DocumentCode
2859396
Title
A Natural Classification Scheme for Software Security Patterns
Author
Alvi, Aleem Khalid ; Zulkernine, Mohammad
Author_Institution
Sch. of Comput., Queen´´s Univ., Kingston, ON, Canada
fYear
2011
fDate
12-14 Dec. 2011
Firstpage
113
Lastpage
120
Abstract
Software security patterns are a proven solution for recurring security problems. Security pattern catalogs are increasing rapidly. This creates difficulty in selecting appropriate software security patterns for a particular recurring security problem. There are several classification schemes to organize software security patterns. Every classification scheme has unique selection criteria for choosing a security pattern. However, no classification scheme considers security flaws, which is the root cause of software security vulnerabilities. In this paper, we provide a natural classification scheme for software security patterns. Our classification scheme is associated with software lifecycle phases. Security flaws are incorporated in the classification of software security patterns with security objectives in the requirement phase, security properties in the design phase, and attack patterns in the implementation phase. Furthermore, we enhance the existing security pattern template with classification parameters.
Keywords
object-oriented methods; pattern classification; security of data; attack patterns; natural classification scheme; security flaws; security objectives; security pattern catalogs; software lifecycle phases; software security patterns; unique selection criteria; Authentication; Availability; Documentation; Software; Taxonomy; Unified modeling language; design patterns; pattern classification; secure system development; software security patterns;
fLanguage
English
Publisher
ieee
Conference_Titel
Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on
Conference_Location
Sydney, NSW
Print_ISBN
978-1-4673-0006-3
Type
conf
DOI
10.1109/DASC.2011.42
Filename
6118361
Link To Document