Growing a pattern language (for security)

@inproceedings{Hafiz2012GrowingAP,
  title={Growing a pattern language (for security)},
  author={Munawar Hafiz and Paul Adamczyk and Ralph E. Johnson},
  booktitle={Onward! 2012},
  year={2012}
}
Researchers and practitioners have been successfully documenting software patterns for over two decades. But the next step--building pattern languages--has proven much more difficult. This paper describes an approach for building a large pattern language for security: an approach that can be used to create pattern languages for other software domains. We describe the mechanism of growing this pattern language: how we cataloged the security patterns from books, papers and pattern collections… 

An analytical study of security patterns

TLDR
This paper proposes that the classification of security patterns based on a common set of criteria and the use of analytical methods and tools will give additional insight into the relations, hierarchy and grouping of patterns, whereby their applicability can be improved.

A Strategy for Structuring and Formalising Attack Patterns

TLDR
A framework for modelling security that divides computer incidents into their stages of access, use and effect is created and a three-layer architectural model to examine incidents with the social, logical and physical levels is developed.

Formalization of web security patterns

TLDR
In this study, an attempt has been made to compose security patterns for the web-based application and a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.

Quality-centric security pattern mutations

TLDR
Assessment of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality.

Managing security requirements patterns using feature diagram hierarchies

TLDR
This work proposes a new method that combines an inquiry-cycle based approach with the feature diagram notation to review only relevant patterns and quickly select the most appropriate patterns for the situation.

A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation

TLDR
A meta model for describing context patterns is proposed, which contains elements, which can be used to structure and describe domain knowledge in a generic form and contribute as a basis for a pattern language for context elicitation.

Deriving a pattern language syntax for context-patterns

TLDR
The consequent next step for the definition of a pattern language syntax for context-patterns is shown and how to derive the connections between the existing context- pattern in a structured way is described and presented.

Initiating a Pattern Language for Context-Patterns

TLDR
This chapter aims at broadening the context- pattern approach by initiating a pattern language for context-patterns, which will be continuously improved, to gain an understanding of common elements in context-Patterns and support engineers in applying this knowledge for describing their own context- patterns.

A meta-model for context-patterns

TLDR
A meta model is proposed for describing context-patterns, which can be used to structure and describe domain knowledge in a generic form and contribute as a basis for a pattern language for context elicitation.
...

References

SHOWING 1-10 OF 52 REFERENCES

Documenting frameworks using patterns

TLDR
This paper shows one way to document frameworks with patterns, and includes a set of patterns for HotDraw as an example to see how well patterns work to describe a framework.

Security Engineering with Patterns

  • M. Schumacher
  • Computer Science
    Lecture Notes in Computer Science
  • 2003
TLDR
It is shown that recent security approaches are not sufficient and described how Security Patterns contribute to the overall process of security engineering, and a Security Pattern System provides linkage between Security Patterns.

Patterns for Fault Tolerant Software

TLDR
This new title in Wileys prestigious Series in Software Design Patterns presents proven techniques to achieve patterns for fault tolerant software, a key reference for experts seeking to select a technique appropriate for a given system.

Security Patterns - Integrating Security and Systems Engineering

TLDR
This book discusses the development of security patterns in the enterprise, the history of Security Patterns, and some of the strategies used to develop and apply these patterns.

Building secure software: how to avoid security problems the right way

TLDR
This book defines a wide range of techniques which may be used for use case modeling, and gives the bnsinc~-oriented software analyst a variety of advanced approaches which also comply with the UML specification.

New clients with old servers: a pattern language for client/server frameworks

TLDR
While developing object-oriented frameworks for Smalltalk workstations communicating with legacy host business systems, it is found that several patterns recur in mutually supportive arrangements, and this approach shows how higher-level patterns build directly on lower-level ones.

Architectural Patterns for Enabling Application Security

TLDR
This paper contains a collection of patterns to be used when dealing with application security that work together to provide a security framework for building applications.

Pattern Languages of Program Design 3

TLDR
This book covers a wide range of topics, with patterns in the areas of object-oriented infrastructure, programming strategies, temporal patterns, security, domain-oriented patterns, human-computer interaction, reviewing, and software management.

Patterns of Enterprise Application Architecture

TLDR
This book discusses the evolution of Layers in Enterprise Applications, Concurrency Problems, and Object-Relational Behavioral Patterns, as well as some Technology-Specific Advice.
...