Security Pattern

Patterns have been proven successful in many areas of software development, and they appear to be particularly valuable for secure systems development. Security pattern was first proposed by Yoder and Barcalow in [184]. For better understanding of security pattern, its definition derived from [151] is given as follows:

A security pattern describes a particular recurring security problem that arises in

specific contexts, and presents a well-proven generic solution for it. The solution consists of a set of interacting roles that can be arranged into multiple concrete design structures, as well as a process to create one particular such structure.

The advantages of a pattern approach to security are shown below [151]:

• Patterns codify basic security knowledge in a structured and understandable way • The pattern representation is familiar to software developers and system engineers,

a key portion of their audience

• Because patterns are already used to capture organisation and system engineering knowledge, using patterns to capture security knowledge helps to improve the integration of security into systems and enterprises

Research on security patterns has become an active theme in security domain. A number of security patterns have been proposed for being applied in different contexts and solving different security problems. Other works, such as security pattern classification, organisation, integration, security pattern repository, as well as developing security patterns play key role in security pattern application. In this section, major contributions

to the fields are reviewed.

Analogy to the examination of software design patterns [54], Romanosky [145] addresses security concerns at high level abstraction and proposes security design patterns. The proposed patterns can be used to penetrate multiple layered security concerns and handle the problem of communication with untrusted third-party systems. Steel et al. publish a book [158] focusing on security patterns for Java web applications. These are design level patterns used for protecting Java platform application with detailed diagrams and sample codes.

Schumacher et al. propose a number of security patterns in their book [151]. The patterns in their book include high level patterns describing the process to secure software development and design level patterns specifying how the detailed security artefacts can be created.

Open Group propose a guide to security patterns in their report [16]. The patterns presented in their report are general purpose patterns range from architectural level patterns to design level patterns and are applicable to software systems implemented using many different languages.

Kienzle et al. present a security patterns repository in the report [90]. The patterns involved in their report can be classified two categories: procedural patterns and design patterns. Procedural patterns emphasise the process to design, implement and configure secure software while design patterns are applicable to how to design and build secure applications.

Besides the above books and reports, many other works on security patterns have been proposed in different contexts. Several papers describe security patterns intended for special purposes, such as security anti-patterns in [92], security patterns for web applications are proposed in [90, 177], security patterns for agent systems [128], security patterns for cryptographic software [17, 101], security patterns for mobile Java Code [107, 158], security patterns for operating systems [48], packet filter and proxy-based patterns for firewall [47, 150], and finally metadata, authentication and authorisation patterns [46, 100].

The increasing number of patterns and similar security patterns appear in the literature with different names make it necessary to develop classifications to security patterns. A classification organises patterns into groups of patterns that share one or many properties such as the application domain or a particular purpose. Many security pattern classification approaches have been proposed since Gamma et al. introduced the first classification of security patterns (GoF patterns) [53].

Heyman et al. [77] classify 220 security patterns into three categories, guidelines, process and core patterns. Design guidelines described by Viega and McGraw in [168] are used to compare 8 security patterns by Cheng et al. in [26]. They extend their classification based on access types of security patterns and thereby classify in the term of application level: network-level, host-level and application-level. Kienzle et al. [89, 90] classify security patterns into two broad categories, structural and procedural. Another broad classification of security patterns is made by Blakley et al. [16] in which two broad category of security patterns is made: available patterns and protected patterns. Halkidis et al. [69] examine the evolution feature of security patterns by comparing the patterns derived from [16]. Laverdiere et al. [99] propose a six sigma method to classify the 12 common security patterns from [26] and [69]. Hafiz et al [65, 66] propose a multi-dimension classification scheme taking consideration of security CIA features, application context, security wheel, McCumber cube, STRIDE threat modelling, and hierarchical classification. The relationships used in their work are similar to the dependencies among security problem patterns suggested by Hatebur et al. [75].

In this section, related work on security patterns has been reviewed which shows lots of security patterns have been proposed with several methods to classify and organise them. Although research on security patterns have become an active topic in the security engineering domain, none of them can directly fulfil the purpose of this research for selecting appropriate security patterns to satisfy the elicited security requirement. Therefore, a security ontology is proposed in this research to smooth the process by properly organising security patterns with a proposed multiple criteria classification method.