The architecture design of a software system plays a crucial role in addressing security requirements early in the development lifecycle through forming design solutions that prevent or mitigate attacks in a system. Consequently, flaws in the software architecture can impact various security concerns in the system, thereby introducing severe breaches that could be exploited by attackers. In this context, this thesis presents the new concept of Common Architectural Weakness Enumeration (CAWE), a catalog that identifies and categorizes common types of vulnerabilities rooted in the software architecture design and provides mitigation techniques to address each of them. Through this catalog, we aim to promote the awareness of architectural flaws and stimulate security design thinking to developers, architects and software engineers. This work also investigates the reported vulnerabilities from four real and complex software systems to verify the existence and implications of architecture weaknesses. From this investigation, we noted that a variety of breaches are indeed rooted in the software design (at least 35% in the investigated systems), providing evidence that architectural weaknesses frequently occurs in complex systems, resulting in medium to high severe vulnerabilities. Therefore, a catalog of such type of weaknesses can be useful for adopting proactive approaches to avoid design vulnerabilities.

Library of Congress Subject Headings

Software architecture--Security measures; Software architecture--Design

Publication Date


Document Type


Student Type


Degree Name

Software Engineering (MS)

Department, Program, or Center

Software Engineering (GCCIS)


Mehdi Mirakhorli

Advisor/Committee Member

J. Scott Hawker

Advisor/Committee Member

Stephanie Ludi


Physical copy available from RIT's Wallace Library at QA76.76.D47 D37 2016


RIT – Main Campus