[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2855321.2855371acmotherconferencesArticle/Chapter ViewAbstractPublication PageseuroplopConference Proceedingsconference-collections
research-article

Patterns for software integrity protection

Published: 08 July 2015 Publication History

Abstract

Protecting the integrity of software modules is a critical task on all secure systems. Although many different technologies exist to examine and ensure software integrity, to the best of our knowledge, no security patterns that describe the underlying concepts exist yet. This work provides two new patterns that aim to provide solutions for examining, enforcement and attestation of software integrity. The application of the patterns is shown in a practical example that also illustrates the importance of these concepts.

References

[1]
Cowan, C., Beattie, S., Kroah-Hartman, G., and Pu, C. 2000. SubDomain: Parsimonious Server Security. USENIX LISA C, 1--20.
[2]
Davi, L., Sadeghi, A., and Winandy, M. 2011. ROPdefender: A detection tool to defend against return-oriented programming attacks. ASIACCS, 1--22.
[3]
Feng, W., Qin, Y., Yu, A.-m., and Feng, D. 2011. A DRTM-Based Method for Trusted Network Connection. In Trust, Security and Privacy in Computing and Communications (TrustCom).
[4]
Fernandez, E. 2002. Patterns for operating systems access control. Proceedings of of PLoP.
[5]
Fernandez, E., Mujica, S., and Francisca, V. 2011. Two security patterns: least privilege and security logger/auditor. Asian ....
[6]
Hashizume, K., Fernández, E., and Huang, S. 2009. Digital Signature with Hashing and XML Signature patterns. Proceedings of the 14th Conference on Pattern Languages of Programs (PLoP 2009), 1--21.
[7]
Kumar, A. and Fernandez, E. 2012. Security Patterns for Intrusion Detection Systems. 1st LACCEI International Symposium on Software Architecture and Patterns.
[8]
Löhr, H., Sadeghi, A.-R., and Winandy, M. 2010. Patterns for Secure Boot and Secure Storage in Computer Systems. 2010 International Conference on Availability, Reliability and Security, 569--573.
[9]
Loscocco, N. P. 2001. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical Conference. Number February.
[10]
Mouratidis, H. and Giorgini, P. 2003. Security patterns for agent systems. 8th European Conference on Pattern Languages of Programs, 1--16.
[11]
Safford, D. and Zohar, M. 2005. Trusted computing and open source. Information Security Technical Report 10, 74--82.
[12]
Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. 2004. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium.
[13]
Xu, W., Zhang, X., and Hu, H. 2012. Remote attestation with domain-based integrity model and policy analysis. Dependable and Secure Computing 9, 3, 429--442.

Cited By

View all
  • (2024)Research Landscape of Patterns in Software Engineering: Taxonomy, State-of-the-Art, and Future DirectionsSN Computer Science10.1007/s42979-024-02767-85:4Online publication date: 8-Apr-2024
  • (2016)Static and dynamic integrity properties patternsProceedings of the 21st European Conference on Pattern Languages of Programs10.1145/3011784.3011798(1-11)Online publication date: 6-Jul-2016

Recommendations

Reviews

Michael G. Murphy

Patterns have a growing presence in supporting software analysis and development. This paper addresses the issue of patterns as a tool for protecting software integrity, a setting in which patterns have been underused. Two new patterns are described that focus on software integrity in terms of protection and attestation: Integrity protection prevents execution of modified software modules, and integrity attestation ensures software integrity to a remote system. After a brief introductory section, the second section introduces and discusses a number of relevant existing patterns incorporated in or related to the new patterns. A straightforward online banking scenario is then used to motivate the need for attention to integrity issues. The fourth and fifth sections provide well-organized analysis and insight into the relevant aspects of patterns addressing integrity protection and integrity attestation, respectively. The next section looks at how to select and apply the patterns. Five figures and one table help the reader visualize key concepts. In general, the layout of the paper makes it quite easy to read and absorb. This paper should appeal to researchers and practitioners in the software pattern community and those with an interest in the protection of software integrity. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of Programs
July 2015
714 pages
ISBN:9781450338479
DOI:10.1145/2855321
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. security patterns
  2. software integrity

Qualifiers

  • Research-article

Conference

EuroPLoP 2015

Acceptance Rates

Overall Acceptance Rate 216 of 354 submissions, 61%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Research Landscape of Patterns in Software Engineering: Taxonomy, State-of-the-Art, and Future DirectionsSN Computer Science10.1007/s42979-024-02767-85:4Online publication date: 8-Apr-2024
  • (2016)Static and dynamic integrity properties patternsProceedings of the 21st European Conference on Pattern Languages of Programs10.1145/3011784.3011798(1-11)Online publication date: 6-Jul-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media