Implementation of Secure Software Design and their impact on Application

Abstract

Vulnerability is associated with the system and it is a big risk for system and result in surplus maintenance cost. It is due to many reasons those are not considered during the stages of System Development Life Cycle (SDLC). During SDLC it may be reduced to minimum level. Millions of dollars waste due to vulnerable application and rescind working. Most of the software are not secure and cause Physical and Financial mutilation. It may not be possible to eliminate vulnerability completely but it might be reduced to the minimum level because it is the ongoing process. A web application using secure design patterns (SDPs) is presented in this paper. Two secure design patterns and their implementation are given. Secure Strategy Design Pattern (SSDP) and Secure Builder Design Pattern (SBDP) are purposed for two different forms SSDP is used for Driver information page and SBDP is used for Route information page. Special codes are used for inquiring whether valid user is using site or not. A class of encryption/decryption technique is added to add security. An encryption/decryption technique named SHA-1 is used. The result shows that SDPs are beneficial to all application developers especially for the developers of critical and sensitive systems. The system suits secure and design pattern makes it simple to understand its functionality. However, any other encryption/decryption techniques may also be applied on it in place of SHA-1. In future we plan to attach this class with other design patterns to make them secure from attackers and eliminate vulnerable points. Many features can be included in web application with the help of different design patterns and can be secured by attaching encryption/decryption class.

References

• T. Richardson and C. N. Thies, Secure software design: Jones & Bartlett Publishers, (2012).
• C. Alexander, S. Ishikawa, and M. Silverstein, "A Pattern Language: Towns, Buildings, Construction (Center for Environmental Structure Series)," (1977).
• Beck, Kent, Cunningham, and Ward, "Using Pattern Languages for Object-Oriented Programs, Design Methodology for Object-Oriented Programming, Panel Session, OOPSLA," ACM, (1987).
• E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design patterns: elements of reusable object-oriented software: Pearson Education, (1994).
• K. Lano, "Design patterns: applications and open issues," in Cyberpatterns, ed: Springer, (2014), pp. 37-45.
• E. Fernandez, M. Larrondo-Petrie, T. Sorgente, and M. VanHilst, "Layers and non-functional patterns," Procs of ChiliPLoP, Phoenix, vol. 1, pp. 10-15, (2003).
• Fernandez, E. B, and X. Yuan, "Semantic analysis patterns," in Conceptual Modeling—ER 2000, ed: Springer, (2000), pp. 183-195.
• Fernandez, E. B, and J. Hawkins, "Determining role rights from use cases," in Proceedings of the second ACM workshop on Role-based access control, (1997), pp. 121-125.
• C. Alexander, Notes of the Synthesis of Form vol. 5: Harvard University Press, (1964).
• Hoglund, Greg, McGraw, and Gary, "Exploiting Software: How to Break Code," Addison Wesley, (2004).
• L. Rising, "Understanding the power of abstraction in patterns," Software, IEEE, vol. 24, pp. 46-51, (2007).
• D. C. Schmidt, "Using design patterns to develop reusable object-oriented communication software," Communications of the ACM, vol. 38, pp. 65-74, (1995).
• C. R. Dougherty, K. Sayre, R. Seacord, D. Svoboda, and K. Togashi, "Secure design patterns," Software Engineering Institute, (2009).

Index Terms

Keywords