Skip to main content
SpringerLink
Log in

A Qualitative Evaluation of Security Patterns

  • Conference paper
Information and Communications Security (ICICS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3269))

Included in the following conference series:

Abstract

Software Security has received a lot of attention during the last years. It aims at preventing security problems by building software without the so-called security holes. One of the ways to do this is to apply specific patterns in software architecture. In the same way that the well-known design patterns for building well-structured software have been used, a new kind of patterns, called security patterns have emerged. The way to build secure software is still vague, but guidelines for this have already appeared in the literature. Furthermore, the key problems in building secure software have been mentioned. Finally, threat categories for a software system have been identified. Based on these facts, it would be useful to evaluate known security patterns based on how well they follow each guideline, how they encounter with possible problems in building secure software and for which of the threat categories they do take care of.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blakley, B., Heath, C. and Members of the Open Group Security Forum: Security Design Patterns. Open Group Technical Guide (2004)

    Google Scholar 

  2. Braga, A., Rubira, C., Dahab, R.: Tropyc: A Pattern Language for Cryptographic Software. In: Proceedings of the 5th Conference on Pattern Languages of Programming, PloP 1998 (1998)

    Google Scholar 

  3. Lee Brown, F., Di Vietri, J., Diaz de Villegas, G., Fernandez, E.: The Authenticator Pattern. In: Proceedings of the 6th Conference on Pattern Languages of Programming, PloP 1999 (1999)

    Google Scholar 

  4. Buschmann, F., Meunier, R., Rohnert, H., Sommerland, P., Stahl, M.: Pattern Oriented Software Architecture – A System of Patterns. John Wiley and Sons, Chichester (1996)

    Google Scholar 

  5. Cheng, B., Konrad, S., Campbell, L., Wassermann, R.: Using Security Patterns to Model and Analyze Security Requirements. In: Proceedings of the High Assurance Systems Workshop (RHAS 2003) as part of the IEEE Joint International Conference on Requirements Engineering (2003)

    Google Scholar 

  6. Fernandez, E.: Metadata and authorization patterns (2000), http://www.cse.fau.edu/ẽd/MetadataPatterns.pdf

    Google Scholar 

  7. Fites, P., Kratz, M.: Information Systems Security: A Practitioner’s Reference. International Thomson Computer Press (1996)

    Google Scholar 

  8. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Reading (1995)

    Google Scholar 

  9. Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press, Redmond (2002)

    Google Scholar 

  10. IBM, Introduction to Business Security Patterns, IBM White Paper (2003)

    Google Scholar 

  11. Kienzle, D., Elder, M.: Security Patterns for Web Application Development, Univ. of Virginia Technical Report (2002)

    Google Scholar 

  12. Kis, M.: Information Security Antipatterns in Software Requirements Engineering. In: Proceedings of the 9th Conference on Pattern Languages of Programming, PLoP 2002 (2002)

    Google Scholar 

  13. Krause, M., Tipton, H. (eds.): Information Security Management Handbook, 4th edn. CRC Press – Auerbach Publications (1999)

    Google Scholar 

  14. Mahmoud, Q.: Security Policy: A Design Pattern for Mobile Java Code. In: Proceedings of the 7th Conference on Pattern Languages of Programming, PLoP 2000 (2000)

    Google Scholar 

  15. McGraw, G.: Building Secure Software, How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2002)

    Google Scholar 

  16. McGraw, G.: From the Ground Up: The DIMACS Software Security Workshop, IEEE Security and Privacy, pp. 2–9 (April 2003)

    Google Scholar 

  17. Mouratidis, H., Giorgini, P., Schumacher, M.: Security Patterns for Agent Systems. In: Proceedings of the Eighth European Conference on Pattern Languages of Programs, EuroPLoP 2003 (2003)

    Google Scholar 

  18. Ramachandran, J.: Designing Security Architecture Solutions. John Wiley and Sons, Chichester (2002)

    Google Scholar 

  19. Romanosky, S.: Security Design Patterns (2002), http://www.romanosky.net/papers/securityDesignPatterns.html

  20. Romanosky, S.: Enterprise Security Patterns (2002), http://www.romanosky.net/papers/EnterpriseSecurityPatterns.pdf

  21. Romanosky, S.: Operational Security Patterns (2003), http://www.romanosky.net

  22. Weiss, M.: Patterns for Web Applications. In: Proceedings of the 10th Conference on Pattern Languages of Programming, PLoP 2003 (2003)

    Google Scholar 

  23. Yoder, J.: and, Barcalow, J., Architectural Patterns for enabling application security. In: Proceedings of the 4th Conference on Pattern Languages of Programming, PLoP 1997 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Informatics, University of Macedonia, Egnatia 156, GR-54006, Thessaloniki, Greece

    Spyros T. Halkidis, Alexander Chatzigeorgiou & George Stephanides

Authors
  1. Spyros T. Halkidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Chatzigeorgiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Stephanides
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  2. Chinese Academy of Sciences, Institute of Softwear, 100080, Beijing, China

    Sihan Qing

  3. Graduate School of Systems and Information Engineering, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, 305-8573, Ibaraki, Japan

    Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G. (2004). A Qualitative Evaluation of Security Patterns. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30191-2_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23563-7

  • Online ISBN: 978-3-540-30191-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation