A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities

Kazi Zakia Sultana, Ajay Deo, Byron J. Williams

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

18 Scopus citations

Abstract

Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
EditorsWilliam Claycomb, Dejan Milojicic, Ling Liu, Mihhail Matskin, Zhiyong Zhang, Sorel Reisman, Hiroyuki Sato, Zhiyong Zhang, Sheikh Iqbal Ahamed
PublisherIEEE Computer Society
Pages257-262
Number of pages6
ISBN (Electronic)9781467388450
DOIs
StatePublished - 24 Aug 2016
Event2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 - Atlanta, United States
Duration: 10 Jun 201614 Jun 2016

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume1
ISSN (Print)0730-3157

Conference

Conference2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
Country/TerritoryUnited States
CityAtlanta
Period10/06/1614/06/16

Keywords

  • nano patterns
  • software vulnerabilities
  • traceable patterns

Fingerprint

Dive into the research topics of 'A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities'. Together they form a unique fingerprint.

Cite this