Systematic Literature Review of Security Pattern Research

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s, about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

[1]  Nicolas Ferry,et al.  Research Landscape of Patterns and Architectures for IoT Security: A Systematic Review , 2020, 2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

[2]  Atsuo Hazeyama,et al.  Landscape of Architecture and Design Patterns for IoT Systems , 2020, IEEE Internet of Things Journal.

[3]  Foutse Khomh,et al.  Studying Software Engineering Patterns for Designing Machine Learning Systems , 2019, 2019 10th International Workshop on Empirical Software Engineering in Practice (IWESEP).

[4]  Rahma Bouaziz Collaborative Security Pattern Integration Process , 2019 .

[5]  Atsuo Hazeyama,et al.  Taxonomy and Literature Survey of Security Pattern Research , 2018, 2018 IEEE Conference on Application, Information and Network Security (AINS).

[6]  Eduardo B. Fernandez,et al.  A Survey of Network Function Virtualization Security , 2018, SoutheastCon 2018.

[7]  Muhammad Asif,et al.  Applying security patterns for authorization of users in IoT based applications , 2018, 2018 International Conference on Engineering and Emerging Technologies (ICEET).

[8]  Flora Amato,et al.  Model driven design and evaluation of security level in orchestrated cloud services , 2017, J. Netw. Comput. Appl..

[9]  Hironori Washizaki,et al.  Prioritization in Automotive Software Testing: Systematic Literature Review , 2018, QuASoQ@APSEC.

[10]  Eduardo B. Fernández,et al.  Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services , 2018, MODELSWARD.

[11]  Sébastien Salva,et al.  Using Data Integration for Security Testing , 2017, ICTSS.

[12]  Christoph Schmittner,et al.  Systematic Pattern Approach for Safety and Security Co-engineering in the Automotive Domain , 2017, SAFECOMP.

[13]  Hironori Washizaki Security patterns: Research direction, metamodel, application and verification , 2017, 2017 International Workshop on Big Data and Information Security (IWBIS).

[14]  Adam T. Sampson,et al.  Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities , 2017, ESSoS.

[15]  Haralambos Mouratidis,et al.  Supporting Secure Business Process Design via Security Process Patterns , 2017, BPMDS/EMMSAD@CAiSE.

[16]  Alexander Egyed,et al.  Exploiting traceability uncertainty between software architectural models and extra-functional results , 2017, J. Syst. Softw..

[17]  Sébastien Salva,et al.  A Methodology of Security Pattern Classification and of Attack-Defense Tree Generation , 2017, ICISSP.

[18]  Michael Eonsuk Shin,et al.  Model-based Design of Reusable Secure Connectors , 2017, MODELS.

[19]  Marcos Arjona,et al.  Security knowledge representation artifacts for creating secure IT systems , 2017, Comput. Secur..

[20]  John Mylopoulos,et al.  Holistic security requirements analysis for socio-technical systems , 2016, Software & Systems Modeling.

[21]  Foutse Khomh,et al.  ProMeTA: a taxonomy for program metamodels in program reverse engineering , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[22]  Sébastien Salva,et al.  A classification methodology for security patterns to help fix software weaknesses , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[23]  Jean-Michel Bruel,et al.  Guiding the Selection of Security Patterns for Real-Time Systems , 2016, 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS).

[24]  Jean-Michel Bruel,et al.  Model-Based Real-Time Evaluation of Security Patterns: A SCADA System Case Study , 2016, SAFECOMP Workshops.

[25]  Lidia Fuentes,et al.  Automatic Enforcement of Security Properties , 2016, TrustBus.

[26]  Christophe Feltus,et al.  Framework for Engineering Complex Security Requirements Patterns , 2016, 2016 6th International Conference on IT Convergence and Security (ICITCS).

[27]  Anton V. Uzunov A survey of security solutions for distributed publish/subscribe systems , 2016, Comput. Secur..

[28]  Eduardo B. Fernández,et al.  Threat Modeling in Cyber-Physical Systems , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[29]  Mohamed Zaki,et al.  Anti-spyware Security Design Patterns , 2016, 2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC).

[30]  Christian Kreiner,et al.  An analytical study of security patterns , 2016, EuroPLoP.

[31]  Yujian Fu,et al.  Modeling and Analyzing Security Patterns Using High Level Petri Nets , 2016, SEKE.

[32]  Young B. Park,et al.  Adaption of Integrated Secure Guide for Secure Software Development Lifecycle , 2016 .

[33]  Hironori Washizaki,et al.  Implementation Support of Security Design Patterns Using Test Templates , 2016, Inf..

[34]  Atsuo Hazeyama,et al.  A Metamodel for Security and Privacy Knowledge in Cloud Services , 2016, 2016 IEEE World Congress on Services (SERVICES).

[35]  Joseph P. Near,et al.  Finding Security Bugs in Web Applications Using a Catalog of Access Control Patterns , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[36]  Roger R. Schell,et al.  Using Proven Reference Monitor Patterns for Security Evaluation , 2016, Inf..

[37]  Eduardo B. Fernández,et al.  Modeling and Security in Cloud Ecosystems , 2016, Future Internet.

[38]  Eduardo B. Fernández Building Secure Cloud Architectures Using Patterns , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).

[39]  Hongji Yang,et al.  An ontology-based approach to security pattern selection , 2016, International Journal of Automation and Computing.

[40]  Rahma Bouaziz,et al.  SCRIStUDIO: A security pattern integration tool , 2016, 2016 International Conference on Information Technology for Organizations Development (IT4OD).

[41]  Eduardo B. Fernández Preventing and unifying threats in cyberphysical systems , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[42]  Hyoungshick Kim,et al.  Threat Assessment in the Cloud Environment: A Quantitative Approach for Security Pattern Selection , 2016, IMCOM.

[43]  Michael Frankfurter Integrating Security And Software Engineering Advances And Future Visions , 2016 .

[44]  Jean-Michel Bruel,et al.  Towards the integration of security patterns in UML component-based applications , 2016, PAME/VOLT@MODELS.

[45]  Marite Kirikova,et al.  Towards Continuous Information Security Audit , 2016, REFSQ Workshops.

[46]  Brahim Hamid,et al.  Security patterns modeling and formalization for pattern-based development of secure software systems , 2015, Innovations in Systems and Software Engineering.

[47]  Raimundas Matulevicius,et al.  Pattern-Based Security Requirements Derivation from Secure Tropos Models , 2015, PoEM.

[48]  Raimundas Matulevicius,et al.  An Experience Report of Improving Business Process Compliance Using Security Risk-Oriented Patterns , 2015, PoEM.

[49]  Eduardo B. Fernández,et al.  Security solution frames and security patterns for authorization in distributed, collaborative systems , 2015, Comput. Secur..

[50]  Eduardo B. Fernandez,et al.  Systematic mapping of security patterns research , 2015 .

[51]  Natasa Zivic,et al.  Secure Design Patterns for Security in Smart Metering Systems , 2015, 2015 IEEE European Modelling Symposium (EMS).

[52]  Liming Zhu,et al.  Building Secure Applications Using Pattern-Based Design Fragments , 2015, 2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW).

[53]  Eduardo B. Fernández,et al.  Revisiting Architectural Tactics for Security , 2015, ECSA.

[54]  Liming Zhu,et al.  Composing Patterns to Construct Secure Systems , 2015, 2015 11th European Dependable Computing Conference (EDCC).

[55]  Eduardo B. Fernández,et al.  Patterns for security and privacy in cloud ecosystems , 2015, 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE).

[56]  Jungwoo Ryoo,et al.  Securing Web Applications with Better "Patches": An Architectural Approach for Systematic Input Validation with Security Patterns , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[57]  Jungwoo Ryoo,et al.  Addressing Security Challenges in Cloud Computing — A Pattern-Based Approach , 2015, 2015 1st International Conference on Software Security and Assurance (ICSSA).

[58]  Eduardo B. Fernández,et al.  Towards compliant reference architectures by finding analogies and overlaps in compliance regulations , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[59]  Michaela Bunke,et al.  Software-security patterns: degree of maturity , 2015, EuroPLoP.

[60]  Jean-Michel Bruel,et al.  Guiding the selection of security patterns based on security requirements and pattern classification , 2015, EuroPLoP.

[61]  Slim Kammoun,et al.  A Decision Support Map for Security Patterns Application , 2015, ICCSA.

[62]  Amnon H. Eden,et al.  Conformance checking of single access point pattern in JAAS using codecharts , 2015, 2015 World Congress on Information Technology and Computer Applications (WCITCA).

[63]  Catarina Ferreira Da Silva,et al.  Context-aware Security@run.time Deployment , 2015, CLOSER.

[64]  Wouter Joosen,et al.  Do Security Patterns Really Help Designers? , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[65]  Hironori Washizaki,et al.  TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[66]  John Mylopoulos,et al.  Analyzing and Enforcing Security Mechanisms on Requirements Specifications , 2015, REFSQ.

[67]  Nakornthip Prompoon,et al.  A Method for Web Security Context Patterns Development from User Interface Guidelines Based on Structural and Textual Analysis , 2015 .

[68]  Lyazzat Atymtayeva,et al.  Improvement of Security Patterns strategy for Information Security Audit Applications , 2015, BMSD 2015.

[69]  Eduardo B. Fernández,et al.  A comprehensive pattern-oriented approach to engineering security methodologies , 2015, Inf. Softw. Technol..

[70]  Bernard Coulette,et al.  C-SCRIP: Collaborative Security Pattern Integration Process , 2015, Int. J. Inf. Technol. Web Eng..

[71]  Eduardo B. Fernández,et al.  Building a security reference architecture for cloud systems , 2016, Requirements Engineering.

[72]  Eduardo B. Fernandez,et al.  A Comprehensive Pattern-Driven Security Methodology for Distributed Systems , 2014, 2014 23rd Australian Software Engineering Conference.

[73]  Sebastian Abeck,et al.  Attack Surface Reduction for Web Services based on Authorization Patterns , 2014, SECURWARE 2014.

[74]  John Mylopoulos,et al.  Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models , 2014, PoEM.

[75]  Eduardo B. Fernández,et al.  Enterprise security pattern: a new type of security pattern , 2014, Secur. Commun. Networks.

[76]  Xuan Wang,et al.  A framework for security driven software evolution , 2014, 2014 20th International Conference on Automation and Computing.

[77]  Takao Okubo,et al.  Threat and countermeasure patterns for cloud computing , 2014, 2014 IEEE 4th International Workshop on Requirements Patterns (RePa).

[78]  Maritta Heisel,et al.  Towards Developing Secure Software Using Problem-Oriented Security Patterns , 2014, CD-ARES.

[79]  Hironori Washizaki,et al.  Verifying Implementation of Security Design Patterns Using a Test Template , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[80]  Rick Kazman,et al.  Vulnerability-Based Security Pattern Categorization in Search of Missing Patterns , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[81]  Jacques Klein,et al.  Model-Driven Security with A System of Aspect-Oriented Security Design Patterns , 2014, VAO '14.

[82]  Maritta Heisel,et al.  Problem-oriented security patterns for requirements engineering , 2014, EuroPLoP.

[83]  Eladio Domínguez,et al.  The history-based authentication pattern , 2014, EuroPLoP '14.

[84]  Michaela Bunke,et al.  On the description of software security patterns , 2014, EuroPLoP.

[85]  Atsuo Hazeyama,et al.  Preliminary Evaluation of a Software Security Learning Environment , 2014, Int. J. Softw. Innov..

[86]  Slim Kallel,et al.  An Approach for Security Patterns Application in Component Based Models , 2014, ICCSA.

[87]  Aamir Shahzad,et al.  The Security Survey and Anaylsis on supervisory control and Data Acquisition Communication , 2014, J. Comput. Sci..

[88]  Slim Kallel,et al.  A Collaborative Process for Developing Secure Component Based Applications , 2014, 2014 IEEE 23rd International WETICE Conference.

[89]  Jennifer Horkoff,et al.  Dealing with Security Requirements for Socio-Technical Systems: A Holistic Approach , 2014, CAiSE.

[90]  Eduardo B. Fernández,et al.  Enterprise security pattern: A model-driven architecture instance , 2014, Comput. Stand. Interfaces.

[91]  Marcos Arjona,et al.  A security engineering process for systems of systems using security patterns , 2014, 2014 IEEE International Systems Conference Proceedings.

[92]  Eduardo B. Fernández,et al.  ASE: A comprehensive pattern-driven security methodology for distributed systems , 2014, Comput. Stand. Interfaces.

[93]  Jan de Muijnck-Hughes,et al.  Security Pattern Evaluation , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[94]  Amnon H. Eden,et al.  Structural Analysis of the Check Point Pattern , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[95]  Benjamin Aziz,et al.  Using Security Patterns for Modelling Security Capabilities in Grid Systems , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[96]  Eduardo B. Fernández,et al.  A security reference architecture for cloud systems , 2014, WICSA '14 Companion.

[97]  Tony Gorschek,et al.  A taxonomy for requirements engineering and software test alignment , 2014, ACM Trans. Softw. Eng. Methodol..

[98]  Brahim Hamid,et al.  A Modeling and Formal Approach for the Precise Specification of Security Patterns , 2014, ESSoS.

[99]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[100]  Eduardo B. Fernández,et al.  An exploratory comparison of security patterns and tactics to harden systems , 2014, CIbSE.

[101]  David Hutchison,et al.  Management Patterns for Network Resilience: Design and Verification of Policy Configurations , 2014, Cyberpatterns.

[102]  Ian Bayley Challenges for a Formal Framework for Patterns , 2014, Cyberpatterns.

[103]  Clive Blackwell Towards a Conceptual Framework for Security Patterns , 2014, Cyberpatterns.

[104]  Cyberpatterns, Unifying Design Patterns with Security and Attack Patterns , 2014 .

[105]  Shamal Faily,et al.  Evaluating the Implications of Attack and Security Patterns with Premortems , 2014, Cyberpatterns.

[106]  Eduardo B. Fernández,et al.  Abstract security patterns for requirements specification and analysis of secure systems , 2014, WER.

[107]  John Mylopoulos,et al.  Modeling and Applying Security Patterns Using Contextual Goal Models , 2014, iStar.

[108]  Shuichiro Yamamoto,et al.  Identifying and Implementing Security Patterns for a Dependable Security Case -- From Security Patterns to D-Case , 2013, 2013 IEEE 16th International Conference on Computational Science and Engineering.

[109]  Marcos Arjona,et al.  Secure Engineering and Modelling of a Metering Devices System , 2013, 2013 International Conference on Availability, Reliability and Security.

[110]  Hironori Washizaki,et al.  Validating Security Design Patterns Application Using Model Testing , 2013, 2013 International Conference on Availability, Reliability and Security.

[111]  Slim Kallel,et al.  An Engineering Process for Security Patterns Application in Component Based Models , 2013, 2013 Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[112]  Raimundas Matulevicius,et al.  A taxonomy for assessing security in business process modelling , 2013, IEEE 7th International Conference on Research Challenges in Information Science (RCIS).

[113]  Nakornthip Prompoon,et al.  Framwork for information security standards storage and retrieval using security patterns , 2013, 2013 IEEE 4th International Conference on Software Engineering and Service Science.

[114]  Paul Rimba,et al.  Building high assurance secure applications using security patterns for capability-based platforms , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[115]  Gordhan Das Menghwar,et al.  Security modeling for service-oriented systems using security pattern refinement approach , 2012, Software & Systems Modeling.

[116]  Claes Wohlin,et al.  An empirically based terminology and taxonomy for global software engineering , 2014, Empirical Software Engineering.

[117]  Bernard Coulette,et al.  Applying Security Patterns for Component Based Applications Using UML Profile , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[118]  Robin A. Gandhi,et al.  Early security patterns: A collection of constraints to describe regulatory security requirements , 2012, 2012 Second IEEE International Workshop on Requirements Patterns (RePa).

[119]  Hui Shen,et al.  Characterizations and boundaries of security requirements patterns , 2012, 2012 Second IEEE International Workshop on Requirements Patterns (RePa).

[120]  Bernard Coulette,et al.  Secure Component Based Applications through Security Patterns , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[121]  Munawar Hafiz,et al.  The nature of order: from security patterns to a pattern language , 2012, SPLASH '12.

[122]  Ralph E. Johnson,et al.  Growing a pattern language (for security) , 2012, Onward! 2012.

[123]  G. Mathew Elements of application security in the cloud computing environment , 2012, 2012 IEEE Conference on Open Systems.

[124]  Peretz Shoval,et al.  Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment , 2012, Inf. Softw. Technol..

[125]  Tayana Conte,et al.  Systematic Literature Reviews in Distributed Software Development: A Tertiary Study , 2012, 2012 IEEE Seventh International Conference on Global Software Engineering.

[126]  Mohammad Zulkernine,et al.  A Comparative Study of Software Security Pattern Classifications , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[127]  Wouter Joosen,et al.  Reusable Formal Models for Secure Software Architectures , 2012, 2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture.

[128]  Sebastian Abeck,et al.  Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework , 2012, SECURWARE 2012.

[129]  Atsuo Hazeyama,et al.  Survey on Body of Knowledge Regarding Software Security , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[130]  Eduardo B. Fernández,et al.  Securing distributed systems using patterns: A survey , 2012, Comput. Secur..

[131]  Jan de Muijnck-Hughes,et al.  Thinking Towards a Pattern Language for Predicate Based Encryption Crypto-Systems , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability Companion.

[132]  Peter Herrmann,et al.  Behavioral Singletons to Consistently Handle Global States of Security Patterns , 2012, DAIS.

[133]  Wouter Joosen,et al.  Does organizing security patterns focus architectural choices? , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[134]  Bashar Nuseibeh,et al.  An Aspect-Oriented Approach to Relating Security Requirements and Access Control , 2012, CAiSE Forum.

[135]  Peretz Shoval,et al.  A methodology for integrating access control policies within database development , 2012, Comput. Secur..

[136]  Crystal Edge,et al.  Improving security design patterns with aspect-oriented strategies , 2012, ACM-SE '12.

[137]  Rafael M. Gasca,et al.  A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[138]  Eduardo B. Fernández,et al.  Engineering Security into Distributed Systems: A Survey of Methodologies , 2012, J. Univers. Comput. Sci..

[139]  Eduardo Fernández-Medina,et al.  Security Pattern Mining: Systematic Review and Proposal , 2018, WOSIS.

[140]  Mohammad Zulkernine,et al.  A Natural Classification Scheme for Software Security Patterns , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[141]  Dániel Varró,et al.  SeCMER: A Tool to Gain Control of Security Requirements Evolution , 2011, ServiceWave.

[142]  Ruth Breu,et al.  Enhancing Model Driven Security through Pattern Refinement Techniques , 2011, FMCO.

[143]  Antonio Maña,et al.  Facilitating the Use of TPM Technologies Using the Serenity Framework , 2011, ATC.

[144]  Marco Ramilli,et al.  Exploring Information Security Issues in Public Sector Inter-organizational Collaboration , 2011, EGOV.

[145]  Nobukazu Yoshioka,et al.  Effective Security Impact Analysis with Patterns for Software Enhancement , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[146]  Eduardo B. Fernández,et al.  An Approach to Model-based Development of Secure and Reliable Systems , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[147]  Christoph Meinel,et al.  Automated Security Service Orchestration for the Identity Management in Web Service Based Systems , 2011, 2011 IEEE International Conference on Web Services.

[148]  Javier Garzás,et al.  Analysis of Application of Security Patterns to Build Secure Systems , 2011, CAiSE Workshops.

[149]  John Mylopoulos,et al.  Modeling Design Patterns with Description Logics: A Case Study , 2011, CAiSE.

[150]  Peretz Shoval,et al.  A Pattern Based Approach for Secure Database Design , 2011, CAiSE Workshops.

[151]  Brahim Hamid,et al.  Towards a Better Integration of Patterns in Secure Component-Based Systems Design , 2011, ICCSA.

[152]  Jan Jürjens,et al.  Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec , 2011, CAiSE.

[153]  Ralph E. Johnson,et al.  Patterns Transform Architectures , 2011, 2011 Ninth Working IEEE/IFIP Conference on Software Architecture.

[154]  Dániel Varró,et al.  A Tool for Managing Evolving Security Requirements , 2011, CAiSE Forum.

[155]  Mathaya Ratchakom,et al.  A process model design and tool support for information assets access control using security patterns , 2011, 2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE).

[156]  Dan Thomsen,et al.  Practical policy patterns , 2011, CODASPY '11.

[157]  Sanjay Kumar Jena,et al.  Evaluation of web application security risks and secure design patterns , 2011, ICCCS '11.

[158]  Thomas Heyman,et al.  The Security Twin Peaks , 2011, ESSoS.

[159]  Karsten Sohr,et al.  An Architecture-Centric Approach to Detecting Security Patterns in Software , 2011, ESSoS.

[160]  Azzam Mourad,et al.  New Approach Targeting Security Patterns Development and Deployment , 2011, Inf. Secur. J. A Glob. Perspect..

[161]  Javier Garzás,et al.  Towards a Pattern-based Security Methodology to Build Secure Information Systems , 2011, WOSIS.

[162]  Rosana Wagner,et al.  Using Security Patterns to Tailor Software Process , 2011, SEKE.

[163]  Jan Jürjens,et al.  Using Security Patterns to Develop Secure Systems , 2011 .

[164]  Rick Dove,et al.  Pattern qualifications and examples of next-generation agile system-security strategies , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[165]  Bashar Nuseibeh,et al.  Security patterns: comparing modeling approaches , 2010 .

[166]  Eduardo B. Fernández,et al.  Building Secure Systems: From Threats to Security Patterns , 2010, 2010 XXIX International Conference of the Chilean Computer Science Society.

[167]  Javier Garzás,et al.  Applicability of Security Patterns , 2010, OTM Conferences.

[168]  Azzam Mourad,et al.  A Novel Approach for the Development and Deployment of Security Patterns , 2010, 2010 IEEE Second International Conference on Social Computing.

[169]  Dejan Simic,et al.  Extended Software Architecture Based on Security Patterns , 2010, Informatica.

[170]  Eduardo B. Fernández,et al.  Measuring the Level of Security Introduced by Security Patterns , 2010, 2010 International Conference on Availability, Reliability and Security.

[171]  Eduardo B. Fernández,et al.  Refining the Pattern-Based Reference Model for Electronic Invoices by Incorporating Threats , 2010, 2010 International Conference on Availability, Reliability and Security.

[172]  Hironori Washizaki,et al.  Model-Driven Security Patterns Application Based on Dependences among Patterns , 2010, 2010 International Conference on Availability, Reliability and Security.

[173]  Jing Dong,et al.  Automated verification of security pattern compositions , 2010, Inf. Softw. Technol..

[174]  Eduardo B. Fernández,et al.  Designing Secure SCADA Systems Using Security Patterns , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[175]  Rick Kazman,et al.  A Methodology for Mining Security Tactics from Security Patterns , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[176]  Sheng Wen,et al.  Advances in Information Security , 2010 .

[177]  Saeed Jalili,et al.  Selecting Proper Security Patterns Using Text Classification , 2009, 2009 International Conference on Computational Intelligence and Software Engineering.

[178]  Eduardo Fernández-Medina,et al.  The practical application of a process for eliciting and designing security in web service systems , 2009, Inf. Softw. Technol..

[179]  Christoph Meinel,et al.  A pattern-driven security advisor for service-oriented architectures , 2009, SWS '09.

[180]  Alexander Chatzigeorgiou,et al.  Moving from Requirements to Design Confronting Security Issues: A Case Study , 2009, OTM Conferences.

[181]  Muhammad Ali Babar,et al.  Systematic literature reviews in software engineering: Preliminary results from interviews with researchers , 2009, 2009 3rd International Symposium on Empirical Software Engineering and Measurement.

[182]  Leandro Antonelli,et al.  Embedding Security Patterns into a Domain Model , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[183]  Michael Netter,et al.  Integrating Security Patterns into the Electronic Invoicing Process , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[184]  Eduardo B. Fernández,et al.  Improving the Classification of Security Patterns , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[185]  Carsten Rudolph,et al.  Towards a Generic Process for Security Pattern Integration , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[186]  Lingyu Wang,et al.  An Aspect-Oriented Approach for Software Security Hardening : from Design to Implementation Conference , 2010 .

[187]  William H. Allen,et al.  The ISDF Framework: Integrating Security Patterns and Best Practices , 2009 .

[188]  Azzedine Benameur,et al.  A Pattern-Based General Security Framework: An eBusiness Case Study , 2009, 2009 11th IEEE International Conference on High Performance Computing and Communications.

[189]  Daniel Serrano,et al.  Development of Applications Based on Security Patterns , 2009, 2009 Second International Conference on Dependability.

[190]  George Spanoudakis,et al.  Security and Dependability for Ambient Intelligence , 2009, Security and Dependability for Ambient Intelligence.

[191]  Jie Wu,et al.  On building secure SCADA systems using security patterns , 2009, CSIIRW '09.

[192]  Eduardo B. Fernández,et al.  Modeling Misuse Patterns , 2009, 2009 International Conference on Availability, Reliability and Security.

[193]  Christoph Meinel,et al.  Security Requirements Specification in Service-Oriented Business Process Management , 2009, 2009 International Conference on Availability, Reliability and Security.

[194]  Cristian Rusu,et al.  Usability and Security Patterns , 2009, 2009 Second International Conferences on Advances in Computer-Human Interactions.

[195]  Tomaz Klobucar,et al.  Technical Patterns for Long Term Trusted Archiving , 2009, 2009 Third International Conference on Digital Society.

[196]  Antonio Maña,et al.  An Architecture for Secure Ambient Intelligence Environments , 2009 .

[197]  Eduardo B. Fernández Security Patterns and A Methodology to Apply them , 2009, Security and Dependability for Ambient Intelligence.

[198]  Antonio Maña,et al.  SERENITY Aware System Development Process , 2009, Security and Dependability for Ambient Intelligence.

[199]  Daniel Serrano,et al.  Security and Dependability in Ambient Intelligence Scenarios - The Communication Prototype , 2009, ICEIS.

[200]  Eduardo B. Fernández,et al.  A Multi-Dimensional Classification for Users of Security Patterns , 2008, J. Res. Pract. Inf. Technol..

[201]  Pearl Brereton,et al.  Systematic literature reviews in software engineering - A systematic literature review , 2009, Inf. Softw. Technol..

[202]  Sylvain Giroux,et al.  Enforcing Security in Smart Homes using Security Patterns , 2009 .

[203]  Xiaohong Li,et al.  An Attack Scenario Based Approach for Software Security Testing at Design Stage , 2008, 2008 International Symposium on Computer Science and Computational Technology.

[204]  Sylvain Giroux,et al.  Achieving Socio-technical Confidentiality Using Security Pattern in Smart Homes , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[205]  K. Subramanian,et al.  Wireless information security system via role based access control pattern use case design , 2008, 2008 International Conference on Computing, Communication and Networking.

[206]  Ralph E. Johnson,et al.  Evolution of the MTA architecture: the impact of security , 2008, Softw. Pract. Exp..

[207]  Yan Tang,et al.  Defining Re-usable Composite Aspect Patterns: An FDAF Based Approach , 2008, OTM Workshops.

[208]  Yijun Yu,et al.  Enforcing a security pattern in stakeholder goal models , 2008, QoP '08.

[209]  Hironori Washizaki,et al.  Abstract security patterns , 2008 .

[210]  Hidehiko Tanaka,et al.  Web security patterns for analysis and design , 2008, PLoP '08.

[211]  Eduardo B. Fernández,et al.  Patterns and Pattern Diagrams for Access Control , 2008, TrustBus.

[212]  Emmanuel Coquery,et al.  An Ontological Interface for Software Developers to Select Security Patterns , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[213]  Antonio Maña,et al.  Towards Precise Security Patterns , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[214]  Shyamanta M. Hazarika,et al.  Security Pattern Lattice: A Formal Model to Organize Security Patterns , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[215]  Eduardo B. Fernández,et al.  Eliciting Security Requirements through Misuse Activities , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[216]  Antonio Maña,et al.  SERENITY Pattern-Based Software Development Life-Cycle , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[217]  Annett Laube,et al.  Security Patterns for Capturing Encryption-Based Access Control to Sensor Data , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[218]  Alexander Chatzigeorgiou,et al.  Architectural Risk Analysis of Software Systems Based on Security Patterns , 2008, IEEE Transactions on Dependable and Secure Computing.

[219]  Till Dörges,et al.  From security patterns to implementation using petri nets , 2008, SESS '08.

[220]  Theodore Tryfonas,et al.  Standardising business application security assessments with pattern-driven audit automations , 2008, Comput. Stand. Interfaces.

[221]  Mourad Debbabi,et al.  An aspect-oriented approach for the systematic security hardening of code , 2008, Comput. Secur..

[222]  Eduardo B. Fernández,et al.  Classifying Security Patterns , 2008, APWeb.

[223]  Theodore Tryfonas,et al.  Security Patterns for Automated Continuous Auditing , 2008, Inf. Secur. J. A Glob. Perspect..

[224]  Eduardo B. Fernández,et al.  A Pattern-Driven Security Process for SOA Applications , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[225]  Wouter Joosen,et al.  Using Security Patterns to Combine Security Metrics , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[226]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[227]  Oguz Dikenelli,et al.  A Semantic Based Certification and Access Control Approach Using Security Patterns on SEAGENT , 2008, SEKE.

[228]  Nakornthip Prompoon,et al.  Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[229]  Jing Dong,et al.  Model Checking Security Pattern Compositions , 2007, Seventh International Conference on Quality Software (QSIC 2007).

[230]  Philip Robinson,et al.  Extensible Security Patterns , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[231]  Mario Piattini,et al.  Defining Security Architectural Patterns Based on Viewpoints , 2007, ICCSA.

[232]  S M Tawfiq Barhoom,et al.  XML Context`s Security Patterns Language: Description and Syntax , 2007 .

[233]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[234]  Thomas Heyman,et al.  An Analysis of the Security Patterns Landscape , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[235]  Eduardo B. Fernández,et al.  Security patterns and secure systems design , 2007, ACM-SE 45.

[236]  Xiaohong Yuan,et al.  Securing analysis patterns , 2007, ACM-SE 45.

[237]  Michael Weiss,et al.  Modelling Security Patterns Using NFR Analysis , 2007 .

[238]  Alexander Chatzigeorgiou,et al.  Quantitative Evaluation of Systems with Security Patterns Using a Fuzzy Approach , 2006, OTM Workshops.

[239]  Jason Hong,et al.  Privacy patterns for online interactions , 2006, PLoP '06.

[240]  E. Fernández,et al.  The credentials pattern , 2006, PLoP '06.

[241]  Mario Piattini,et al.  Security patterns and requirements for internet-based applications , 2006, Internet Res..

[242]  Ruth Breu,et al.  Sectet: an extensible framework for the realization of secure inter-organizational workflows , 2006, Internet Res..

[243]  Ruth Breu,et al.  Towards a MOF/QVT-Based domain architecture for model driven security , 2006, MoDELS'06.

[244]  Stefanos Gritzalis,et al.  A Framework for Exploiting Security Expertise in Application Development , 2006, TrustBus.

[245]  Alexander Chatzigeorgiou,et al.  A qualitative analysis of software security patterns , 2006, Comput. Secur..

[246]  Michael Weiss,et al.  Modeling Secure Systems Using an Agent-oriented Approach and Security Patterns , 2006, Int. J. Softw. Eng. Knowl. Eng..

[247]  Mourad Debbabi,et al.  Security Design Patterns: Survey and Evaluation , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[248]  Mario Piattini,et al.  A study of security architectural patterns , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[249]  Eduardo B. Fernández,et al.  Using Patterns to Understand and Compare Web Services Security Products and Standards , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[250]  Lirong Dai,et al.  Modeling and performance analysis for security aspects , 2006, Sci. Comput. Program..

[251]  Francisco Sánchez-Cid,et al.  Software Engineering Techniques Applied to AmI: Security Patterns , 2006 .

[252]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[253]  Mario Piattini,et al.  Defining Viewpoints for Security Architectural Patterns , 2006, SECRYPT.

[254]  Michael Weiss,et al.  Security Patterns Meet Agent Oriented Software Engineering: A Complementary Solution for Developing Secure Information Systems , 2005, ER.

[255]  Ruth Breu,et al.  Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0 , 2005, MoDELS'05.

[256]  Xiaowen Wang,et al.  Supporting Security Sensitive Architecture Design , 2005, QoSA/SOQUA.

[257]  Eduardo B. Fernandez,et al.  Using Uml And Security Patterns To Teach Secure Systems Design , 2005 .

[258]  Eduardo B. Fernández,et al.  A UML-Based Methodology for Secure Systems: The Design Stage , 2005, WOSIS.

[259]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[260]  Shinichi Honiden,et al.  Security patterns: a method for constructing secure and efficient inter-company coordination systems , 2004, Proceedings. Eighth IEEE International Enterprise Distributed Object Computing Conference, 2004. EDOC 2004..

[261]  Gwan-Hwan Hwang,et al.  An operational model and language support for securing XML documents , 2004, Comput. Secur..

[262]  Michiaki Tatsubori,et al.  Best-practice patterns and tool support for configuring secure Web services messaging , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[263]  Krzysztof Czarnecki,et al.  Classification of Model Transformation Approaches , 2003 .

[264]  Robert L. Glass,et al.  Sorting out software complexity , 2002, CACM.

[265]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .