Security Patterns and their Classification Schemes

Finding the appropriate pattern to solve a particular security problem is dicult because of the absence of a scientific classification scheme for security patterns. A suitable classification scheme helps ecient storage and retrieval of information, beneficial for both software pattern miners and pattern navigators. In this paper, we provide a survey of security patterns and evaluate various classification schemes for security patterns. Our proposed classification scheme uses security concepts to eciently partition the problem space, therefore solving the

[1]  Prashant Jain,et al.  Pattern Oriented Software Architecture: Patterns for Resource Management , 2007, 2007 Working IEEE/IFIP Conference on Software Architecture (WICSA'07).

[2]  Ricardo Dahab,et al.  Tropyc: A Pattern Language for Cryptographic Software , 1998 .

[3]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture , 1996 .

[4]  Jenifer Tidwell,et al.  Designing interfaces - patterns for effective interaction design , 2019 .

[5]  J. Hogg Web service security : scenarios, patterns, and implementation guidance for Web services enhancements (WSE) 3.0 , 2005 .

[6]  Murray Silverstein,et al.  A Pattern Language , 1977 .

[7]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[8]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[9]  Christopher J. Alberts,et al.  Managing Information Security Risks: The OCTAVE Approach , 2002 .

[10]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[11]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[12]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[13]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[14]  B. F. Castro Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .

[15]  M. Hafiz A collection of privacy design patterns , 2006, PLoP '06.

[16]  Eduardo B. Fernandez,et al.  The Authenticator Pattern , 1999 .

[17]  Kent L. Beck,et al.  Extreme programming explained - embrace change , 1990 .

[18]  Munawar Hafiz Secure Pre-forking - A Pattern for Performance and Security , 2005 .

[19]  Christopher Alexander,et al.  The Timeless Way of Building , 1979 .

[20]  Terry Bollinger,et al.  Information Assurance for Enterprise Engineering , 2002 .

[21]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[22]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[23]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[24]  Eduardo B. Fernández,et al.  More Patterns for Operating System Access Control , 2003, EuroPLoP.