Classifying Security Patterns

Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. In addition to their value for new system design, security patterns are useful to evaluate existing systems. They are also useful to compare security standards and to verify that products comply with some standard. A variety of security patterns has been developed for the construction of secure systems and catalogs of them are appearing. However, catalogs of patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. We discuss here several ways to classify patterns. We show a way to use these classifications through pattern diagrams where a designer can navigate to perform her pattern selection.

[1]  Ralph Johnson,et al.  Security Patterns and their Classification Schemes , 2006 .

[2]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture , 1996 .

[3]  Eduardo B. Fernández,et al.  Attack Patterns: A New Forensic and Design Tool , 2007, IFIP Int. Conf. Digital Forensics.

[4]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[5]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[6]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[7]  B. Cheng,et al.  Security Patterns , 2003 .

[8]  Uwe Zdun,et al.  Architectural Patterns Revisited - A Pattern , 2005 .

[9]  Eduardo B. Fernandez,et al.  Even more patterns for secure operating systems , 2006, PLoP '06.

[10]  Antonio Maña,et al.  Integrando la ingeniería de seguridad en un proceso de ingeniería de software , 2004 .

[11]  Eduardo B. Fernández,et al.  Using Patterns to Understand and Compare Web Services Security Products and Standards , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[12]  Uwe Zdun,et al.  Architectural Patterns Revisited - A Pattern Language , 2005, EuroPLoP.

[13]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[14]  Maritta Heisel,et al.  A Security Engineering Process based on Patterns , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[15]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[16]  Indrakshi Ray,et al.  An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[17]  Martin Fowler,et al.  Analysis patterns - reusable object models , 1996, Addison-Wesley series in object-oriented software engineering.

[18]  Eduardo B. Fernandez,et al.  Patterns for session-based access control , 2006, PLoP '06.

[19]  Atsuhiro Takasu,et al.  Extracting Relations among Embedded Software Design Patterns , 2005, Trans. SDPS.

[20]  Hironori Washizaki,et al.  A metric for measuring the abstraction level of design patterns , 2007, PLOP '07.

[21]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[22]  Jaime Muñoz Arteaga,et al.  A classification of security patterns for the transactions between a requester, an intermediary, and a web-service , 2006, Communication, Network, and Information Security.

[23]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[24]  E.B. Fernandez,et al.  A Pattern Language for Identity Management , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[25]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .