当前位置: X-MOL 学术Software Qual. J. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Quality-centric security pattern mutations
Software Quality Journal ( IF 1.7 ) Pub Date : 2019-07-24 , DOI: 10.1007/s11219-019-09454-5
Abbas Javan Jafari , Abbas Rasoolzadegan

Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for integrating security into the software development process. The literature includes a large array of security patterns categorized into various catalogs, from which the designers can choose a pattern suitable to the problem at hand. Previous efforts to choose appropriate security patterns have only considered the different functionality of the patterns. However, the solution structure of the chosen pattern will integrate with the overall software design and therefore affect many quality attributes such as flexibility and security. Thus, non-functional requirements should also be considered when opting to add a pattern to an existing software design. This will allow the designers to choose between alternative solutions based not only on functionality but also on the quality requirements put forth by different stakeholders. We propose the concept of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules. These mutations offer the same behavior as the initial pattern but with varying effects on quality attributes such as flexibility, reusability, extendibility, and security. We have selected two well-established access control patterns as our case studies. We have used both object-oriented quality metrics and design security assessment metrics for quality evaluation and utilized petri nets to analyze behavior preservation. Our assessments demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality.

中文翻译:

以质量为中心的安全模式突变

安全模式是一种封装和交流经过验证的安全解决方案的方法。它们是将安全性集成到软件开发过程中的成熟方法。文献包括分类到各种目录中的大量安全模式,设计人员可以从中选择适合手头问题的模式。以前选择合适的安全模式的努力只考虑了模式的不同功能。但是,所选模式的解决方案结构将与整体软件设计相结合,因此会影响许多质量属性,例如灵活性和安全性。因此,在选择向现有软件设计添加模式时,还应考虑非功能性需求。这将使设计人员不仅可以根据功能,还可以根据不同利益相关者提出的质量要求,在替代解决方案之间进行选择。我们提出了以质量为中心的安全模式突变的概念,它是通过使用设计重构规则对当前模式进行突变而创建的。这些突变提供与初始模式相同的行为,但对灵活性、可重用性、可扩展性和安全性等质量属性有不同的影响。我们选择了两种完善的访问控制模式作为我们的案例研究。我们使用面向对象的质量指标和设计安全评估指标进行质量评估,并利用 Petri 网来分析行为保存。
更新日期:2019-07-24
down
wechat
bug