A method for resolving security vulnerabilities through the use of design patterns

Nick Walker, Natalie J. Coull, R. Ian Ferguson, Allan Milne

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Citation (Scopus)

Abstract

Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.
Original languageEnglish
Title of host publicationCyberpatterns
Subtitle of host publicationunifying design patterns with wecurity and attack patterns
EditorsClive Blackwell, Hong Zhu
Place of PublicationLondon
PublisherSpringer International Publishing
Chapter12
Pages149-155
Number of pages7
ISBN (Electronic)9783319044477
ISBN (Print)9783319044460, 9783319352183
DOIs
Publication statusPublished - 14 May 2014

Fingerprint

Software engineering
Data storage equipment
Software testing
Taxonomies
Engineers
Testing
Industry

Cite this

Walker, N., Coull, N. J., Ferguson, R. I., & Milne, A. (2014). A method for resolving security vulnerabilities through the use of design patterns. In C. Blackwell, & H. Zhu (Eds.), Cyberpatterns: unifying design patterns with wecurity and attack patterns (pp. 149-155). London: Springer International Publishing. https://doi.org/10.1007/978-3-319-04447-7_12
Walker, Nick ; Coull, Natalie J. ; Ferguson, R. Ian ; Milne, Allan. / A method for resolving security vulnerabilities through the use of design patterns. Cyberpatterns: unifying design patterns with wecurity and attack patterns. editor / Clive Blackwell ; Hong Zhu. London : Springer International Publishing, 2014. pp. 149-155
@inbook{702e0b243b944dff993a84f1bc7ad38c,
title = "A method for resolving security vulnerabilities through the use of design patterns",
abstract = "Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.",
author = "Nick Walker and Coull, {Natalie J.} and Ferguson, {R. Ian} and Allan Milne",
year = "2014",
month = "5",
day = "14",
doi = "10.1007/978-3-319-04447-7_12",
language = "English",
isbn = "9783319044460",
pages = "149--155",
editor = "Clive Blackwell and Hong Zhu",
booktitle = "Cyberpatterns",
publisher = "Springer International Publishing",

}

Walker, N, Coull, NJ, Ferguson, RI & Milne, A 2014, A method for resolving security vulnerabilities through the use of design patterns. in C Blackwell & H Zhu (eds), Cyberpatterns: unifying design patterns with wecurity and attack patterns. Springer International Publishing, London, pp. 149-155. https://doi.org/10.1007/978-3-319-04447-7_12

A method for resolving security vulnerabilities through the use of design patterns. / Walker, Nick; Coull, Natalie J.; Ferguson, R. Ian; Milne, Allan.

Cyberpatterns: unifying design patterns with wecurity and attack patterns. ed. / Clive Blackwell; Hong Zhu. London : Springer International Publishing, 2014. p. 149-155.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - A method for resolving security vulnerabilities through the use of design patterns

AU - Walker, Nick

AU - Coull, Natalie J.

AU - Ferguson, R. Ian

AU - Milne, Allan

PY - 2014/5/14

Y1 - 2014/5/14

N2 - Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.

AB - Most software development companies conduct in-house testing of their code prior to releasing their product, yet software vulnerabilities are still found every single day in the most prevalent of applications. Memory corruption vulnerabilities are amongst the most difficult to detect, but can be the most dangerous. This research presents both an effective taxonomy of these vulnerabilities, which can be used to identify software threats and a methodology to maximize the number of memory corruption vulnerabilities that are identified during software testing. A means of cataloguing such vulnerabilities was required: As design patterns were already familiar to software engineers the use of a pattern language seemed appropriate, particularly as the solution to the vulnerabilities lay in the software engineering domain.

U2 - 10.1007/978-3-319-04447-7_12

DO - 10.1007/978-3-319-04447-7_12

M3 - Chapter

SN - 9783319044460

SN - 9783319352183

SP - 149

EP - 155

BT - Cyberpatterns

A2 - Blackwell, Clive

A2 - Zhu, Hong

PB - Springer International Publishing

CY - London

ER -

Walker N, Coull NJ, Ferguson RI, Milne A. A method for resolving security vulnerabilities through the use of design patterns. In Blackwell C, Zhu H, editors, Cyberpatterns: unifying design patterns with wecurity and attack patterns. London: Springer International Publishing. 2014. p. 149-155 https://doi.org/10.1007/978-3-319-04447-7_12