Detecting security vulnerabilities with software architecture analysis tools

Kaarina Karppinen, Mikael Lindvall, Lyly Yonkwa

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

6 Citations (Scopus)

Abstract

Hidden functionality in software is a big problem, because we cannot be sure that the software does not contain malicious code. We conducted an experiment where we studied the relationship between architecture constructs, dynamic behavior and security vulnerabilities. We also studied to what extent architecture analysis tools can assist in detecting security vulnerabilities that are caused by architecture violations. Using the tool, we were able to capture the dynamic pattern of a user breaking in to the system using the back door. Based on the dynamic information in combination with the static information, we obtained a good picture of the "visual image" of the back door. Such "visual images" can be used to detect vulnerabilities and ultimately help to design software architectures that meet their security requirements.
Original languageEnglish
Title of host publicationProceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW'08
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages262-268
ISBN (Print)978-0-7695-3388-9
DOIs
Publication statusPublished - 2008
MoE publication typeA4 Article in a conference publication
Event2008 IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW'08 - Lillehammer, Norway
Duration: 9 Apr 200811 Apr 2008

Conference

Conference2008 IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW'08
CountryNorway
CityLillehammer
Period9/04/0811/04/08

Keywords

  • Software architecture
  • security

Fingerprint Dive into the research topics of 'Detecting security vulnerabilities with software architecture analysis tools'. Together they form a unique fingerprint.

Cite this