Skip to main content
SpringerLink
Log in

Applicability of Security Patterns

  • Conference paper
Book cover On the Move to Meaningful Internet Systems: OTM 2010 (OTM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6426))

Abstract

Information Security has become one of the fundamental mainstays in organizations owing to the ever-increasing cyber attacks against them in recent years. Both the designers of security mechanisms and the security engineers therefore need reliable security solutions to minimize the impact of the attacks on an organization’s systems. Good mechanisms for solving these deficiencies are security patterns, which present a reliable and tested scheme to deal with recurring security problems. In this paper, we perform an analysis of some of the most important works that describe security patterns. Our main objective is to verify their applicability for the analysis and design of secure architectures in real and complex environments. Finally, and after presenting the detected shortcomings of the existing security patterns, we show which features should be incorporated into the patterns to be applicable in the field of information security engineering related to the development of secure architectures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Open Web Application Security Project, OWASP (2010), http://www.owasp.org

  2. Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G.: Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE Transactions on Dependable and Secure Computing, 129–142 (2008)

    Google Scholar 

  3. Alexander, C., Ishikawa, S., Silverstein, M.: A Pattern Language: Towns, Buildings, Constructions. Oxford University Press, Oxford (1977)

    Google Scholar 

  4. Fernández, E.B.: Security patterns and secure systems design. In: ACM Southeast Regional Conference (2007)

    Google Scholar 

  5. Fernandez, E., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y.: Classifying Security Patterns. In: Progress in WWW Research and Development, pp. 342–347 (2008)

    Google Scholar 

  6. Fernandez, E.B., Wu, J., Larrondo-Petrie, M.M., Shao, Y.: On building secure SCADA systems using security patterns. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee (2009)

    Google Scholar 

  7. Maña, A., Serrano, D., Ruiz, J.F., Armenteros, A., Crespo, B.G.N., Muñoz, A.: Development of Applications Based on Security Patterns. In: Second International Conference on Dependability, DEPEND 2009, pp. 111–116 (2009)

    Google Scholar 

  8. Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository, version 1.0 (2006)

    Google Scholar 

  9. Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Research: Electronic Networking Applications and Policy (2006)

    Google Scholar 

  10. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Chichester (2006)

    Google Scholar 

  11. Yskout, K., Heyman, T., Scandariato, R., Joosen, W.: An inventory of security patterns. Technical Report CW-469, Katholieke Universiteit Leuven, Department of Computer Science (2006)

    Google Scholar 

  12. Fernandez, E.B., Washizaki, H., Yoshioka, N.: Abstract security patterns. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)

    Google Scholar 

  13. Okubo, T., Tanaka, H.: Web security patterns for analysis and design. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)

    Google Scholar 

  14. Ortega-Arjona, J. L., Fernandez, E. B.: The secure blackboard pattern. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)

    Google Scholar 

  15. Serenity Project - System Engineering for Security & Dependability (2010), http://www.serenity-project.org

  16. Schumacher, M.: B. Example Security Patterns and Annotations. In: Schumacher, M. (ed.) Security Engineering with Patterns. LNCS, vol. 2754, pp. 171–178. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Garzás, J., Piattini, M.: Object Oriented Microarchitectural Design Knowledge. IEEE Software, 28–33 (2005)

    Google Scholar 

  18. Anwar, Z., Yurcik, W., Johnson, R.E., Hafiz, M., Campbell, R.H.: Multiple design patterns for voice over IP (VoIP) security. In: 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006 (2006)

    Google Scholar 

  19. Fernandez, E. B., Yoshioka, N., Washizaki, H.: Modeling Misuse Patterns. In International Conference on Availability, Reliability and Security, ARES 2009, pp. 566–571 (2009)

    Google Scholar 

  20. Moral-Garcia, S., Ortiz, R., Vela, B., Garzás, J., Fernández-Medina, E.: Patrones de Seguridad: ?’Homogéneos, validados y útiles. In: RECSI XI, Tarragona, Spain (submit accepted)

    Google Scholar 

  21. Fernandez, E.B., Pernul, G., Larrondo-Petrie, M.M.: Patterns and Pattern Diagrams for Access Control. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 38–47. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Sarmah, A., Hazarika, S.M., Sinha, S.K.: Security Pattern Lattice: A Formal Model to Organize Security Patterns. In: Bhowmick, S.S., Küng, J., Wagner, R. (eds.) DEXA 2008. LNCS, vol. 5181, pp. 292–296. Springer, Heidelberg (2008)

    Google Scholar 

  23. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An Analysis of the Security Patterns Landscape. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (2007)

    Google Scholar 

  24. Washizaki, H., Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: Improving the Classification of Security Patterns. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 165–170 (2009)

    Google Scholar 

  25. Fernandez, E.: Security Patterns and Secure Systems Design. In: Dependable Computing, pp. 233–234 (2007)

    Google Scholar 

  26. Kitchenham, B.: Guideline for performing Systematic Literature Reviews in Software Engineering. Version 2.3. University of Keele (Software Engineering Group, School of Computer Science and Mathematics) and Durham (Department of Conputer Science) (2007)

    Google Scholar 

  27. Fernandez, E.B., Pelaez, J.C., Larrondo-Petrie, M.M.: Security Patterns for Voice over IP Networks. In: International Multi-Conference on Computing in the Global Information Technology, ICCGI 2007, pp. 33–33 (2007)

    Google Scholar 

  28. Chavhan, N.A., Chhabria, S.A.: Multiple design patterns for voice over IP security. In: Proceedings of the International Conference on Advances in Computing, Communication and Control, Mumbai, India (2009)

    Google Scholar 

  29. Fernandez, E.B., Ortega-Arjona, J.L.: The Secure Pipes and Filters Pattern. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 181–185 (2009)

    Google Scholar 

  30. Delessy, N., Fernandez, E.B., Larrondo-Petrie, M.M.: A Pattern Language for Identity Management. In: International Multi-Conference on Computing in the Global Information Technology, ICCGI 2007, p. 31 (2007)

    Google Scholar 

  31. Cuevas, A., El Khoury, P., Gomez, L., Laube, A.: Security Patterns for Capturing Encryption-Based Access Control to Sensor Data. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 62–67 (2008)

    Google Scholar 

  32. Morrison, P., Fernandez, E.B.: The credentials pattern. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)

    Google Scholar 

  33. Fernandez, E.B., Pernul, G.: Patterns for session-based access control. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)

    Google Scholar 

  34. Lobato, L.L., Fernandez, E.B., Zorzo, S.D.: Patterns to Support the Development of Privacy Policies. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 744–749 (2009)

    Google Scholar 

  35. Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)

    Google Scholar 

  36. Fernandez, E., Pelaez, J., Larrondo-Petrie, M.: Attack Patterns: A New Forensic and Design Tool. In: Advances in Digital Forensics III, pp. 345–357 (2007)

    Google Scholar 

  37. Fischer, T., Sadeghi, A.R., Winandy, M.: A Pattern for Secure Graphical User Interface Systems. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 186–190 (2009)

    Google Scholar 

  38. Sorniotti, A., El Khoury, P., Gomez, L., Cuevas, A., Laube, A.: A Security Pattern for Untraceable Secret Handshakes. In: SECURWARE 2009. Third International Conference on Emerging Security Information, Systems and Technologies, pp. 8–14 (2009)

    Google Scholar 

  39. Fernandez, E.B., Fonoage, M., VanHilst, M., Marta, M.: The Secure Three-Tier Architecture Pattern. In: International Conference on Complex, Intelligent and Software Intensive Systems, CISIS 2008, pp. 555–560 (2008)

    Google Scholar 

  40. Fernandez, E.B., Sorgente, T., Larrondo-Petrie, M.M.: Even more patterns for secure operating systems. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)

    Google Scholar 

  41. Spanoudakis, G., Kloukinas, C., Androutsopoulos, K.: Towards security monitoring patterns. In: Proceedings of the 2007 ACM symposium on Applied computing, Seoul, Korea (2007)

    Google Scholar 

  42. Schumacher, M.: Security Patterns - Security Patterns - Just another Way to Share Best Practices (2003), https://www.sdn.sap.com

  43. Dougherty, C., Sayre, K., Seacord, R.C., Svoboda, D., Togashi, K.: Secure Design Patterns. Technical Report, CMU/SEI-2009-TR-010, ESC-TR-2009-010 (2009)

    Google Scholar 

  44. Kienzle, D.M., Elder, M.C., Tyree, D.S., Edwards-Hewitt, J.: Security patterns template and tutorial (2002)

    Google Scholar 

  45. The Open Group, Guide to Security Patterns - Arquitectural Patterns (2010), http://www.opengroup.org/architecture/togaf7-doc/arch/p4/patterns/patterns.htm

  46. Moral-García, S., Ortiz, R., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E.: A New Pattern Template to Support the Design of Security Architectures. In: The Second International Conferences of Pervasive Patterns and Applications (submit-accepted, 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. S21SecLabs-SOC. Group S21Sec Gestión S.A., Valgrande, 10, 28108, Madrid, Spain

    Roberto Ortiz

  2. Kybele Group. Dep. of Computer Languages and Systems II, University Rey Juan Carlos, Tulipán, s/n, 28933, Madrid, Spain

    Santiago Moral-García, Belén Vela & Javier Garzás

  3. Dep. Logical Security, BBVA, Batanes 3, 28760, Madrid, Spain

    Santiago Moral-Rubio

  4. Kybele Consulting, Oliva, Las Rozas, Madrid

    Javier Garzás

  5. GSyA Research Group, Dep. of Information Technologies and Systems, University of Castilla-La Mancha, Paseo de la Universidad, 4, Ciudad Real, Spain

    Eduardo Fernández-Medina

Authors
  1. Roberto Ortiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Santiago Moral-García
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santiago Moral-Rubio
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Belén Vela
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Javier Garzás
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Curtin University of Technology, DEBII - CBS, De Laeter Way, Bentley, 6102, WA, Australia

    Tharam Dillon

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ortiz, R., Moral-García, S., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E. (2010). Applicability of Security Patterns. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16934-2_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16933-5

  • Online ISBN: 978-3-642-16934-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation