A method for resolving security vulnerabilities through the use of design patterns

Nick Walker, Natalie Coull*, Ian Ferguson, Allan Milne

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingChapter

    1 Citation (Scopus)

    Abstract

    Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.
    Original languageEnglish
    Title of host publicationCyberpatterns
    Subtitle of host publicationunifying design patterns with wecurity and attack patterns
    EditorsClive Blackwell, Hong Zhu
    Place of PublicationCham
    PublisherSpringer International Publishing
    Chapter12
    Pages149-155
    Number of pages7
    ISBN (Electronic)9783319044477
    ISBN (Print)9783319044460, 9783319352183
    DOIs
    Publication statusPublished - 14 May 2014

    Fingerprint

    Dive into the research topics of 'A method for resolving security vulnerabilities through the use of design patterns'. Together they form a unique fingerprint.

    Cite this