A study examining relationships between micro patterns and security vulnerabilities

Kazi Zakia Sultana, Byron J. Williams, Tanmay Bhowmik

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Software security is an integral part of software quality and reliability. Software vulnerabilities make the software susceptible to attacks which violates software security. Metric-based software vulnerability prediction is one way to evaluate vulnerabilities beforehand so that developers can take preventative measures against attacks. In this study, we explore the correlation between software vulnerabilities and code-level constructs called micro patterns. These code patterns characterize class-level object-oriented program features. Existing research addressed micro pattern correlation with software defects. We analyzed the correlation between vulnerabilities and micro patterns from different viewpoints and explored whether they are related. We studied the distribution of micro patterns and their associations with vulnerable classes in 42 versions of the Apache Tomcat and three Java web applications. This study shows that certain micro patterns are frequently present in vulnerable classes. We also show that there is a high correlation between certain patterns that coexist in a vulnerable class.

Original languageEnglish
Pages (from-to)5-41
Number of pages37
JournalSoftware Quality Journal
Volume27
Issue number1
DOIs
StatePublished - 15 Mar 2019

Fingerprint

Defects

Keywords

  • Micro patterns
  • Software quality
  • Software security
  • Software vulnerabilities

Cite this

@article{4079ad21329c455aaef7ed4eae89a877,
title = "A study examining relationships between micro patterns and security vulnerabilities",
abstract = "Software security is an integral part of software quality and reliability. Software vulnerabilities make the software susceptible to attacks which violates software security. Metric-based software vulnerability prediction is one way to evaluate vulnerabilities beforehand so that developers can take preventative measures against attacks. In this study, we explore the correlation between software vulnerabilities and code-level constructs called micro patterns. These code patterns characterize class-level object-oriented program features. Existing research addressed micro pattern correlation with software defects. We analyzed the correlation between vulnerabilities and micro patterns from different viewpoints and explored whether they are related. We studied the distribution of micro patterns and their associations with vulnerable classes in 42 versions of the Apache Tomcat and three Java web applications. This study shows that certain micro patterns are frequently present in vulnerable classes. We also show that there is a high correlation between certain patterns that coexist in a vulnerable class.",
keywords = "Micro patterns, Software quality, Software security, Software vulnerabilities",
author = "Sultana, {Kazi Zakia} and Williams, {Byron J.} and Tanmay Bhowmik",
year = "2019",
month = "3",
day = "15",
doi = "10.1007/s11219-017-9397-z",
language = "English",
volume = "27",
pages = "5--41",
journal = "Software Quality Journal",
issn = "0963-9314",
publisher = "Springer New York",
number = "1",

}

A study examining relationships between micro patterns and security vulnerabilities. / Sultana, Kazi Zakia; Williams, Byron J.; Bhowmik, Tanmay.

In: Software Quality Journal, Vol. 27, No. 1, 15.03.2019, p. 5-41.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - A study examining relationships between micro patterns and security vulnerabilities

AU - Sultana, Kazi Zakia

AU - Williams, Byron J.

AU - Bhowmik, Tanmay

PY - 2019/3/15

Y1 - 2019/3/15

N2 - Software security is an integral part of software quality and reliability. Software vulnerabilities make the software susceptible to attacks which violates software security. Metric-based software vulnerability prediction is one way to evaluate vulnerabilities beforehand so that developers can take preventative measures against attacks. In this study, we explore the correlation between software vulnerabilities and code-level constructs called micro patterns. These code patterns characterize class-level object-oriented program features. Existing research addressed micro pattern correlation with software defects. We analyzed the correlation between vulnerabilities and micro patterns from different viewpoints and explored whether they are related. We studied the distribution of micro patterns and their associations with vulnerable classes in 42 versions of the Apache Tomcat and three Java web applications. This study shows that certain micro patterns are frequently present in vulnerable classes. We also show that there is a high correlation between certain patterns that coexist in a vulnerable class.

AB - Software security is an integral part of software quality and reliability. Software vulnerabilities make the software susceptible to attacks which violates software security. Metric-based software vulnerability prediction is one way to evaluate vulnerabilities beforehand so that developers can take preventative measures against attacks. In this study, we explore the correlation between software vulnerabilities and code-level constructs called micro patterns. These code patterns characterize class-level object-oriented program features. Existing research addressed micro pattern correlation with software defects. We analyzed the correlation between vulnerabilities and micro patterns from different viewpoints and explored whether they are related. We studied the distribution of micro patterns and their associations with vulnerable classes in 42 versions of the Apache Tomcat and three Java web applications. This study shows that certain micro patterns are frequently present in vulnerable classes. We also show that there is a high correlation between certain patterns that coexist in a vulnerable class.

KW - Micro patterns

KW - Software quality

KW - Software security

KW - Software vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85035139496&partnerID=8YFLogxK

U2 - 10.1007/s11219-017-9397-z

DO - 10.1007/s11219-017-9397-z

M3 - Article

VL - 27

SP - 5

EP - 41

JO - Software Quality Journal

JF - Software Quality Journal

SN - 0963-9314

IS - 1

ER -