Growing a pattern language (for security)

  title={Growing a pattern language (for security)},
  author={Munawar Hafiz and Paul Adamczyk and Ralph E. Johnson},
  booktitle={SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software},
Researchers and practitioners have been successfully documenting software patterns for over two decades. But the next step--building pattern languages--has proven much more difficult. This paper describes an approach for building a large pattern language for security: an approach that can be used to create pattern languages for other software domains. We describe the mechanism of growing this pattern language: how we cataloged the security patterns from books, papers and pattern collections… 

A model‐based framework for automatic generation of a pattern language verifier

A framework that automatically generates a pattern language verifier (PLV) for any given PL assuming its constituent patterns are represented in the Unified Modeling Language (UML), and statistics regarding the generated PLVs illustrate the scalability of PLVGen.

An analytical study of security patterns

This paper proposes that the classification of security patterns based on a common set of criteria and the use of analytical methods and tools will give additional insight into the relations, hierarchy and grouping of patterns, whereby their applicability can be improved.

A Strategy for Structuring and Formalising Attack Patterns

A framework for modelling security that divides computer incidents into their stages of access, use and effect is created and a three-layer architectural model to examine incidents with the social, logical and physical levels is developed.

Formalization of web security patterns

In this study, an attempt has been made to compose security patterns for the web-based application and a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.

Quality-centric security pattern mutations

Assessment of quality-centric security pattern mutations which are created by mutating current patterns using design refactoring rules demonstrate that the newly created mutations offer varying levels of quality while preserving the original pattern functionality.

Managing security requirements patterns using feature diagram hierarchies

This work proposes a new method that combines an inquiry-cycle based approach with the feature diagram notation to review only relevant patterns and quickly select the most appropriate patterns for the situation.

A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation

A meta model for describing context patterns is proposed, which contains elements, which can be used to structure and describe domain knowledge in a generic form and contribute as a basis for a pattern language for context elicitation.

Deriving a pattern language syntax for context-patterns

The consequent next step for the definition of a pattern language syntax for context-patterns is shown and how to derive the connections between the existing context- pattern in a structured way is described and presented.

Initiating a Pattern Language for Context-Patterns

This chapter aims at broadening the context- pattern approach by initiating a pattern language for context-patterns, which will be continuously improved, to gain an understanding of common elements in context-Patterns and support engineers in applying this knowledge for describing their own context- patterns.



Documenting frameworks using patterns

This paper shows one way to document frameworks with patterns, and includes a set of patterns for HotDraw as an example to see how well patterns work to describe a framework.

Security Engineering with Patterns

  • M. Schumacher
  • Computer Science
    Lecture Notes in Computer Science
  • 2003
It is shown that recent security approaches are not sufficient and described how Security Patterns contribute to the overall process of security engineering, and a Security Pattern System provides linkage between Security Patterns.

Patterns for Fault Tolerant Software

This new title in Wileys prestigious Series in Software Design Patterns presents proven techniques to achieve patterns for fault tolerant software, a key reference for experts seeking to select a technique appropriate for a given system.

Security Patterns - Integrating Security and Systems Engineering

This book discusses the development of security patterns in the enterprise, the history of Security Patterns, and some of the strategies used to develop and apply these patterns.

Building secure software: how to avoid security problems the right way

This book defines a wide range of techniques which may be used for use case modeling, and gives the bnsinc~-oriented software analyst a variety of advanced approaches which also comply with the UML specification.

New clients with old servers: a pattern language for client/server frameworks

While developing object-oriented frameworks for Smalltalk workstations communicating with legacy host business systems, it is found that several patterns recur in mutually supportive arrangements, and this approach shows how higher-level patterns build directly on lower-level ones.

Architectural Patterns for Enabling Application Security

This paper contains a collection of patterns to be used when dealing with application security that work together to provide a security framework for building applications.

Patterns of Enterprise Application Architecture

This book discusses the evolution of Layers in Enterprise Applications, Concurrency Problems, and Object-Relational Behavioral Patterns, as well as some Technology-Specific Advice.

More Patterns for Operating System Access Control

The patterns control access to resources represented as objects and include patterns for authentication, process creation, object creation, and object access in operating systems are presented.