A Natural Classification Scheme for Software Security Patterns

Author

Alvi, Aleem Khalid ; Zulkernine, Mohammad

Author_Institution

Sch. of Comput., Queen´´s Univ., Kingston, ON, Canada

fYear

2011

fDate

12-14 Dec. 2011

Firstpage

113

Lastpage

120

Abstract

Software security patterns are a proven solution for recurring security problems. Security pattern catalogs are increasing rapidly. This creates difficulty in selecting appropriate software security patterns for a particular recurring security problem. There are several classification schemes to organize software security patterns. Every classification scheme has unique selection criteria for choosing a security pattern. However, no classification scheme considers security flaws, which is the root cause of software security vulnerabilities. In this paper, we provide a natural classification scheme for software security patterns. Our classification scheme is associated with software lifecycle phases. Security flaws are incorporated in the classification of software security patterns with security objectives in the requirement phase, security properties in the design phase, and attack patterns in the implementation phase. Furthermore, we enhance the existing security pattern template with classification parameters.

Keywords

object-oriented methods; pattern classification; security of data; attack patterns; natural classification scheme; security flaws; security objectives; security pattern catalogs; software lifecycle phases; software security patterns; unique selection criteria; Authentication; Availability; Documentation; Software; Taxonomy; Unified modeling language; design patterns; pattern classification; secure system development; software security patterns;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on

Conference_Location

Sydney, NSW

Print_ISBN

978-1-4673-0006-3

Type

conf

DOI

10.1109/DASC.2011.42

Filename

6118361