To engineer secure software systems, software architects elicit the system’s security requirements for adopting suitable architectural solutions. Software architects often make use of architectural security tactics when devising the system’s security architecture. Security tactics are reusable solutions to detect, resist, recover from, and react to attacks. Flaws in the adoption of these architectural tactics, their incorrect implementation, or their deterioration during software maintenance activities can lead to vulnerabilities.
In this talk, Joanna C. S. Santos will present her research work on investigating tactical vulnerabilities in software systems. First, she will introduce empirical studies conducted using vulnerability reports from large-scale open source systems to better understand vulnerabilities related to security tactics. Subsequently, she will present her ongoing work on identifying these issues during implementation by analyzing software artifacts. Lastly, she will elucidate on her future work plans.
Joanna C. S. Santos is a Ph.D. candidate at Rochester Institute of Technology. She has an M.Sc. in Software Engineering from Rochester Institute of Technology (RIT, USA) and a B.Sc. in Computer Engineering from Federal University of Sergipe (UFS, Brazil). Her research lies in the broad area of security and software engineering. She is the recipient of the Best Paper Award at the 2017 IEEE International Conference on Software Architecture (ICSA) for the paper “Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP, and Thunderbird.” She also won the Research Pitch competition at JOBS Workshop 2020.
Contact Ginny Watterson for Zoom link.