A security pattern detection framework for building more secure software

Security patterns are one of the reusable building blocks of a secure software architecture that provide solutions to particular recurring security problems in given contexts. Incomplete or nonstandard implementation of security patterns may produce vulnerabilities and invite attackers. Therefore, the detection of security patterns improves the quality of security features. In this paper, we propose a security pattern detection (SPD) framework and its internal pattern matching techniques. The frame-work provides a platform for data extraction, pattern matching, and semantic analysis techniques. We implement ordered matrix matching (OMM) and non-uniform distributed matrix matching (NDMM) techniques. The OMM technique detects a security pattern matrix inside the target system matrix (TSM). The NDMM technique determines whether the relationships between all classes of a security pattern are similar to the relationships between some classes of the TSM. The semantic analysis is used to reduce the rate of false positives. We evaluate and compare the performance of the proposed SPD framework using both matching techniques based on four case studies independently. The results show that the NDMM technique provides the location of the security patterns, and it is highly flexible, scalable and has high accuracy with acceptable memory and time consumption for large projects. (c) 2020 Elsevier Inc. All rights reserved.