Top

Published in:

2014 | OriginalPaper | Chapter

2. Towards a Conceptual Framework for Security Patterns

Author : Clive Blackwell

Published in: Cyberpatterns

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We introduce security patterns as the most mature domain within cyberpatterns, and outline a conceptual framework to help understand and develop good security patterns. Security patterns help us move from an improvised craft to engineering discipline because they transfer knowledge about proven solutions in an understandable and reusable format to experienced users and novices alike. Although security patterns are widely known, many questions remain unanswered regarding their conceptual foundation and practical use. We characterise the current pattern schemes using the Zachman Framework for enterprise architecture modelling, which allows us to structure and pose questions about both the problem domain and corresponding solutions provided by security patterns. We propose a parallel security plane overlaying the entire Zachman grid allowing the separate consideration of security within the security plane using the interrogative questions (who, what, where, when, why and how) to evaluate the six aspects. The integration between security and functional concerns is similarly aided by using the correspondence between aspects in the security and functional planes to decompose and examine the relationship between security patterns and problem context. We also briefly discuss security patterns as transformations, and related concepts such as tactics that may usefully be applied to security. We conclude with a set of unsolved challenges for security patterns. This discussion is relevant to other types of cyberpattern such as attack patterns, and may aid the eventual development of a comprehensive framework for cyberpatterns.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Cyberpatterns: Towards a Pattern Oriented Study of Cyberspace

next chapter Design Patterns: Applications and Open Issues

Gabriel RP. Patterns of software: tales from the software community. New York: Oxford University Press; 1996. http://www.dreamsongs.com/Files/PatternsOfSoftware.pdf. Accessed 10 Nov 2013.

Kienzle DM, Elder MC, Tyree D, Edwards-Hewitt J. Security patterns repository version 1.0. Washington DC: DARPA; 2002. www.scrypt.net/~celer/securitypatterns/repository.pdf. Accessed 7 Nov 2013.

Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Reading: Addison-Wesley; 1995.

Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P. Security patterns: integrating security and systems engineering. Chichester: John Wiley; 2005.

Zachman JA. A framework for information systems architecture. IBM Syst J. 1987;26(3): 276–92.

Zachman JA. John Zachman’s concise definition of The Zachman framework\(^{TM}\). Zachman International, Inc. 2008. http://www.zachman.com/about-the-zachman-framework. Accessed 28 Oct 2013.

Blackwell C. A strategy for formalising attack patterns. 1st cyberpatterns workshop. 2012. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

Sherwood J, Clark A, Lynas D. Enterprise security architecture, a business driven approach. San Francisco: CMP Books; 2005.

Fernandez EB, Larrondo-Petrie MM, Sorgente T, VanHilst M. A methodology to develop secure systems using patterns. Chapter V: Integrating security and software engineering: advances and future vision. IGI; 2006. p. 107–26.

10.

Yoder J, Barcalow J. Architectural patterns for enabling application security. In: Proceedings of the 4th annual conference on pattern languages of programs (PLoP 1997). 1997.

11.

Graham I. Business rules management and service oriented architecture: a pattern language. Chichester (WSX): John Wiley; 2007.

12.

Hafiz M. Security pattern catalog. www.munawarhafiz.com/securitypatterncatalog. Accessed 30 Oct 2013 (15 March 2013).

13.

Hafiz M, Adamczyk P, Johnson RE. Organising security patterns. IEEE Softw. 2007;24(4): 52–60.

14.

Blakely B, Heath C. Security design patterns. Berkshire, UK: The Open Group; 2004.

15.

Yoshioka N, Washizaki H, Maruyama K. A survey on security patterns. Prog Inf. 2008;5(5): 35–47.

16.

Dougherty CR, Sayre K, Seacord R, Svoboda D, Togashi K. Secure design patterns. Software engineering institute. Paper 47. 2009. http://repository.cmu.edu/sei/47. Accessed 8 Nov 2013.

17.

Steel C, Nagappan R, Lai R. Core security patterns: best practices and strategies for J2EE, web services, and identity management. Englewood Cliffs: Prentice Hall; 2005.

18.

Hogg J, Smith D, Chong F, Taylor D, Wall L, Slater P. Web service security: scenarios, patterns, and implementation guidance for web services enhancements (WSE) 3.0. Redmond (WA): Microsoft Press; 2006.

19.

Heaney J, Hybertson D, Reedy A, Chapin S, Bollinger T, Williams D, Kirwan Jr. M. Information assurance for enterprise engineering. In: Proceedings of the 8th annual conference on pattern languages of programs (PLoP’02). 2002.

20.

Trowbridge D, Cunningham W, Evans M, Brader L, Slater P. Describing the enterprise architectural space. MSDN. June 2004. msdn.microsoft.com/en-us/library/ff648192.aspx. Accessed 8 Nov 2013.

21.

Maier MW, Emery D, Hilliard R. Software architecture: introducing IEEE standard 1471. IEEE Comput. 2001;34(4):107–9.

22.

Swiderski F, Snyder W. Threat modelling. Redmond (WA): Microsoft Press; 2004.

23.

Hafiz M, Adamczyk P, Johnson RE. Growing a pattern language (for security). In: Proceedings of the 27th object-oriented programming, systems, languages and applications (OOPSLA 2012). 2012.

24.

Fernandez-Buglioni E. Security patterns in practice: designing secure architectures using software patterns (Wiley software patterns series). New York: John Wiley; 2013.

25.

Fernandez EB, Pan R. A pattern language for security models. In: Proceedings of the 8th annual conference on pattern languages of programs (PLoP 2001). 2001.

26.

VanHilst M, Fernandez EB, Braz F. A multidimensional classification for users of security patterns. J Res Pract Inf Tech. 2009;41(2):87–97.

27.

Bass L, Clements P, Kazman R. Software architecture in practice. Boston: Addison-Wesley; 2012.

28.

Fowler M. Refactoring: improving the design of existing code. Boston: Addison-Wesley; 1999.

29.

Lano K. Design patterns: applications and open issues. 1st cyberpatterns workshop. 2012. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

30.

Hafiz M. Security on demand. PhD dissertation. University of Illinois. 2011. http://munawarhafiz.com/research/phdthesis/Munawar-Dissertation.pdf. Accessed 6 Nov 2013.

31.

Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M. Pattern-oriented software architecture volume 1: a system of patterns. Chichester: John Wiley; 1996.

32.

Buschmann F, Henney K, Schmidt DC. Pattern-oriented software architecture volume 4: a pattern language for distributed computing. Chichester: John Wiley; 2007.

33.

Zhu H. Cyberpatterns: a pattern oriented research methodology for studying cyberspace. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

34.

Sowa J, Zachman JA. Extending and formalizing the framework for information systems architecture. IBM Syst J. 1992;31(3):590–616.CrossRef

35.

Zhu H. Design space-based pattern representation. 1st cyberpatterns workshop. 2012. In unifying design patterns with security and attack patterns. Springer; 2014.

36.

Bayley I. Challenges for a formal framework for patterns. 1st cyberpatterns workshop. 2012. In unifying design patterns with security and attack patterns. Springer; 2014.

Title: Towards a Conceptual Framework for Security Patterns
Author: Clive Blackwell
Publisher: Springer International Publishing
Book: Cyberpatterns
Print ISBN: 978-3-319-04446-0

Electronic ISBN: 978-3-319-04447-7

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-3-319-04447-7_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner