Defining Security Architectural Patterns Based on Viewpoints

  • David G. Rosado
  • Carlos Gutiérrez
  • Eduardo Fernández-Medina
  • Mario Piattini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4707)


Recently, there has been a growing interest in identifying security patterns in software-intensive systems since they provide techniques for considering, detecting and solving security issues from the beginning of its development life-cycle. This paper describes how security architectural patterns lack of a comprehensive and complete well-structured documentation that conveys essential information of its logical structure, run-time behaviour, deployment-time and monitoring configuration, and so on. Thus we propose a set of security viewpoints to describe software-intensive security patterns adhered to ANSI/IEEE 1471-2000. In order to maximize comprehensibility, we make use of well-known language notations such as UML to represent all the necessary information for defining a software-intensive architectural security pattern conforming to the IEEE 1471-2000 standard. We investigate security architectural patterns from several IEEE 1471-2000 compliant viewpoints.


Software Architecture Security patterns viewpoints security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Steel, C., Nagappan, R., Lai, R.: Core Security Patterns, p. 1088. Prentice Hall, Englewood Cliffs (2005)Google Scholar
  2. 2.
    Bachmann, F., Bass, L., Clements, P., Garlan, D., Ivers, J., Little, R., Nord, R., Stafford, J.: Documenting Software Architectures: Organization of Documentation Package, Software Engineering Institute (2001)Google Scholar
  3. 3.
    Cheng, B.H.C., Konrad, S., Campbell, L.A., Wassermann, R.: Using Security Patterns to Model and Analyze Security Requirements. Monterey Bay, CA, USA, pp. 13–22 (2003)Google Scholar
  4. 4.
    Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F.: Security Patterns, 1st edn., pages. 512. John Wiley & Sons, Chichester (2005)Google Scholar
  5. 5.
    Schumacher, M., Roedig, U.: Security Engineering with Patterns. In: 8th Conference on Patterns Lnaguages of Programs, PLoP 2001, Monticello, Illinois, USA (2001)Google Scholar
  6. 6.
    Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security, Monticello, Illinois, USA (1997)Google Scholar
  7. 7.
    IEEE, Recommended Practice for Architectural Description of Software-Intensive Systems (IEEE Std 1471-2000). Institute of Electrical and Electronics Engineers: New York, NY, p. 29 (2000),
  8. 8.
    Kruchten, P.: Architectural Blueprints - The “4+1” View Model of Software Architecture. IEEE Software 12(6), 42–50 (1995)CrossRefGoogle Scholar
  9. 9.
    Rozanski, N., Woods, E.i.: Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives, 1st edn., p. 576. Addison Wesley, Reading (2005)Google Scholar
  10. 10.
    Berry, C.A., Carnell, J., Juric, M.B., Kunnumpurath, M.M., Nashi, N., Romanosky, S.: Patterns Applied to Manage Security, in J2EE Design Patterns Applied, Ch. 5 (2002)Google Scholar
  11. 11.
    Kienzle, D.M., Elder, M.C.: Final Technical Report: Security Patterns for web Application Development (2005)Google Scholar
  12. 12.
    Firesmith, D.G.: Commom Concepts Underlying Safety, Security, and Survivability Engineering CMU/SEI-2003-TN-033. SEI (2003) Google Scholar
  13. 13.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns, p. 476. John Wiley & Sons, Chichester (1996)Google Scholar
  14. 14.
    Fernandez, E.B., Pan, R.: A pattern language for security models. In: 8th Conference on Pattern Languages of Programs, PLoP 2001. Allerton Park, Illinois, USA (2001)Google Scholar
  15. 15.
    Security Design Patterns (2001), Available on:
  16. 16.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1994)Google Scholar
  17. 17.
    AGCS, AG Communication System. Template Pattern (1996)Google Scholar
  18. 18.
    Rosado, D.G., Gutiérrez, C., Fernandez-Medina, E., Piattini, M. (eds.): A Study of Security Architectural Patterns, Vienna, Austria, pp. 358–365. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  19. 19.
    Software Architecture Document (SAD) (2006) Available on:
  20. 20.
    Jurjens, J.: Towards Secure Systems Development with UMLsec. In: Hussmann, H. (ed.) ETAPS 2001 and FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)Google Scholar
  21. 21.
    Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)Google Scholar
  22. 22.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  23. 23.
    CockBurn, A.: Writing Effective Use Cases, p. 270. Addison-Wesley Professional, Reading (2000)Google Scholar
  24. 24.
    Deubler, M., Grünbauer, J., Jürjens, J., Wimmel, G.: Sound Development of Secure Service-based Systems. In: Second International Conference on Service Oriented Computing (ICSOC), ACM Press, New York (2004)Google Scholar
  25. 25.
    Garlan, J., Anthony, R.: Large-Scale Software Architecture, p. 278. John Wiley & Sons, Chichester (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • David G. Rosado
    • 1
  • Carlos Gutiérrez
    • 2
  • Eduardo Fernández-Medina
    • 1
  • Mario Piattini
    • 1
  1. 1.ALARCOS Research Group. Information Systems and Technologies Department UCLM-Indra. Research and Development Institute. University of Castilla-La Mancha Paseo de la, Universidad, 4 – 13071 Ciudad RealSpain
  2. 2.Correos Telecom, Conde de Peñalver, 19 bis 6a pl. 28006 MadridSpain

Personalised recommendations