Enterprise security pattern: a new type of security pattern

In recent years, most organizations have suffered attacks against their information systems. For this reason, organizations should seek support from enterprise security architectures ESAs in order to secure their information assets. Security patterns can help when building complex ESAs, but they have some limitations that reduce their usability. In this paper, we define the metapattern of a new type of security pattern called Enterprise Security Pattern. This new metapattern provides a model-driven environment and combines all elements that must be considered when designing and building ESAs. We present here a precise meta-model and four diagrams to describe the metapattern of the enterprise security patterns. When avoiding a security problem, organizations could use enterprise security patterns to provide their designers with an optimal and proven security guideline and so standardize the design and building of the ESA for that problem. Enterprise security patterns could also facilitate the selection and tailoring of security policies, patterns, mechanisms, and technologies when a designer is building ESAs. To illustrate our ideas, we present an instance of this new type of pattern, showing how it can be used. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[2]  Charles Cresson Wood Information Security Policies Made Easy Version 8 , 2001 .

[3]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[4]  Charles C. Wood,et al.  Information Security Policies Made Easy , 1994 .

[5]  Manachai Toahchoodee,et al.  An aspect-oriented methodology for designing secure applications , 2009, Inf. Softw. Technol..

[6]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[7]  Jingyuan Zhang,et al.  A survey of cyber crimes , 2012, Secur. Commun. Networks.

[8]  Bruce Murphy,et al.  Enterprise Security Architecture , 2000, Inf. Secur. J. A Glob. Perspect..

[9]  Thomas O. Meservy,et al.  Transforming software development: an MDA road map , 2005, Computer.

[10]  Eduardo B. Fernández,et al.  Classifying Security Patterns , 2008, APWeb.

[11]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[12]  Maritta Heisel,et al.  A Pattern-Based Method to Develop Secure Software , 2011 .

[13]  Javier Garzás,et al.  A new pattern template to support the design of security architectures , 2010 .

[14]  Haralambos Mouratidis,et al.  Secure Software Systems Engineering: The Secure Tropos Approach (Invited Paper) , 2011, J. Softw..

[15]  Michael A. Jackson,et al.  Problem Frames - Analysing and Structuring Software Development Problems , 2000 .

[16]  Ibm Redbooks,et al.  Enterprise Security Architecture Using IBM Tivoli Security Solutions , 2004 .

[17]  Eduardo B. Fernández,et al.  Misuse patterns in VoIP , 2009, Secur. Commun. Networks.

[18]  Marc M. Lankhorst,et al.  Enterprise Architecture at Work - Modelling, Communication and Analysis, 2nd Edition , 2005, The Enterprise Engineering Series.

[19]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture: A System of Patterns: John Wiley & Sons , 1987 .

[20]  Eduardo B. Fernandez,et al.  Securing Design Patterns for Distributed Systems , 2007 .

[21]  Eduardo B. Fernandez,et al.  Two security patterns: least privilege and security logger and auditor , 2011, AsianPLoP '11.