A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities

Kazi Zakia Sultana, Ajay Deo, Byron J. Williams

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
EditorsWilliam Claycomb, Dejan Milojicic, Ling Liu, Mihhail Matskin, Zhiyong Zhang, Sorel Reisman, Hiroyuki Sato, Zhiyong Zhang, Sheikh Iqbal Ahamed
PublisherIEEE Computer Society
Pages257-262
Number of pages6
ISBN (Electronic)9781467388450
DOIs
StatePublished - 24 Aug 2016
Event2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 - Atlanta, United States
Duration: 10 Jun 201614 Jun 2016

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume1
ISSN (Print)0730-3157

Conference

Conference2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
CountryUnited States
CityAtlanta
Period10/06/1614/06/16

Fingerprint

Data mining
Testing
Defects

Keywords

  • nano patterns
  • software vulnerabilities
  • traceable patterns

Cite this

Sultana, K. Z., Deo, A., & Williams, B. J. (2016). A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities. In W. Claycomb, D. Milojicic, L. Liu, M. Matskin, Z. Zhang, S. Reisman, H. Sato, Z. Zhang, ... S. I. Ahamed (Eds.), Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 (pp. 257-262). [7552018] (Proceedings - International Computer Software and Applications Conference; Vol. 1). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2016.34
Sultana, Kazi Zakia ; Deo, Ajay ; Williams, Byron J. / A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities. Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. editor / William Claycomb ; Dejan Milojicic ; Ling Liu ; Mihhail Matskin ; Zhiyong Zhang ; Sorel Reisman ; Hiroyuki Sato ; Zhiyong Zhang ; Sheikh Iqbal Ahamed. IEEE Computer Society, 2016. pp. 257-262 (Proceedings - International Computer Software and Applications Conference).
@inproceedings{99265c2ede8e46eb9ea18961e9cb7694,
title = "A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities",
abstract = "Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.",
keywords = "nano patterns, software vulnerabilities, traceable patterns",
author = "Sultana, {Kazi Zakia} and Ajay Deo and Williams, {Byron J.}",
year = "2016",
month = "8",
day = "24",
doi = "10.1109/COMPSAC.2016.34",
language = "English",
series = "Proceedings - International Computer Software and Applications Conference",
publisher = "IEEE Computer Society",
pages = "257--262",
editor = "William Claycomb and Dejan Milojicic and Ling Liu and Mihhail Matskin and Zhiyong Zhang and Sorel Reisman and Hiroyuki Sato and Zhiyong Zhang and Ahamed, {Sheikh Iqbal}",
booktitle = "Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016",

}

Sultana, KZ, Deo, A & Williams, BJ 2016, A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities. in W Claycomb, D Milojicic, L Liu, M Matskin, Z Zhang, S Reisman, H Sato, Z Zhang & SI Ahamed (eds), Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016., 7552018, Proceedings - International Computer Software and Applications Conference, vol. 1, IEEE Computer Society, pp. 257-262, 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, United States, 10/06/16. https://doi.org/10.1109/COMPSAC.2016.34

A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities. / Sultana, Kazi Zakia; Deo, Ajay; Williams, Byron J.

Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. ed. / William Claycomb; Dejan Milojicic; Ling Liu; Mihhail Matskin; Zhiyong Zhang; Sorel Reisman; Hiroyuki Sato; Zhiyong Zhang; Sheikh Iqbal Ahamed. IEEE Computer Society, 2016. p. 257-262 7552018 (Proceedings - International Computer Software and Applications Conference; Vol. 1).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities

AU - Sultana, Kazi Zakia

AU - Deo, Ajay

AU - Williams, Byron J.

PY - 2016/8/24

Y1 - 2016/8/24

N2 - Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.

AB - Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.

KW - nano patterns

KW - software vulnerabilities

KW - traceable patterns

UR - http://www.scopus.com/inward/record.url?scp=84987934274&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2016.34

DO - 10.1109/COMPSAC.2016.34

M3 - Conference contribution

AN - SCOPUS:84987934274

T3 - Proceedings - International Computer Software and Applications Conference

SP - 257

EP - 262

BT - Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016

A2 - Claycomb, William

A2 - Milojicic, Dejan

A2 - Liu, Ling

A2 - Matskin, Mihhail

A2 - Zhang, Zhiyong

A2 - Reisman, Sorel

A2 - Sato, Hiroyuki

A2 - Zhang, Zhiyong

A2 - Ahamed, Sheikh Iqbal

PB - IEEE Computer Society

ER -

Sultana KZ, Deo A, Williams BJ. A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities. In Claycomb W, Milojicic D, Liu L, Matskin M, Zhang Z, Reisman S, Sato H, Zhang Z, Ahamed SI, editors, Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. IEEE Computer Society. 2016. p. 257-262. 7552018. (Proceedings - International Computer Software and Applications Conference). https://doi.org/10.1109/COMPSAC.2016.34