Abstract
Recently there has been increased attention to the consequences of architecture design decisions and their impact on security. Architectural design decisions have been identified as being critical for achieving high levels of software system security. However the majority of this research has been anecdotal and there are few tools or methods for understanding the architectural relations among files, and their impact on security. In this paper we employ a DRSpace-based analysis approach to identify architectural design flaws and we show, via an empirical study of 10 open source projects, that areas of a software architecture that suffer from greater numbers of design flaws are highly correlated with security bugs, and high levels of churn associated with those security bugs. Finally, we show that a specific type of design flaw - unstable interface - is correlated with the greatest increase in software security bugs.
Author supplied keywords
Cite
CITATION STYLE
Feng, Q., Kazman, R., Cai, Y., Mo, R., & Xiao, L. (2016). Towards an architecture-centric approach to security analysis. In Proceedings - 2016 13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016 (pp. 221–230). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/WICSA.2016.41
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
