nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

2. Towards a Conceptual Framework for Security Patterns

verfasst von : Clive Blackwell

Erschienen in: Cyberpatterns

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We introduce security patterns as the most mature domain within cyberpatterns, and outline a conceptual framework to help understand and develop good security patterns. Security patterns help us move from an improvised craft to engineering discipline because they transfer knowledge about proven solutions in an understandable and reusable format to experienced users and novices alike. Although security patterns are widely known, many questions remain unanswered regarding their conceptual foundation and practical use. We characterise the current pattern schemes using the Zachman Framework for enterprise architecture modelling, which allows us to structure and pose questions about both the problem domain and corresponding solutions provided by security patterns. We propose a parallel security plane overlaying the entire Zachman grid allowing the separate consideration of security within the security plane using the interrogative questions (who, what, where, when, why and how) to evaluate the six aspects. The integration between security and functional concerns is similarly aided by using the correspondence between aspects in the security and functional planes to decompose and examine the relationship between security patterns and problem context. We also briefly discuss security patterns as transformations, and related concepts such as tactics that may usefully be applied to security. We conclude with a set of unsolved challenges for security patterns. This discussion is relevant to other types of cyberpattern such as attack patterns, and may aid the eventual development of a comprehensive framework for cyberpatterns.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Cyberpatterns: Towards a Pattern Oriented Study of Cyberspace

Nächstes Kapitel Design Patterns: Applications and Open Issues

Gabriel RP. Patterns of software: tales from the software community. New York: Oxford University Press; 1996. http://www.dreamsongs.com/Files/PatternsOfSoftware.pdf. Accessed 10 Nov 2013.

Kienzle DM, Elder MC, Tyree D, Edwards-Hewitt J. Security patterns repository version 1.0. Washington DC: DARPA; 2002. www.scrypt.net/~celer/securitypatterns/repository.pdf. Accessed 7 Nov 2013.

Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Reading: Addison-Wesley; 1995.

Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P. Security patterns: integrating security and systems engineering. Chichester: John Wiley; 2005.

Zachman JA. A framework for information systems architecture. IBM Syst J. 1987;26(3): 276–92.

Zachman JA. John Zachman’s concise definition of The Zachman framework\(^{TM}\). Zachman International, Inc. 2008. http://www.zachman.com/about-the-zachman-framework. Accessed 28 Oct 2013.

Blackwell C. A strategy for formalising attack patterns. 1st cyberpatterns workshop. 2012. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

Sherwood J, Clark A, Lynas D. Enterprise security architecture, a business driven approach. San Francisco: CMP Books; 2005.

Fernandez EB, Larrondo-Petrie MM, Sorgente T, VanHilst M. A methodology to develop secure systems using patterns. Chapter V: Integrating security and software engineering: advances and future vision. IGI; 2006. p. 107–26.

10.

Yoder J, Barcalow J. Architectural patterns for enabling application security. In: Proceedings of the 4th annual conference on pattern languages of programs (PLoP 1997). 1997.

11.

Graham I. Business rules management and service oriented architecture: a pattern language. Chichester (WSX): John Wiley; 2007.

12.

Hafiz M. Security pattern catalog. www.munawarhafiz.com/securitypatterncatalog. Accessed 30 Oct 2013 (15 March 2013).

13.

Hafiz M, Adamczyk P, Johnson RE. Organising security patterns. IEEE Softw. 2007;24(4): 52–60.

14.

Blakely B, Heath C. Security design patterns. Berkshire, UK: The Open Group; 2004.

15.

Yoshioka N, Washizaki H, Maruyama K. A survey on security patterns. Prog Inf. 2008;5(5): 35–47.

16.

Dougherty CR, Sayre K, Seacord R, Svoboda D, Togashi K. Secure design patterns. Software engineering institute. Paper 47. 2009. http://repository.cmu.edu/sei/47. Accessed 8 Nov 2013.

17.

Steel C, Nagappan R, Lai R. Core security patterns: best practices and strategies for J2EE, web services, and identity management. Englewood Cliffs: Prentice Hall; 2005.

18.

Hogg J, Smith D, Chong F, Taylor D, Wall L, Slater P. Web service security: scenarios, patterns, and implementation guidance for web services enhancements (WSE) 3.0. Redmond (WA): Microsoft Press; 2006.

19.

Heaney J, Hybertson D, Reedy A, Chapin S, Bollinger T, Williams D, Kirwan Jr. M. Information assurance for enterprise engineering. In: Proceedings of the 8th annual conference on pattern languages of programs (PLoP’02). 2002.

20.

Trowbridge D, Cunningham W, Evans M, Brader L, Slater P. Describing the enterprise architectural space. MSDN. June 2004. msdn.microsoft.com/en-us/library/ff648192.aspx. Accessed 8 Nov 2013.

21.

Maier MW, Emery D, Hilliard R. Software architecture: introducing IEEE standard 1471. IEEE Comput. 2001;34(4):107–9.

22.

Swiderski F, Snyder W. Threat modelling. Redmond (WA): Microsoft Press; 2004.

23.

Hafiz M, Adamczyk P, Johnson RE. Growing a pattern language (for security). In: Proceedings of the 27th object-oriented programming, systems, languages and applications (OOPSLA 2012). 2012.

24.

Fernandez-Buglioni E. Security patterns in practice: designing secure architectures using software patterns (Wiley software patterns series). New York: John Wiley; 2013.

25.

Fernandez EB, Pan R. A pattern language for security models. In: Proceedings of the 8th annual conference on pattern languages of programs (PLoP 2001). 2001.

26.

VanHilst M, Fernandez EB, Braz F. A multidimensional classification for users of security patterns. J Res Pract Inf Tech. 2009;41(2):87–97.

27.

Bass L, Clements P, Kazman R. Software architecture in practice. Boston: Addison-Wesley; 2012.

28.

Fowler M. Refactoring: improving the design of existing code. Boston: Addison-Wesley; 1999.

29.

Lano K. Design patterns: applications and open issues. 1st cyberpatterns workshop. 2012. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

30.

Hafiz M. Security on demand. PhD dissertation. University of Illinois. 2011. http://munawarhafiz.com/research/phdthesis/Munawar-Dissertation.pdf. Accessed 6 Nov 2013.

31.

Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M. Pattern-oriented software architecture volume 1: a system of patterns. Chichester: John Wiley; 1996.

32.

Buschmann F, Henney K, Schmidt DC. Pattern-oriented software architecture volume 4: a pattern language for distributed computing. Chichester: John Wiley; 2007.

33.

Zhu H. Cyberpatterns: a pattern oriented research methodology for studying cyberspace. In cyberpatterns: unifying design patterns with security and attack patterns. Springer; 2014.

34.

Sowa J, Zachman JA. Extending and formalizing the framework for information systems architecture. IBM Syst J. 1992;31(3):590–616.CrossRef

35.

Zhu H. Design space-based pattern representation. 1st cyberpatterns workshop. 2012. In unifying design patterns with security and attack patterns. Springer; 2014.

36.

Bayley I. Challenges for a formal framework for patterns. 1st cyberpatterns workshop. 2012. In unifying design patterns with security and attack patterns. Springer; 2014.

Titel: Towards a Conceptual Framework for Security Patterns
verfasst von: Clive Blackwell
Verlag: Springer International Publishing
Buch: Cyberpatterns
Print ISBN: 978-3-319-04446-0

Electronic ISBN: 978-3-319-04447-7

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-3-319-04447-7_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner