Security Pattern Detection Through Diagonally Distributed Matrix Matching

Abstract

Security requirements should be realized in the design phase of a secure software system. Security patterns are artifacts used to implement security requirements as to security controls and features. The strength in the security of software systems is directly proportional to the number of security patterns used. We can use the number of existing security patterns to measure the security strength of software systems. Therefore, early detection of the absence of security patterns or non-standard security features will tremendously reduce development and maintenance costs. We first convert the security patterns and the software system model into graphs and store them as matrices in the security pattern detection process. Then, we explore and detect security patterns inside the software system using a matching technique. Finally, we remove false positives with the help of a semantic analysis technique. This paper proposes a diagonally distributed matrix matching (DDMM) technique for detecting security patterns. The detection technique uses a standard security pattern matrix (SPM). It selects the main diagonal of the SPM. Then compares it for matching with the diagonals of the target system matrix (TSM) using all possible combinations of diagonal elements. A security pattern detection tool is implemented based on the proposed DDMM technique. The experimental results show sufficient detection accuracy and reasonable time consumption for five java-based software projects with zero false positives.