A method for resolving security vulnerabilities through the use of design patterns

Nick Walker; Natalie Coull; Ian Ferguson; Allan Milne

doi:10.1007/978-3-319-04447-7_12

A method for resolving security vulnerabilities through the use of design patterns

Nick Walker, Natalie Coull^*, Ian Ferguson, Allan Milne

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Chapter

1 Citation (Scopus)

Abstract

Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.

Original language	English
Title of host publication	Cyberpatterns
Subtitle of host publication	unifying design patterns with wecurity and attack patterns
Editors	Clive Blackwell, Hong Zhu
Place of Publication	Cham
Publisher	Springer International Publishing
Chapter	12
Pages	149-155
Number of pages	7
ISBN (Electronic)	9783319044477
ISBN (Print)	9783319044460, 9783319352183
DOIs	https://doi.org/10.1007/978-3-319-04447-7_12
Publication status	Published - 14 May 2014

Keywords

Taxonomy
Memory corruption
Vulnerabilities
Patterns

Access to Document

10.1007/978-3-319-04447-7_12

Cite this

@inbook{702e0b243b944dff993a84f1bc7ad38c,

title = "A method for resolving security vulnerabilities through the use of design patterns",

abstract = "Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.",

author = "Nick Walker and Natalie Coull and Ian Ferguson and Allan Milne",

year = "2014",

month = may,

day = "14",

doi = "10.1007/978-3-319-04447-7_12",

language = "English",

isbn = "9783319044460",

pages = "149--155",

editor = "Clive Blackwell and Hong Zhu",

booktitle = "Cyberpatterns",

publisher = "Springer International Publishing",

}

A method for resolving security vulnerabilities through the use of design patterns. / Walker, Nick; Coull, Natalie ; Ferguson, Ian et al.
Cyberpatterns: unifying design patterns with wecurity and attack patterns. ed. / Clive Blackwell; Hong Zhu. Cham: Springer International Publishing, 2014. p. 149-155.

Research output: Chapter in Book/Report/Conference proceeding › Chapter

TY - CHAP

T1 - A method for resolving security vulnerabilities through the use of design patterns

AU - Walker, Nick

AU - Coull, Natalie

AU - Ferguson, Ian

AU - Milne, Allan

PY - 2014/5/14

Y1 - 2014/5/14

N2 - Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.

AB - Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.

U2 - 10.1007/978-3-319-04447-7_12

DO - 10.1007/978-3-319-04447-7_12

M3 - Chapter

SN - 9783319044460

SN - 9783319352183

SP - 149

EP - 155

BT - Cyberpatterns

A2 - Blackwell, Clive

A2 - Zhu, Hong

PB - Springer International Publishing

CY - Cham

ER -

A method for resolving security vulnerabilities through the use of design patterns

Abstract

Keywords

Access to Document

Fingerprint

Cite this