Abstract
Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for integrating security into the software development process. The literature includes a large array of security patterns categorized into various catalogs, from which the designers can choose a pattern suitable to the problem at hand. Previous efforts to choose appropriate security patterns have only considered the different functionality of the patterns. However, the solution structure of the chosen pattern will integrate with the overall software design and therefore affect many quality attributes such as flexibility and security. Thus, non-functional requirements should also be considered when opting to add a pattern to an existing software design. This will allow the designers to choose between alternative solutions based not only on functionality but also on the quality requirements put forth by different stakeholders. We propose the concept of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules. These mutations offer the same behavior as the initial pattern but with varying effects on quality attributes such as flexibility, reusability, extendibility, and security. We have selected two well-established access control patterns as our case studies. We have used both object-oriented quality metrics and design security assessment metrics for quality evaluation and utilized petri nets to analyze behavior preservation. Our assessments demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abramov, J., Sturm, A., & Shoval, P. (2012). Evaluation of the pattern-based method for secure development (PbSD): a controlled experiment. Information and Software Technology, 54(9), 1029–1043.
Alshammari, B., Fidge, C., & Corney, D. (2009). Security metrics for object-oriented class designs. Quality Software, 2009. QSIC’09. 9th International Conference on. IEEE, Jeju, South Korea, (pp. 11–20).
Alshammari, B., Fidge, C., & Corney, D. (2010). Security metrics for object-oriented designs, Software Engineering Conference (ASWEC), 2010 21st Australian. IEEE, Auckland, New Zealand, (pp. 55–64).
Alvi, A. K., & Zulkernine, M. (2011). A natural classification scheme for software security patterns, dependable, autonomic and secure computing (DASC), 2011 IEEE Ninth International Conference on. IEEE (pp. 113–120).
Ampatzoglou, A., Charalampidou, S., & Stamelos, I. (2013). Research state of the art on GoF design patterns: a mapping study. Journal of Systems and Software, 86(7), 1945–1964.
Anderson, R. J. (2010). Security engineering: a guide to building dependable distributed systems. John Wiley & Sons.
Arvanitou, E. M., Ampatzoglou, A., Chatzigeorgiou, A., Galster, M., & Avgeriou, P. (2017). A mapping study on design-time quality attributes and metrics. Journal of Systems and Software, 127, 52–77.
Bansiya, J., & Davis, C. G. (2002). A hierarchical model for object-oriented design quality assessment. IEEE Transactions on Software Engineering, 28(1), 4–17.
Barney, S., Petersen, K., Svahnberg, M., Aurum, A., & Barney, H. (2012). Software quality trade-offs: a systematic map. Information and Software Technology, 54(7), 651–662.
Basin, D., Doser, J., & Lodderstedt, T. (2006). Model driven security: from UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM), 15(1), 39–91.
Bernardi, S., Donatelli, S., & Merseguer, J. (2002). From UML sequence diagrams and statecharts to analysable petri net models, Proceedings of the 3rd international workshop on Software and performance (pp. 35–45). ACM.
Blakley, B., & Heath, C. (2004). Security design patterns (1s Edition). The Open Group Security Forum.
Bunke, M. (2015). Software-security patterns: degree of maturity. Proceedings of the 20th European Conference on Pattern Languages of Programs, Kaufbeuren, Germany, (p. 42). ACM.
Choppy, C., Klai, K., & Zidani, H. (2011). Formal verification of UML state diagrams: a petri net based approach. ACM SIGSOFT Software Engineering Notes, 36(1), 1–8.
Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional requirements in software engineering (1st Edition). Springer Science & Business Media.
Ciria, J. C., Domínguez, E., Escario, I., Francés, Á., Lapeña, M. J., & Zapata, M. A. (2014). The history-based authentication pattern, Proceedings of the 19th European Conference on Pattern Languages of Programs (p. 30). ACM.
de Muijnck-Hughes, J., & Duncan, I. (2012). Thinking towards a pattern language for predicate based encryption crypto-systems, Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on. IEEE, Gaithersburg, USA, (pp. 27–32).
Ding, Z., Jiang, M., & Zhou, M. (2016). Generating petri net-based behavioral models from textual use cases and application in railway networks. IEEE Transactions on Intelligent Transportation Systems, 17(12), 3330–3343.
Dong, J., Peng, T., & Zhao, Y. (2010). Automated verification of security pattern compositions. Information and Software Technology, 52(3), 274–295.
Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., & Togashi, K. (2009). Secure design patterns (Technical Report). Software Engineering Institute, Carnegie Mellon University.
Duncan, I., & de Muijnck-Hughes, J. (2014). Security pattern evaluation, Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, Oxford, UK, (pp. 428–429). IEEE.
Elahi, G., Yu, E., Li, T., & Liu, L. (2011). Security requirements engineering in the wild: a survey of common practices, Computer Software and Applications Conference (COMPSAC), 2011 IEEE 35th Annual (pp. 314–319). IEEE.
Fernandez, E. B. (2013). Security patterns in practice: designing secure architectures using software patterns (1st Edition). John Wiley & Sons.
Fernandez, E.B., Ortega-Arjona, J.L., 2009. Securing the Adapter pattern, OOPSLA MiniPLoP Conference, Orlando, Florida, USA.
Fernandez, E.B., Pan, R., 2001. A pattern language for security models, International PLoP 2001 Conference, Monticello, Illinois, USA.
Fernandez, E. B., & Sinibaldi, J. (2003). More patterns for operating system access control (pp. 381–398). EuroPLoP.
Fernandez, E.B., Mujica, S., Valenzuela, F., 2011. Two security patterns: least privilege and security logger and auditor, Proceedings of the 2nd Asian Conference on Pattern Languages of Programs. ACM, Tokyo, pp. 1–6.
Fernández, E. B., Monge, A. R., Carvajal, R., Encina, O., Hernández, J., & Silva, P. (2014). Patterns for content-dependent and context-enhanced authorization, Proceedings of the 19th European Conference on Pattern Languages of Programs, Kloster Irsee, Germany, (p. 32). ACM.
Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224–274.
Fowler, M., 2018. Refactoring homepage (Available at: https://refactoring.com/catalog/https://refactoring.com/catalog/).
Fowler, M., Beck, K., Brant, J., Opdyke, W., & Roberts, D. (1999). Refactoring: improving the design of existing code (1st Edition). Addison-Wesley Professional.
Gamma, E., Johnson, R., Helm, R., & Vlissides, J. (1995). Design patterns: elements of reusable object-oriented software (1st Edition). Addison Wesley.
Gondi, V. B. (2010). Secure chained observer pattern in distributed systems, Proceedings of the 17th Conference on Pattern Languages of Programs, Nevada, USA, (pp. 1–9). ACM.
Hafiz, M. (2006). A collection of privacy design patterns, Proceedings of the 2006 conference on Pattern languages of programs, Portland, USA, (pp. 1–13). Portland: ACM.
Hafiz, M. (2013). A pattern language for developing privacy enhancing technologies. Software: Practice and Experience, 43, 769–787.
Hafiz, M., Adamczyk, P., & Johnson, R. E. (2012). Growing a pattern language (for security), Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software (pp. 139–158). ACM.
Haigh, M. (2010). Software quality, non-functional software requirements and IT-business alignment. Software Quality Journal, 18(3), 361–385.
Halkidis, S. T., Chatzigeorgiou, A., & Stephanides, G. (2006). A qualitative analysis of software security patterns. Computers & Security, 25(5), 379–392.
Hamid, B., Desnos, N., Grepet, C., & Jouvray, C. (2010). Model-based security and dependability patterns in RCES: the TERESA approach, Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems, Vienna, Austria, (p. 8). ACM.
Hamid, B., Geisel, J., Ziani, A., Bruel, J.-M., & Perez, J. (2013). Model-driven engineering for trusted embedded systems based on security and dependability patterns, International SDL Forum, Montreal, Canada, (pp. 72–90). Springer.
Hashizume, K., & Fernandez, E. B. (2009). Symmetric encryption and xml encryption patterns, Proceedings of the 16th Conference on Pattern Languages of Programs, Chicago, Illinois, USA, (p. 13). ACM.
Heyman, T., Yskout, K., Scandariato, R., & Joosen, W. (2007). An analysis of the security patterns landscape, Proceedings of the Third International Workshop on Software Engineering for Secure Systems (p. 3). IEEE Computer Society.
Howard, M., & LeBlanc, D. (2003). Writing secure code (2nd Edition). Microsoft Press.
Hu, Z., & Shatz, S. M. (2004). Mapping UML diagrams to a petri net notation for system simulation. Software Engineering and Knowledge Engineering (SEKE), Banff, Alberta, Canada, (pp. 213–219)
Jafari, A. J., & Rasoolzadegan, A. (2016). Securing gang of four design patterns, Proceedings of the 23rd Conference on Pattern Languages of Programs. Monticello, Illinois, USA, (p. 5). ACM.
Jafari, A. J., & Rasoolzadegan, A., (2019). Security patterns: a systematic mapping study (submitted for publication).
Jasiul, B., Szpyrka, M., & Śliwa, J. (2014). Malware behavior modeling with colored petri nets, IFIP International Conference on Computer Information Systems and Industrial Management (pp. 667–679). Springer.
Jürjens, J. (2005). Secure systems development with UML (1st Edition). Springer Science & Business Media.
Jürjens, J., & Shabalin, P. (2007). Tools for secure systems development with UML. International Journal on Software Tools for Technology Transfer, 9(5-6), 527–544.
Kienzle, D. M., Elder, M. C., Tyree, D., & Edwards-Hewitt, J. (2002). Security patterns repository version 1.0. Washington DC: DARPA.
Kobashi, T., Yoshioka, N., Okubo, T., Kaiya, H., Washizaki, H., & Fukazawa, Y. (2013). Validating security design patterns application using model testing, availability, Reliability and security (ARES), 2013 Eighth International Conference on, Regensburg, Germany, (pp. 62–71). IEEE.
Koch, M., & Parisi-Presicce, F. (2006). UML specification of access control policies and their formal verification. Software and Systems Modeling, 5(4), 429–447.
Laverdiere, M., Mourad, A., Hanna, A., & Debbabi, M. (2006). Security design patterns: survey and evaluation, 2006 Canadian Conference on Electrical and Computer Engineering, Ottawa, Ontario, Canada, (pp. 1605–1608). IEEE.
Mariani, T., & Vergilio, S. R. (2017). A systematic review on search-based refactoring. Information and Software Technology, 83, 14–34.
Mayvan, B. B., Rasoolzadegan, A., & Yazdi, Z. G. (2017). The state of the art on design patterns: a systematic mapping of the literature. Journal of Systems and Software, 125, 93–118.
Mens, T., & Tourwé, T. (2004). A survey of software refactoring. IEEE Transactions on Software Engineering, 30(2), 126–139.
Misbhauddin, M., & Alshayeb, M. (2015). UML model refactoring: a systematic literature review. Empirical Software Engineering, 20(1), 206–251.
Mkaouer, M. W., Kessentini, M., Bechikh, S., Cinnéide, M. Ó., & Deb, K. (2016). On the use of many quality attributes for software refactoring: a many-objective search-based software engineering approach. Empirical Software Engineering, 21(6), 2503–2545.
Motii, A., Lanusse, A., Hamid, B., & Bruel, J.-M. (2016). Model-based real-time evaluation of security patterns: A SCADA system case study, International Conference on Computer Safety, Reliability, and Security (pp. 375–389). Springer.
Opdyke, W.F., 1992. Refactoring object-oriented frameworks. PhD Thesis, University of Illinois Urbana-Champaign, IL, USA.
Ortiz, R., Garzás, J., & Fernández-Medina, E. (2011). Analysis of application of security patterns to build secure systems, International Conference on Advanced Information Systems Engineering, London, UK, (pp. 652–659). Springer.
Priebe, T., Fernandez, E. B., Mehlau, J. I., & Pernul, G. (2004). A pattern system for access control, research directions in data and applications security XVIII: 18th Annual Conference on Data and Applications Security July 25–28, 2004, Sitges, Spain (pp. 235–249). Boston: Springer US.
Regnell, B., Svensson, R. B., & Olsson, T. (2008). Supporting roadmapping of quality requirements. IEEE Software, 25(2), 42–47.
Riaz, M., Breaux, T., & Williams, L. (2015). How have we evaluated software pattern application? A systematic mapping study of research design practices. Information and Software Technology, 65, 14–38.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, 29(2), 38–47.
Schumacher, M., Fernandez, E. B., Hybertson, D., Buschmann, F., & Sommerlad, P. (2013). Security patterns: integrating security and systems engineering (1st Edition). John Wiley & Sons.
Smith, B., & Williams, L. (2012). On the effective use of security test patterns, software security and reliability (SERE), 2012 IEEE Sixth International Conference on, Gaithersburg, MD, USA, (pp. 108–117). IEEE.
Steel, C., & Nagappan, R. (2006). Core security patterns: best practices and strategies for “J2EE”, web services, and identity management (1st Edition). Prentice Hall.
Steinegger, R. H., Deckers, D., Giessler, P., & Abeck, S. (2016). Risk-based authenticator for web applications. Proceedings of the 21st European Conference on Pattern Languages of Programs, Kaufbeuren, Germany, (p. 16). ACM.
Sultana, K. Z., Williams, B. J., & Bhowmik, T. (2017). A study examining relationships between micro patterns and security vulnerabilities. Software Quality Journal, 27(1), 5-41.
Thierry-Mieg, Y., & Hillah, L.-M. (2008). UML behavioral consistency checking using instantiable petri nets. Innovations in Systems and Software Engineering, 4(3), 293–300.
Uzunov, A. V., Fernandez, E. B., & Falkner, K. (2012). Securing distributed systems using patterns: a survey. Computers & Security, 31(5), 681–703.
Van Den Berghe, A., Scandariato, R., Yskout, K., & Joosen, W. (2015). Design notations for secure software: a systematic literature review. Software and Systems Modeling, 16, 809–831.
Yang, N., Yu, H., Sun, H., & Qian, Z. (2012). Modeling UML sequence diagrams using extended petri nets. Telecommunication Systems, 51(2-3), 147–158.
Yin, R. K. (2009). Case study research: design and methods (applied social research methods). London and Singapore: Sage.
Yoder, J., Barcalow, J., 1997. Architectural patterns for enabling application security, 4th Conference on Pattern Languages of Programs (PLoP'97), Monticello, Illinois, USA.
Yskout, K., Scandariato, R., & Joosen, W. (2015). Do security patterns really help designers?, Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on, Florence, Italy, (pp. 292–302). IEEE.
Yu, S., Wang, C., Ren, K., & Lou, W. (2010). Achieving secure, scalable, and fine-grained data access control in cloud computing, Infocom, 2010 proceedings IEEE, San Diego, CA, USA, (pp. 1–9). IEEE.
Zhang, C., & Budgen, D. (2012). What do we know about the effectiveness of software design patterns? IEEE Transactions on Software Engineering, 38(5), 1213–1231.
Zhang, F., Hassan, A. E., McIntosh, S., & Zou, Y. (2017). The use of summation to aggregate software metrics hinders the performance of defect prediction models. IEEE Transactions on Software Engineering, 43(5), 476–491.
Zhu, L., Aurum, A., Gorton, I., & Jeffery, R. (2005). Tradeoff and sensitivity analysis in software architecture evaluation using analytic hierarchy process. Software Quality Journal, 13(4), 357–375.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix. Results for the role-based access control pattern variant
Appendix. Results for the role-based access control pattern variant
This section presents the results for the enrichment, mutation, and evaluation phases of our approach on another case study: “The role-based access control pattern.” The fine-grain details of the enrichment, mutation, and evaluation phases are similar to the guidelines in the paper and thus will not be repeated here. Figure 11 shows the initial pattern structure in the literature, and Fig. 12 illustrates the enriched version after adding the appropriate attributes, methods, and the UMLSec notation.
The original role-based access control security pattern (Fernandez 2013)
The enriched role-based access control security pattern
We can see the mutated versions of the enriched pattern in Figs. 13 and 14. These mutations are created using the previously mentioned guidelines of encapsulating change, favoring composition over inheritance and finding opportunities to apply GoF patterns. The first mutation, illustrated in Fig. 13, utilizes the Extract Method, Extract Class, Extract Superclass, Extract Subclass, and Replace Inheritance with Composition refactoring rules. The second mutation, illustrated in Fig. 14, utilizes the Parametrize Method, Extract Class, and Add Parameter refactoring rules.
The class diagram of the first mutation
The class diagram of the second mutation
The evaluation results for the QMOOD quality metrics are presented in Table 7. The normalized results are illustrated using the radar diagrams of Fig. 15 to better depict quality trends in different mutations. As can be seen, the first mutation provides better reusability and functionality than the originally enriched version of the pattern, albeit with a little less understandability and flexibility. This is yet another example of the inherent trade-offs between quality attributes discussed in the paper. Reusability and flexibility suffer far less in the second mutation (almost negligible), but as a result, there is a lesser degree of improvement in other attributes.
The evaluation results for the class security and design security metrics are presented in Table 8. The radar diagrams in Figs. 16 and 17, respectively, illustrate the normalized values of these results. As can be seen in Fig. 16, the first mutation has caused a very significant increase in the CMW and CAIW metrics, whereas the most prominent trend for the second mutation is the increase of CAAI and the decrease of the CMAI metric. Looking at the design security metrics in Fig. 17, we observe that the first mutation has caused a spike in the CSP and CMI metrics while the second mutation is not so different than the enriched version. These results clearly illustrate the difference in security attributes for the two identically behaved mutations.
Normalized QMOOD evaluation results for the first and second mutation
Normalized class security evaluation results for the first and second mutation
Normalized design security evaluation results for the first and second mutation
Rights and permissions
About this article
Cite this article
Javan Jafari, A., Rasoolzadegan, A. Quality-centric security pattern mutations. Software Qual J 27, 1531–1561 (2019). https://doi.org/10.1007/s11219-019-09454-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-019-09454-5