Abstract
Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. In addition to their value for new system design, security patterns are useful to evaluate existing systems. They are also useful to compare security standards and to verify that products comply with some standard. A variety of security patterns has been developed for the construction of secure systems and catalogs of them are appearing. However, catalogs of patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. We discuss here several ways to classify patterns. We show a way to use these classifications through pattern diagrams where a designer can navigate to perform her pattern selection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avgeriou, P., Zdun, U.: Architectural patterns revisited—A pattern language. In: Procs. EuroPLoP 2005, pp. 1–39 (2005)
Delessy, N., Fernandez, E.B., Larrondo-Petrie, M.M.: A pattern language for identity management. In: Procs. of the 2nd IEEE Int. Multiconference on Computing in the Global Information Technology (ICCGI 2007), Guadeloupe, French Caribbean, March 4-9 (2007)
Fernandez, E.B.: Security patterns. In: Procs. of the Eigth International Symposium on System and Information Security - SSI 2006 (Keynote talk) Sao Jose dos Campos, Brazil, November 08-10 (2006)
Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A methodology to develop secure systems using patterns. In: Mouratidis, H., Giorgini, P. (eds.) Integrating security and software engineering: Advances and future vision, ch. 5, pp. 107–126. IDEA Press (2006)
Fernandez, E.B., Pernul, G.: Patterns for session-based access control. In: Procs. of the Pattern Languages of Programming Conference (PLoP 2006) (2006)
Fernandez, E.B., la Red Martinez, D.L., Forneron, J., Uribe, V.E., Rodriguez, G.: A secure analysis pattern for handling legal cases. In: Proc. 6th Latin American Conference on Pattern Languages of Programming (2007)
Fernandez, E.B., Yoshioka, N., Washizaki, H., Jurjens, J.: Using security patterns to ‘build secure systems. In: Procs. 1st Int. Workshop on Software Patterns and Quality (SPAQu 2007), Nagoya, Japan, December 3 (2007)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design patterns –Elements of reusable object-oriented software. Addison-Wesley, Reading (1994)
Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository, Version 1.0., http://www.modsecurity.org/archive/securitypatterns/dmdj_repository.pdf
Kubo, A., Washizaki, H., Takasu, A., Fukazawa, Y.: Extracting relations among embedded software design patterns. Journal of Integrated Design and Process Science 9(3), 39–52 (2005)
The Open Group, Security Design Patterns Technical Guide, http://www.opengroup.org/security/gsp.htm
Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating systems and software engineering. J. Wiley, Chichester (2006)
Schumacher, M.: The Security Patterns page, http://www.securitypatterns.org
Steel, C., Nagappan, R., Lai, R.: Core Security Patterns: Best Strategies for J2EE, Web Services, and Identity Management. Prentice Hall, New Jersey (2005)
Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: 4th Conference on Pattern Languages of Programs (PLoP 1997) (1997)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fernandez, E.B., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y. (2008). Classifying Security Patterns. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds) Progress in WWW Research and Development. APWeb 2008. Lecture Notes in Computer Science, vol 4976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78849-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-78849-2_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78848-5
Online ISBN: 978-3-540-78849-2
eBook Packages: Computer ScienceComputer Science (R0)