Abstract

The architecture design of a software system plays a crucial role in addressing security requirements early in the development lifecycle through forming design solutions that prevent or mitigate attacks in a system. Consequently, flaws in the software architecture can impact various security concerns in the system, thereby introducing severe breaches that could be exploited by attackers. In this context, this thesis presents the new concept of Common Architectural Weakness Enumeration (CAWE), a catalog that identifies and categorizes common types of vulnerabilities rooted in the software architecture design and provides mitigation techniques to address each of them. Through this catalog, we aim to promote the awareness of architectural flaws and stimulate security design thinking to developers, architects and software engineers. This work also investigates the reported vulnerabilities from four real and complex software systems to verify the existence and implications of architecture weaknesses. From this investigation, we noted that a variety of breaches are indeed rooted in the software design (at least 35% in the investigated systems), providing evidence that architectural weaknesses frequently occurs in complex systems, resulting in medium to high severe vulnerabilities. Therefore, a catalog of such type of weaknesses can be useful for adopting proactive approaches to avoid design vulnerabilities.

Library of Congress Subject Headings

Software architecture--Security measures; Software architecture--Design

Publication Date

5-2016

Document Type

Thesis

Student Type

Graduate

Degree Name

Software Engineering (MS)

Department, Program, or Center

Software Engineering (GCCIS)

Advisor

Mehdi Mirakhorli

Advisor/Committee Member

J. Scott Hawker

Advisor/Committee Member

Stephanie Ludi

Comments

Physical copy available from RIT's Wallace Library at QA76.76.D47 D37 2016

Campus

RIT – Main Campus

Share

COinS