Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors
| Main Author: | |
|---|---|
| Publication Date: | 2023 |
| Other Authors: | |
| Format: | Article |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | http://hdl.handle.net/10400.19/8370 |
Summary: | The importance of software security has increased along with the number and severity of incidents in recent years. Security is a multidisciplinary aspect of the software development lifecycle, operation, and user utilization. Being a complex and specialized area of software engineering, it is often sidestepped in software development methodologies and processes. We address software security at the design level by adopting design patterns that encapsulate reusable solutions for recurring security problems. Design patterns can help development teams implement the best-proven solutions for a specialized problem domain. However, from the analysis of three secure pattern implementations by 70 junior programmers, we detected several structural errors resulting from their interpretation. We propose reusable unit testing test cases based on annotations to avoid secure pattern interpretation errors and provide an example for one popular secure pattern. Providing these test cases to the same group of programmers, they implemented the pattern without errors. The reason is annotations build a framework that disciplines programmers to incorporate secure patterns in their applications and ensure automatic testing. |
| id |
RCAP_8b6684bd00431a7512b4ca60bb539adf |
|---|---|
| oai_identifier_str |
oai:repositorio.ipv.pt:10400.19/8370 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation ErrorsSecuritySoftware reliabilitySoftware testingMeasurementComputer architectureCodesThe importance of software security has increased along with the number and severity of incidents in recent years. Security is a multidisciplinary aspect of the software development lifecycle, operation, and user utilization. Being a complex and specialized area of software engineering, it is often sidestepped in software development methodologies and processes. We address software security at the design level by adopting design patterns that encapsulate reusable solutions for recurring security problems. Design patterns can help development teams implement the best-proven solutions for a specialized problem domain. However, from the analysis of three secure pattern implementations by 70 junior programmers, we detected several structural errors resulting from their interpretation. We propose reusable unit testing test cases based on annotations to avoid secure pattern interpretation errors and provide an example for one popular secure pattern. Providing these test cases to the same group of programmers, they implemented the pattern without errors. The reason is annotations build a framework that disciplines programmers to incorporate secure patterns in their applications and ensure automatic testing.Instituto Politécnico de ViseuCunha, CarlosPombo, Nuno2024-05-06T10:23:57Z20232023-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.19/8370eng10.1109/ACCESS.2023.3279823info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-06T13:53:17Zoai:repositorio.ipv.pt:10400.19/8370Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T00:07:57.755222Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| title |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| spellingShingle |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors Cunha, Carlos Security Software reliability Software testing Measurement Computer architecture Codes |
| title_short |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| title_full |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| title_fullStr |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| title_full_unstemmed |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| title_sort |
Automated Reusable Tests for Mitigating Secure Pattern Interpretation Errors |
| author |
Cunha, Carlos |
| author_facet |
Cunha, Carlos Pombo, Nuno |
| author_role |
author |
| author2 |
Pombo, Nuno |
| author2_role |
author |
| dc.contributor.none.fl_str_mv |
Instituto Politécnico de Viseu |
| dc.contributor.author.fl_str_mv |
Cunha, Carlos Pombo, Nuno |
| dc.subject.por.fl_str_mv |
Security Software reliability Software testing Measurement Computer architecture Codes |
| topic |
Security Software reliability Software testing Measurement Computer architecture Codes |
| description |
The importance of software security has increased along with the number and severity of incidents in recent years. Security is a multidisciplinary aspect of the software development lifecycle, operation, and user utilization. Being a complex and specialized area of software engineering, it is often sidestepped in software development methodologies and processes. We address software security at the design level by adopting design patterns that encapsulate reusable solutions for recurring security problems. Design patterns can help development teams implement the best-proven solutions for a specialized problem domain. However, from the analysis of three secure pattern implementations by 70 junior programmers, we detected several structural errors resulting from their interpretation. We propose reusable unit testing test cases based on annotations to avoid secure pattern interpretation errors and provide an example for one popular secure pattern. Providing these test cases to the same group of programmers, they implemented the pattern without errors. The reason is annotations build a framework that disciplines programmers to incorporate secure patterns in their applications and ensure automatic testing. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023 2023-01-01T00:00:00Z 2024-05-06T10:23:57Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.19/8370 |
| url |
http://hdl.handle.net/10400.19/8370 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
10.1109/ACCESS.2023.3279823 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833600412150661120 |