research-article

Patterns for software integrity protection

Authors:

Tobias Rauter,

Andrea Höller,

Johannes Iber,

Christian KreinerAuthors Info & Claims

EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of Programs

Article No.: 49, Pages 1 - 10

https://doi.org/10.1145/2855321.2855371

Published: 08 July 2015 Publication History

Get Access

Abstract

Protecting the integrity of software modules is a critical task on all secure systems. Although many different technologies exist to examine and ensure software integrity, to the best of our knowledge, no security patterns that describe the underlying concepts exist yet. This work provides two new patterns that aim to provide solutions for examining, enforcement and attestation of software integrity. The application of the patterns is shown in a practical example that also illustrates the importance of these concepts.

References

[1]

Cowan, C., Beattie, S., Kroah-Hartman, G., and Pu, C. 2000. SubDomain: Parsimonious Server Security. USENIX LISA C, 1--20.

Digital Library

Google Scholar

[2]

Davi, L., Sadeghi, A., and Winandy, M. 2011. ROPdefender: A detection tool to defend against return-oriented programming attacks. ASIACCS, 1--22.

Google Scholar

[3]

Feng, W., Qin, Y., Yu, A.-m., and Feng, D. 2011. A DRTM-Based Method for Trusted Network Connection. In Trust, Security and Privacy in Computing and Communications (TrustCom).

Digital Library

Google Scholar

[4]

Fernandez, E. 2002. Patterns for operating systems access control. Proceedings of of PLoP.

Google Scholar

[5]

Fernandez, E., Mujica, S., and Francisca, V. 2011. Two security patterns: least privilege and security logger/auditor. Asian ....

Google Scholar

[6]

Hashizume, K., Fernández, E., and Huang, S. 2009. Digital Signature with Hashing and XML Signature patterns. Proceedings of the 14th Conference on Pattern Languages of Programs (PLoP 2009), 1--21.

Google Scholar

[7]

Kumar, A. and Fernandez, E. 2012. Security Patterns for Intrusion Detection Systems. 1st LACCEI International Symposium on Software Architecture and Patterns.

Google Scholar

[8]

Löhr, H., Sadeghi, A.-R., and Winandy, M. 2010. Patterns for Secure Boot and Secure Storage in Computer Systems. 2010 International Conference on Availability, Reliability and Security, 569--573.

Google Scholar

[9]

Loscocco, N. P. 2001. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical Conference. Number February.

Digital Library

Google Scholar

[10]

Mouratidis, H. and Giorgini, P. 2003. Security patterns for agent systems. 8th European Conference on Pattern Languages of Programs, 1--16.

Google Scholar

[11]

Safford, D. and Zohar, M. 2005. Trusted computing and open source. Information Security Technical Report 10, 74--82.

Digital Library

Google Scholar

[12]

Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. 2004. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium.

Digital Library

Google Scholar

[13]

Xu, W., Zhang, X., and Hu, H. 2012. Remote attestation with domain-based integrity model and policy analysis. Dependable and Secure Computing 9, 3, 429--442.

Digital Library

Google Scholar

Cited By

View all

Mzid RSelvi SAbid M(2024)Research Landscape of Patterns in Software Engineering: Taxonomy, State-of-the-Art, and Future DirectionsSN Computer Science10.1007/s42979-024-02767-85:4Online publication date: 8-Apr-2024
https://doi.org/10.1007/s42979-024-02767-8
Rauter THöller AIber JKreiner CPreschern CEloranta V(2016)Static and dynamic integrity properties patternsProceedings of the 21st European Conference on Pattern Languages of Programs10.1145/3011784.3011798(1-11)Online publication date: 6-Jul-2016
https://dl.acm.org/doi/10.1145/3011784.3011798

Index Terms

Patterns for software integrity protection
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Patterns
  2. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Client-server architectures
      2. Software architectures

Recommendations

Static and dynamic integrity properties patterns
EuroPlop '16: Proceedings of the 21st European Conference on Pattern Languages of Programs

Integrity is a crucial property in current computing systems. Due to natural or human-made (malicious and non-malicious) faults this property can be violated. Therefore, many methodologies and patterns that check or verify the integrity of systems or ...
Software-security patterns: degree of maturity
EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of Programs

Since Gamma et al. published their design patterns, patterns are very popular in the area of software engineering. They provide best practice to handle recurring problems during the software development phase. Three years later, security patterns ...
A qualitative analysis of software security patterns

Software security, which has attracted the interest of the industrial and research community during the last years, aims at preventing security problems by building software without the so-called security holes. One way to achieve this goal is to apply ...

Reviews

Reviewer: Michael G. Murphy

Patterns have a growing presence in supporting software analysis and development. This paper addresses the issue of patterns as a tool for protecting software integrity, a setting in which patterns have been underused. Two new patterns are described that focus on software integrity in terms of protection and attestation: Integrity protection prevents execution of modified software modules, and integrity attestation ensures software integrity to a remote system. After a brief introductory section, the second section introduces and discusses a number of relevant existing patterns incorporated in or related to the new patterns. A straightforward online banking scenario is then used to motivate the need for attention to integrity issues. The fourth and fifth sections provide well-organized analysis and insight into the relevant aspects of patterns addressing integrity protection and integrity attestation, respectively. The next section looks at how to select and apply the patterns. Five figures and one table help the reader visualize key concepts. In general, the layout of the paper makes it quite easy to read and absorb. This paper should appeal to researchers and practitioners in the software pattern community and those with an interest in the protection of software integrity. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of Programs

July 2015

714 pages

ISBN:9781450338479

DOI:10.1145/2855321

Conference Chair:
Claudius Link,
Program Chair:
Veli-Pekka Eloranta

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EuroPLoP 2015

EuroPLoP 2015: 20th European Conference on Pattern Languages of Programs

July 8 - 12, 2015

Kaufbeuren, Germany

Acceptance Rates

Overall Acceptance Rate 216 of 354 submissions, 61%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
152
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mzid RSelvi SAbid M(2024)Research Landscape of Patterns in Software Engineering: Taxonomy, State-of-the-Art, and Future DirectionsSN Computer Science10.1007/s42979-024-02767-85:4Online publication date: 8-Apr-2024
https://doi.org/10.1007/s42979-024-02767-8
Rauter THöller AIber JKreiner CPreschern CEloranta V(2016)Static and dynamic integrity properties patternsProceedings of the 21st European Conference on Pattern Languages of Programs10.1145/3011784.3011798(1-11)Online publication date: 6-Jul-2016
https://dl.acm.org/doi/10.1145/3011784.3011798

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Static and dynamic integrity properties patterns

Software-security patterns: degree of maturity

A qualitative analysis of software security patterns

Reviews

Access critical reviews of Computing literature here