Improving the Classification of Security Patterns

There are a large number of security patterns encapsulating reusable solutions to recurrent security problems. However, catalogs of security patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. There is a need to conduct more precise classifications of security patterns. We analyze here ways to represent security patterns using specialized models for their precise classification. We define two new types of models, one that describes how a security pattern relates to several classification dimensions (Dimension Graph), and another that describes how security patterns relate to each other (Pattern Graphs). We show these ideas with examples from security patterns.

[1]  Haralambos Mouratidis,et al.  Analysing Security in Information Systems , 2004 .

[2]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[3]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[4]  R. Califf,et al.  Health Insurance Portability and Accountability Act (HIPAA): must there be a trade-off between privacy and quality of health care, or can we advance both? , 2003, Circulation.

[5]  Eduardo B. Fernández,et al.  Classifying Security Patterns , 2008, APWeb.

[6]  Lynda L. McGhie,et al.  THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[7]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .

[8]  Mario Piattini,et al.  Security Patterns Related to Security Requirements , 2006, WOSIS.

[9]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[10]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[11]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture , 1996 .

[12]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3rd Edition) , 1997 .

[13]  Eduardo B. Fernández,et al.  A Multi-Dimensional Classification for Users of Security Patterns , 2008, J. Res. Pract. Inf. Technol..

[14]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .