Applicability of security patterns

Authors:
Roberto Ortiz;Santiago Moral-García;Santiago Moral-Rubio;Belén Vela;Javier Garzás;Eduardo Fernández-Medina
Affiliations:
S21SecLabs-SOC. Group S21Sec Gestión S.A., Madrid, Spain;Kybele Group. Dep. of Computer Languages and Systems II, University Rey Juan Carlos, Madrid, Spain;Dep. Logical Security, BBVA, Madrid, Spain;Kybele Group. Dep. of Computer Languages and Systems II, University Rey Juan Carlos, Madrid, Spain;Kybele Group. Dep. of Computer Languages and Systems II, University Rey Juan Carlos, Madrid, Spain and Kybele Consulting, Madrid;GSyA Research Group, Dep. of Information Technologies and Systems, University of Castilla-La Mancha, Paseo de la Universidad, Ciudad Real, Spain
Venue:
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Year:
2010

Citing 28
Cited 2

An Ontology for Microarchitectural Design Knowledge

IEEE Software
Security Patterns: Integrating Security and Systems Engineering

Security Patterns: Integrating Security and Systems Engineering
Security patterns and secure systems design

ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Towards security monitoring patterns

Proceedings of the 2007 ACM symposium on Applied computing
A Pattern Language for Identity Management

ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
Security Patterns for Voice over IP Networks

ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
An Analysis of the Security Patterns Landscape

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Patterns for session-based access control

Proceedings of the 2006 conference on Pattern languages of programs
The credentials pattern

Proceedings of the 2006 conference on Pattern languages of programs
Even more patterns for secure operating systems

Proceedings of the 2006 conference on Pattern languages of programs
Privacy patterns for online interactions

Proceedings of the 2006 conference on Pattern languages of programs
Security Patterns and Secure Systems Design

LADC '07 Proceedings of the 3rd Latin-American symposium on Dependable Computing
Patterns and Pattern Diagrams for Access Control

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Architectural Risk Analysis of Software Systems Based on Security Patterns

IEEE Transactions on Dependable and Secure Computing
Security Pattern Lattice: A Formal Model to Organize Security Patterns

DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
The Secure Three-Tier Architecture Pattern

CISIS '08 Proceedings of the 2008 International Conference on Complex, Intelligent and Software Intensive Systems
Security Patterns for Capturing Encryption-Based Access Control to Sensor Data

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Multiple design patterns for voice over IP security

Proceedings of the International Conference on Advances in Computing, Communication and Control
On building secure SCADA systems using security patterns

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Development of Applications Based on Security Patterns

DEPEND '09 Proceedings of the 2009 Second International Conference on Dependability
A Security Pattern for Untraceable Secret Handshakes

SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Improving the Classification of Security Patterns

DEXA '09 Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application
The Secure Pipes and Filters Pattern

DEXA '09 Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application
A Pattern for Secure Graphical User Interface Systems

DEXA '09 Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application
Abstract security patterns

Proceedings of the 15th Conference on Pattern Languages of Programs
The secure blackboard pattern

Proceedings of the 15th Conference on Pattern Languages of Programs
Web security patterns for analysis and design

Proceedings of the 15th Conference on Pattern Languages of Programs
Classifying security patterns

APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development

Building high assurance secure applications using security patterns for capability-based platforms

Proceedings of the 2013 International Conference on Software Engineering
Enterprise security pattern: A model-driven architecture instance

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information Security has become one of the fundamental mainstays in organizations owing to the ever-increasing cyber attacks against them in recent years. Both the designers of security mechanisms and the security engineers therefore need reliable security solutions to minimize the impact of the attacks on an organization's systems. Good mechanisms for solving these deficiencies are security patterns, which present a reliable and tested scheme to deal with recurring security problems. In this paper, we perform an analysis of some of the most important works that describe security patterns. Our main objective is to verify their applicability for the analysis and design of secure architectures in real and complex environments. Finally, and after presenting the detected shortcomings of the existing security patterns, we show which features should be incorporated into the patterns to be applicable in the field of information security engineering related to the development of secure architectures.