230833.3233766
Anand, Priya ; Ryoo, Jungwoo. / Architectural solutions to mitigate security vulnerabilities in software systems. ARES 2018 - 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery, 2018. (ACM International Conference Proceeding Series).
@inproceedings{3d772b8e6d0342a4aa1ea532d7c52d8f,
title = "Architectural solutions to mitigate security vulnerabilities in software systems",
abstract = "Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider architectural relations to introduce an effective security solution. In this research, we focused on the taint-style vulnerabilities that can induce injection-based attacks like XSS, SQLI in web applications. With numerous tools available to detect the taint-style vulnerabilities in the web applications, we scanned for the presence of repetition of a vulnerable code pattern in the software. Very importantly, we attempted to identify the architectural source files or modules by developing a tool named ArT Analyzer. We conducted a case study on a leading health-care software by applying the proposed architectural taint analysis and identified the vulnerable spots. We could identify the architectural roots for those vulnerable spots with the use of our tool ArT Analyzer. We verified the results by sharing it with the lead software architect of the project. By adopting an architectural solution, we avoided changes to be done on 252 different lines of code by merely introducing 2 lines of code changes at the architectural roots. Eventually, this solution was integrated into the latest updated release of the health-care software.",
author = "Priya Anand and Jungwoo Ryoo",
year = "2018",
month = "8",
day = "27",
doi = "10.1145/3230833.3233766",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "ARES 2018 - 13th International Conference on Availability, Reliability and Security",

}

Anand, P & Ryoo, J 2018, Architectural solutions to mitigate security vulnerabilities in software systems. in ARES 2018 - 13th International Conference on Availability, Reliability and Security., 3233766, ACM International Conference Proceeding Series, Association for Computing Machinery, 13th International Conference on Availability, Reliability and Security, ARES 2018, Hamburg, Germany, 8/27/18. https://doi.org/10.1145/3230833.3233766

Architectural solutions to mitigate security vulnerabilities in software systems. / Anand, Priya; Ryoo, Jungwoo.

ARES 2018 - 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery, 2018. 3233766 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Architectural solutions to mitigate security vulnerabilities in software systems

AU - Anand, Priya

AU - Ryoo, Jungwoo

PY - 2018/8/27

Y1 - 2018/8/27

N2 - Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider architectural relations to introduce an effective security solution. In this research, we focused on the taint-style vulnerabilities that can induce injection-based attacks like XSS, SQLI in web applications. With numerous tools available to detect the taint-style vulnerabilities in the web applications, we scanned for the presence of repetition of a vulnerable code pattern in the software. Very importantly, we attempted to identify the architectural source files or modules by developing a tool named ArT Analyzer. We conducted a case study on a leading health-care software by applying the proposed architectural taint analysis and identified the vulnerable spots. We could identify the architectural roots for those vulnerable spots with the use of our tool ArT Analyzer. We verified the results by sharing it with the lead software architect of the project. By adopting an architectural solution, we avoided changes to be done on 252 different lines of code by merely introducing 2 lines of code changes at the architectural roots. Eventually, this solution was integrated into the latest updated release of the health-care software.

AB - Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider architectural relations to introduce an effective security solution. In this research, we focused on the taint-style vulnerabilities that can induce injection-based attacks like XSS, SQLI in web applications. With numerous tools available to detect the taint-style vulnerabilities in the web applications, we scanned for the presence of repetition of a vulnerable code pattern in the software. Very importantly, we attempted to identify the architectural source files or modules by developing a tool named ArT Analyzer. We conducted a case study on a leading health-care software by applying the proposed architectural taint analysis and identified the vulnerable spots. We could identify the architectural roots for those vulnerable spots with the use of our tool ArT Analyzer. We verified the results by sharing it with the lead software architect of the project. By adopting an architectural solution, we avoided changes to be done on 252 different lines of code by merely introducing 2 lines of code changes at the architectural roots. Eventually, this solution was integrated into the latest updated release of the health-care software.

UR - http://www.scopus.com/inward/record.url?scp=85055252878&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055252878&partnerID=8YFLogxK

U2 - 10.1145/3230833.3233766

DO - 10.1145/3230833.3233766

M3 - Conference contribution

AN - SCOPUS:85055252878

T3 - ACM International Conference Proceeding Series

BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security

PB - Association for Computing Machinery

ER -

Anand P, Ryoo J. Architectural solutions to mitigate security vulnerabilities in software systems. In ARES 2018 - 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery. 2018. 3233766. (ACM International Conference Proceeding Series). https://doi.org/10.1145/3230833.3233766