A survey on security patterns

Security has become an important topic for many software systems. Security patterns are reusable solutions to security problems. Although many security patterns and techniques for using them have been proposed, it is still difficult to adapt security patterns to each phase of software development. This paper provides a survey of approaches to security patterns. As a result of classifying these approaches, a direction for the integration and future research topics is illustrated.

[1]  Alexander Chatzigeorgiou,et al.  A Qualitative Evaluation of Security Patterns , 2004, ICICS.

[2]  Thomas Heyman,et al.  An Analysis of the Security Patterns Landscape , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[3]  Douglas C. Schmidt,et al.  Pattern Oriented Software Architecture: On Patterns and Pattern Languages (Wiley Software Patterns Series) , 2007 .

[4]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[5]  Eduardo B. Fernández,et al.  Security Patterns for Voice over IP Networks , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[6]  Miroslav Kis Information Security Antipatterns in Software Requirements Engineering , 2002 .

[7]  Nagoya,et al.  Proceedings 1st International Workshop on Software Patterns and Quality (spaqu'07) Proceedings 1st International Workshop on Software Patterns and Quality (spaqu'07) Workshop Organizers (program Co-chairs) Program Committee Linda Rising, Independent Consultant External Reviewers International Worksh , 2022 .

[8]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[9]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[10]  James A. Whittaker,et al.  How to Break Software Security , 2003 .

[11]  Maritta Heisel,et al.  A Pattern System for Security Requirements Engineering , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[12]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[13]  Michael Weiss,et al.  Modeling Secure Systems Using an Agent-oriented Approach and Security Patterns , 2006, Int. J. Softw. Eng. Knowl. Eng..

[14]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[15]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[16]  K. Supaporn,et al.  An Approach : Constructing the Grammar from Security Pattern , 2007 .

[17]  Annie I. Antón,et al.  Misuse and Abuse Cases : Getting Past the Positive , 2022 .

[18]  Munawar Hafiz Secure Pre-forking - A Pattern for Performance and Security , 2005 .

[19]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[20]  Christopher Alexander,et al.  The Timeless Way of Building , 1979 .

[21]  Michael Kifer,et al.  Logical foundations of object-oriented and frame-based languages , 1995, JACM.

[22]  David A. Wheeler,et al.  Secure Programming for Linux and Unix HOWTO , 2003 .

[23]  Elfriede Dustin,et al.  The Art of Software Security Testing: Identifying Software Security Flaws , 2006 .

[24]  Maritta Heisel,et al.  A Security Engineering Process based on Patterns , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[25]  Shihong Huang,et al.  Defining Security Requirements Through Misuse Actions , 2006, IFIP Workshop on Advanced Software Engineering.

[26]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture Volume 1: A System of Patterns , 1996 .

[27]  Michael A. Jackson,et al.  Problem Frames - Analysing and Structuring Software Development Problems , 2000 .

[28]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[29]  Marek Vokác Defect frequency and design patterns: an empirical study of industrial code , 2004, IEEE Transactions on Software Engineering.

[30]  Eduardo B. Fernández,et al.  Securing the Broker Pattern , 2006, EuroPLoP.

[31]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[32]  Indrakshi Ray,et al.  Using aspects to design a secure system , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[33]  Shinichi Honiden,et al.  Security patterns: a method for constructing secure and efficient inter-company coordination systems , 2004, Proceedings. Eighth IEEE International Enterprise Distributed Object Computing Conference, 2004. EDOC 2004..

[34]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[35]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[36]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[37]  Jason Hong,et al.  Privacy patterns for online interactions , 2006, PLoP '06.

[38]  David LeBlanc,et al.  Writing Secure Code , 2001 .

[39]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[40]  Indrakshi Ray,et al.  An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[41]  John Crupi,et al.  Core J2EE Patterns: Best Practices and Design Strategies , 2001 .

[42]  Joshua Kerievsky,et al.  Refactoring to Patterns , 2004, XP/Agile Universe.

[43]  John Viega,et al.  Secure programming cookbook for C and C , 2003 .

[44]  Robert C. Seacord,et al.  Secure coding in C and C , 2005 .

[45]  William F. Opdyke,et al.  Refactoring object-oriented frameworks , 1992 .

[46]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[47]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[48]  Gary McGraw,et al.  Statically Scanning Java Code: Finding Security Vulnerabilities , 2000, IEEE Software.

[49]  Katsuhisa Maruyama Secure Refactoring - Improving the Security Level of Existing Code , 2007, ICSOFT.

[50]  Mario Piattini,et al.  Security Patterns Related to Security Requirements , 2006, WOSIS.

[51]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[52]  Atsuhiro Takasu,et al.  Extracting Relations among Embedded Software Design Patterns , 2005, Trans. SDPS.

[53]  Michael Weiss,et al.  Modelling Security Patterns Using NFR Analysis , 2007 .

[54]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[55]  Bashar Nuseibeh,et al.  Analysing Security Threats and Vulnerabilities Using Abuse Frames , 2003 .

[56]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[57]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[58]  B. Cheng,et al.  Security Patterns , 2003 .

[59]  Eduardo B. Fernandez,et al.  Even more patterns for secure operating systems , 2006, PLoP '06.

[60]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[61]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .

[62]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[63]  Maritta Heisel,et al.  Security Engineering Using Problem Frames , 2006, ETRICS.