Abstract
Information Security has become one of the fundamental mainstays in organizations owing to the ever-increasing cyber attacks against them in recent years. Both the designers of security mechanisms and the security engineers therefore need reliable security solutions to minimize the impact of the attacks on an organization’s systems. Good mechanisms for solving these deficiencies are security patterns, which present a reliable and tested scheme to deal with recurring security problems. In this paper, we perform an analysis of some of the most important works that describe security patterns. Our main objective is to verify their applicability for the analysis and design of secure architectures in real and complex environments. Finally, and after presenting the detected shortcomings of the existing security patterns, we show which features should be incorporated into the patterns to be applicable in the field of information security engineering related to the development of secure architectures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Open Web Application Security Project, OWASP (2010), http://www.owasp.org
Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G.: Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE Transactions on Dependable and Secure Computing, 129–142 (2008)
Alexander, C., Ishikawa, S., Silverstein, M.: A Pattern Language: Towns, Buildings, Constructions. Oxford University Press, Oxford (1977)
Fernández, E.B.: Security patterns and secure systems design. In: ACM Southeast Regional Conference (2007)
Fernandez, E., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y.: Classifying Security Patterns. In: Progress in WWW Research and Development, pp. 342–347 (2008)
Fernandez, E.B., Wu, J., Larrondo-Petrie, M.M., Shao, Y.: On building secure SCADA systems using security patterns. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee (2009)
Maña, A., Serrano, D., Ruiz, J.F., Armenteros, A., Crespo, B.G.N., Muñoz, A.: Development of Applications Based on Security Patterns. In: Second International Conference on Dependability, DEPEND 2009, pp. 111–116 (2009)
Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository, version 1.0 (2006)
Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Research: Electronic Networking Applications and Policy (2006)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Chichester (2006)
Yskout, K., Heyman, T., Scandariato, R., Joosen, W.: An inventory of security patterns. Technical Report CW-469, Katholieke Universiteit Leuven, Department of Computer Science (2006)
Fernandez, E.B., Washizaki, H., Yoshioka, N.: Abstract security patterns. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)
Okubo, T., Tanaka, H.: Web security patterns for analysis and design. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)
Ortega-Arjona, J. L., Fernandez, E. B.: The secure blackboard pattern. In: Proceedings of the 15th Conference on Pattern Languages of Programs, Nashville, Tennessee (2008)
Serenity Project - System Engineering for Security & Dependability (2010), http://www.serenity-project.org
Schumacher, M.: B. Example Security Patterns and Annotations. In: Schumacher, M. (ed.) Security Engineering with Patterns. LNCS, vol. 2754, pp. 171–178. Springer, Heidelberg (2003)
Garzás, J., Piattini, M.: Object Oriented Microarchitectural Design Knowledge. IEEE Software, 28–33 (2005)
Anwar, Z., Yurcik, W., Johnson, R.E., Hafiz, M., Campbell, R.H.: Multiple design patterns for voice over IP (VoIP) security. In: 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006 (2006)
Fernandez, E. B., Yoshioka, N., Washizaki, H.: Modeling Misuse Patterns. In International Conference on Availability, Reliability and Security, ARES 2009, pp. 566–571 (2009)
Moral-Garcia, S., Ortiz, R., Vela, B., Garzás, J., Fernández-Medina, E.: Patrones de Seguridad: ?’Homogéneos, validados y útiles. In: RECSI XI, Tarragona, Spain (submit accepted)
Fernandez, E.B., Pernul, G., Larrondo-Petrie, M.M.: Patterns and Pattern Diagrams for Access Control. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 38–47. Springer, Heidelberg (2008)
Sarmah, A., Hazarika, S.M., Sinha, S.K.: Security Pattern Lattice: A Formal Model to Organize Security Patterns. In: Bhowmick, S.S., Küng, J., Wagner, R. (eds.) DEXA 2008. LNCS, vol. 5181, pp. 292–296. Springer, Heidelberg (2008)
Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An Analysis of the Security Patterns Landscape. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (2007)
Washizaki, H., Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: Improving the Classification of Security Patterns. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 165–170 (2009)
Fernandez, E.: Security Patterns and Secure Systems Design. In: Dependable Computing, pp. 233–234 (2007)
Kitchenham, B.: Guideline for performing Systematic Literature Reviews in Software Engineering. Version 2.3. University of Keele (Software Engineering Group, School of Computer Science and Mathematics) and Durham (Department of Conputer Science) (2007)
Fernandez, E.B., Pelaez, J.C., Larrondo-Petrie, M.M.: Security Patterns for Voice over IP Networks. In: International Multi-Conference on Computing in the Global Information Technology, ICCGI 2007, pp. 33–33 (2007)
Chavhan, N.A., Chhabria, S.A.: Multiple design patterns for voice over IP security. In: Proceedings of the International Conference on Advances in Computing, Communication and Control, Mumbai, India (2009)
Fernandez, E.B., Ortega-Arjona, J.L.: The Secure Pipes and Filters Pattern. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 181–185 (2009)
Delessy, N., Fernandez, E.B., Larrondo-Petrie, M.M.: A Pattern Language for Identity Management. In: International Multi-Conference on Computing in the Global Information Technology, ICCGI 2007, p. 31 (2007)
Cuevas, A., El Khoury, P., Gomez, L., Laube, A.: Security Patterns for Capturing Encryption-Based Access Control to Sensor Data. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 62–67 (2008)
Morrison, P., Fernandez, E.B.: The credentials pattern. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)
Fernandez, E.B., Pernul, G.: Patterns for session-based access control. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)
Lobato, L.L., Fernandez, E.B., Zorzo, S.D.: Patterns to Support the Development of Privacy Policies. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 744–749 (2009)
Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)
Fernandez, E., Pelaez, J., Larrondo-Petrie, M.: Attack Patterns: A New Forensic and Design Tool. In: Advances in Digital Forensics III, pp. 345–357 (2007)
Fischer, T., Sadeghi, A.R., Winandy, M.: A Pattern for Secure Graphical User Interface Systems. In: 20th International Workshop on Database and Expert Systems Application, DEXA 2009, pp. 186–190 (2009)
Sorniotti, A., El Khoury, P., Gomez, L., Cuevas, A., Laube, A.: A Security Pattern for Untraceable Secret Handshakes. In: SECURWARE 2009. Third International Conference on Emerging Security Information, Systems and Technologies, pp. 8–14 (2009)
Fernandez, E.B., Fonoage, M., VanHilst, M., Marta, M.: The Secure Three-Tier Architecture Pattern. In: International Conference on Complex, Intelligent and Software Intensive Systems, CISIS 2008, pp. 555–560 (2008)
Fernandez, E.B., Sorgente, T., Larrondo-Petrie, M.M.: Even more patterns for secure operating systems. In: Proceedings of the 2006 conference on Pattern languages of programs, Portland, Oregon (2006)
Spanoudakis, G., Kloukinas, C., Androutsopoulos, K.: Towards security monitoring patterns. In: Proceedings of the 2007 ACM symposium on Applied computing, Seoul, Korea (2007)
Schumacher, M.: Security Patterns - Security Patterns - Just another Way to Share Best Practices (2003), https://www.sdn.sap.com
Dougherty, C., Sayre, K., Seacord, R.C., Svoboda, D., Togashi, K.: Secure Design Patterns. Technical Report, CMU/SEI-2009-TR-010, ESC-TR-2009-010 (2009)
Kienzle, D.M., Elder, M.C., Tyree, D.S., Edwards-Hewitt, J.: Security patterns template and tutorial (2002)
The Open Group, Guide to Security Patterns - Arquitectural Patterns (2010), http://www.opengroup.org/architecture/togaf7-doc/arch/p4/patterns/patterns.htm
Moral-García, S., Ortiz, R., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E.: A New Pattern Template to Support the Design of Security Architectures. In: The Second International Conferences of Pervasive Patterns and Applications (submit-accepted, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ortiz, R., Moral-García, S., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E. (2010). Applicability of Security Patterns. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)