Quality-centric security pattern mutations
سال
: 2019
چکیده: Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for integrating security into the software development process. The literature includes a large array of security patterns categorized into various catalogs, from which the designers can choose a pattern suitable to the problem at hand. Previous efforts to choose appropriate security patterns have only considered the different functionality of the patterns. However, the solution structure of the chosen pattern will integrate with the overall software design and therefore affect many quality attributes such as flexibility and security. Thus, nonfunctional requirements should also be taken into account when opting to add a pattern to an existing software design. This will allow the designers to choose between alternative solutions not solely based on functionality, but also the quality requirements put forth by different stakeholders. We propose the concept of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules. These mutations offer the same behavior as the initial pattern but with varying effects on quality attributes such as flexibility, reusability, extendibility, and security. We have selected two well-established access-control patterns as our case studies. We have used both object-oriented quality metrics and design security assessment metrics for quality evaluation and utilized petri-nets to analyze behavior preservation. Our assessments demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality.
شناسه الکترونیک: 10.1007/s11219-019-09454-5
کلیدواژه(گان): Security Patterns,Software Quality,Object-Oriented metrics,Security Evaluation,Refactoring
کالکشن
:
-
آمار بازدید
Quality-centric security pattern mutations
Show full item record
contributor author | عبّاس جوان جعفری بجنوردی | en |
contributor author | عباس رسول زادگان | en |
contributor author | Abbas Javan Jafari | fa |
contributor author | Abbas Rasoolzadegan | fa |
date accessioned | 2020-06-06T13:45:48Z | |
date available | 2020-06-06T13:45:48Z | |
date issued | 2019 | |
identifier uri | https://libsearch.um.ac.ir:443/fum/handle/fum/3368059 | |
description abstract | Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for integrating security into the software development process. The literature includes a large array of security patterns categorized into various catalogs, from which the designers can choose a pattern suitable to the problem at hand. Previous efforts to choose appropriate security patterns have only considered the different functionality of the patterns. However, the solution structure of the chosen pattern will integrate with the overall software design and therefore affect many quality attributes such as flexibility and security. Thus, nonfunctional requirements should also be taken into account when opting to add a pattern to an existing software design. This will allow the designers to choose between alternative solutions not solely based on functionality, but also the quality requirements put forth by different stakeholders. We propose the concept of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules. These mutations offer the same behavior as the initial pattern but with varying effects on quality attributes such as flexibility, reusability, extendibility, and security. We have selected two well-established access-control patterns as our case studies. We have used both object-oriented quality metrics and design security assessment metrics for quality evaluation and utilized petri-nets to analyze behavior preservation. Our assessments demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality. | en |
language | English | |
title | Quality-centric security pattern mutations | en |
type | Journal Paper | |
contenttype | External Fulltext | |
subject keywords | Security Patterns | en |
subject keywords | Software Quality | en |
subject keywords | Object-Oriented metrics | en |
subject keywords | Security Evaluation | en |
subject keywords | Refactoring | en |
identifier doi | 10.1007/s11219-019-09454-5 | |
journal title | Software Quality Journal | fa |
pages | 1531-1561 | |
journal volume | 27 | |
journal issue | 4 | |
identifier link | https://profdoc.um.ac.ir/paper-abstract-1074782.html | |
identifier articleid | 1074782 |