Security Pattern Detection in Software Architectures
Loading...
Authors
Alvi, Aleem Khalid
Date
2025-10-03
Type
thesis
Language
eng
Keyword
Security Pattern , Software Architectures , Secure Software Design , Cybersecurity , Pattern Detection , Matrix Matching , Security Pattern Detection Framework (SPDF) , Software Security
Alternative Title
Abstract
Software design patterns help simplify large-scale software development by offering reusable solutions to common design challenges. Similarly, security patterns serve as reusable architectural solutions to recurring security problems and are essential for embedding robust security mechanisms in software systems. These patterns act as best practices for mitigating vulnerabilities and form crucial components in secure system design. However, applying security patterns can be error-prone. Several issues, including misused, omitted, or incorrectly implemented components, can leave systems vulnerable to attacks. To combat these shortcomings, detection techniques have emerged to identify when security patterns are missing, improperly used, or deviate from standard practice. While many methods exist for identifying general design patterns, only a handful specifically target security patterns. This thesis presents a generic security pattern detection framework that can employ various matrix-based matching techniques. The thesis first identifies the challenge of selecting appropriate security patterns through a systematic analysis of existing classification schemes. It proposes a novel classification framework aligned with the phases of the software development lifecycle. The framework uniquely incorporates security flaws by mapping security objectives to the requirements phase, security properties to the design phase, and attack patterns to the implementation phase. This process is enabling targeted and context-aware pattern selection. Building on this classification, the thesis introduces a Security Pattern Detection (SPD) framework to identify the presence or absence of security patterns within software systems through three core processes: system data extraction, pattern matching, and semantic validation. The SPD framework features three matrix-based matching techniques: Ordered Matrix Matching (OMM), which identifies complete pattern structures through ordered relationships; Non-Uniform Distributed Matrix Matching (NDMM), which detects partial or irregular implementations via class relationship similarity; and Diagonally Distributed Matrix Matching (DDMM), which uses diagonal matrix traversal for efficient detection in large-scale systems. The frameworkâs effectiveness is validated through experiments on multiple software systems, demonstrating high detection accuracy, zero false positives, and efficient resource usage. Among these, NDMM shows superior adaptability and precision, particularly in heterogeneous environments. Collectively, this research offers a unified approach to strategic classification and reliable detection of security patterns, significantly enhancing security assurance in software engineering.
Description
Citation
Publisher
License
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution-NonCommercial 4.0 International
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution-NonCommercial 4.0 International