Abstract
Software Security has received a lot of attention during the last years. It aims at preventing security problems by building software without the so-called security holes. One of the ways to do this is to apply specific patterns in software architecture. In the same way that the well-known design patterns for building well-structured software have been used, a new kind of patterns, called security patterns have emerged. The way to build secure software is still vague, but guidelines for this have already appeared in the literature. Furthermore, the key problems in building secure software have been mentioned. Finally, threat categories for a software system have been identified. Based on these facts, it would be useful to evaluate known security patterns based on how well they follow each guideline, how they encounter with possible problems in building secure software and for which of the threat categories they do take care of.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blakley, B., Heath, C. and Members of the Open Group Security Forum: Security Design Patterns. Open Group Technical Guide (2004)
Braga, A., Rubira, C., Dahab, R.: Tropyc: A Pattern Language for Cryptographic Software. In: Proceedings of the 5th Conference on Pattern Languages of Programming, PloP 1998 (1998)
Lee Brown, F., Di Vietri, J., Diaz de Villegas, G., Fernandez, E.: The Authenticator Pattern. In: Proceedings of the 6th Conference on Pattern Languages of Programming, PloP 1999 (1999)
Buschmann, F., Meunier, R., Rohnert, H., Sommerland, P., Stahl, M.: Pattern Oriented Software Architecture – A System of Patterns. John Wiley and Sons, Chichester (1996)
Cheng, B., Konrad, S., Campbell, L., Wassermann, R.: Using Security Patterns to Model and Analyze Security Requirements. In: Proceedings of the High Assurance Systems Workshop (RHAS 2003) as part of the IEEE Joint International Conference on Requirements Engineering (2003)
Fernandez, E.: Metadata and authorization patterns (2000), http://www.cse.fau.edu/ẽd/MetadataPatterns.pdf
Fites, P., Kratz, M.: Information Systems Security: A Practitioner’s Reference. International Thomson Computer Press (1996)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Reading (1995)
Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press, Redmond (2002)
IBM, Introduction to Business Security Patterns, IBM White Paper (2003)
Kienzle, D., Elder, M.: Security Patterns for Web Application Development, Univ. of Virginia Technical Report (2002)
Kis, M.: Information Security Antipatterns in Software Requirements Engineering. In: Proceedings of the 9th Conference on Pattern Languages of Programming, PLoP 2002 (2002)
Krause, M., Tipton, H. (eds.): Information Security Management Handbook, 4th edn. CRC Press – Auerbach Publications (1999)
Mahmoud, Q.: Security Policy: A Design Pattern for Mobile Java Code. In: Proceedings of the 7th Conference on Pattern Languages of Programming, PLoP 2000 (2000)
McGraw, G.: Building Secure Software, How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2002)
McGraw, G.: From the Ground Up: The DIMACS Software Security Workshop, IEEE Security and Privacy, pp. 2–9 (April 2003)
Mouratidis, H., Giorgini, P., Schumacher, M.: Security Patterns for Agent Systems. In: Proceedings of the Eighth European Conference on Pattern Languages of Programs, EuroPLoP 2003 (2003)
Ramachandran, J.: Designing Security Architecture Solutions. John Wiley and Sons, Chichester (2002)
Romanosky, S.: Security Design Patterns (2002), http://www.romanosky.net/papers/securityDesignPatterns.html
Romanosky, S.: Enterprise Security Patterns (2002), http://www.romanosky.net/papers/EnterpriseSecurityPatterns.pdf
Romanosky, S.: Operational Security Patterns (2003), http://www.romanosky.net
Weiss, M.: Patterns for Web Applications. In: Proceedings of the 10th Conference on Pattern Languages of Programming, PLoP 2003 (2003)
Yoder, J.: and, Barcalow, J., Architectural Patterns for enabling application security. In: Proceedings of the 4th Conference on Pattern Languages of Programming, PLoP 1997 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G. (2004). A Qualitative Evaluation of Security Patterns. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive