Towards an Architecture-Centric Approach to Security Analysis

TLDR

Architecture design decisions are increasingly recognized as critical for software security, yet research remains largely anecdotal with few tools to analyze their impact. The study applies a DRSpace‑based analysis to detect architectural design flaws and examine their correlation with security bugs and code churn in 10 open‑source projects. The authors use a DRSpace‑based framework and analyze 10 open‑source projects to assess architectural flaws, security bugs, and code churn. The analysis reveals that more design flaws correlate with more security bugs and higher churn, and that unstable interfaces are the most strongly associated with security bugs.

Abstract

Recently there has been increased attention to the consequences of architecture design decisions and their impact on security. Architectural design decisions have been identified as being critical for achieving high levels of software system security. However the majority of this research has been anecdotal and there are few tools or methods for understanding the architectural relations among files, and their impact on security. In this paper we employ a DRSpace-based analysis approach to identify architectural design flaws and we show, via an empirical study of 10 open source projects, that areas of a software architecture that suffer from greater numbers of design flaws are highly correlated with security bugs, and high levels of churn associated with those security bugs. Finally, we show that a specific type of design flaw -- unstable interface -- is correlated with the greatest increase in software security bugs.

References

Page 1

	Year	Citations

Page 1