Security patterns and a methodology to apply them

Abstract

Patterns encapsulate experience and good practices that can be used for new designs. Analysis and design patterns are well established as a convenient and reusable way to build high-quality object-oriented software. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. A variety of security patterns has been developed for the construction of secure systems. We survey the security patterns developed by our group and a few other researchers. We apply these patterns through a secure system development method based on a hierarchical architecture whose layers define the scope of each security mechanism. We are building a catalog of security patterns that helps in defining the security mechanisms at each architectural level and at each development stage. In addition to their value for new system design, security patterns are useful to evaluate existing systems by analyzing if they include specific patterns or not. They are also useful to compare security standards and to verify that products comply with the standard. Finally, we have found security patterns very valuable for teaching security concepts and mechanisms. © Springer Science + Business Media, LLC 2009.