Should we use tactics or patterns to build secure systems

Quality attributes are the hardest aspect of designing software architectures. Security has become one of the most important of them. Software architecture textbooks and literature imply that we can build secure systems by adding tactics, which are defined as measures to improve quality factors, to the system architecture. We believe that security must be applied throughout the complete lifecycle and that working with architectures is not enough. To prove our point we consider our own secure systems methodology as an example of an approach based on security patterns where security is applied from the requirements stage.

[1]  Joseph W. Yoder,et al.  Big Ball of Mud , 1997 .

[2]  Rick Kazman,et al.  A Methodology for Mining Security Tactics from Security Patterns , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[3]  Eduardo B. Fernández,et al.  Engineering Security into Distributed Systems: A Survey of Methodologies , 2012, J. Univers. Comput. Sci..

[4]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[5]  Shihong Huang,et al.  Defining Security Requirements Through Misuse Actions , 2006, IFIP Workshop on Advanced Software Engineering.

[6]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[7]  Uwe Zdun,et al.  On the impact of fault tolerance tactics on architecture patterns , 2010, SERENE.

[8]  Hernán Astudillo,et al.  Explicit Architectural Policies to Satisfy NFRs Using COTS , 2005, MoDELS Satellite Events.

[9]  Neil B. Harrison,et al.  Leveraging Architecture Patterns to Satisfy Quality Attributes , 2007, ECSA.

[10]  Eduardo B. Fernández,et al.  Measuring the Level of Security Introduced by Security Patterns , 2010, 2010 International Conference on Availability, Reliability and Security.

[11]  Hamid Bagheri,et al.  A Formal Approach for Incorporating Architectural Tactics into the Software Architecture , 2011, SEKE.

[12]  Paul Clements,et al.  Software Architecture in Practice: Addison-Wesley , 1998 .

[13]  Ralph E. Johnson,et al.  Patterns Transform Architectures , 2011, 2011 Ninth Working IEEE/IFIP Conference on Software Architecture.

[14]  Lei Zhang,et al.  Towards Quality Based Solution Recommendation in Decision-Centric Architecture Design , 2011, SEKE.

[15]  Eduardo B. Fernández,et al.  A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[16]  Eduardo B. Fernández,et al.  Eliciting Security Requirements through Misuse Activities , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[17]  Jan Bosch,et al.  Software Architecture as a Set of Architectural Design Decisions , 2005, 5th Working IEEE/IFIP Conference on Software Architecture (WICSA'05).

[18]  Uwe Zdun,et al.  Using Patterns to Capture Architectural Decisions , 2007, IEEE Software.

[19]  Sooyong Park,et al.  Quality-driven architecture development using architectural tactics , 2009, J. Syst. Softw..

[20]  Neil B. Harrison,et al.  How do architecture patterns and tactics interact? A model and annotation , 2010, J. Syst. Softw..

[21]  Jane Cleland-Huang,et al.  A pattern system for tracing architectural concerns , 2011, PLoP '11.