Title :
A Natural Classification Scheme for Software Security Patterns
Author :
Alvi, Aleem Khalid ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´´s Univ., Kingston, ON, Canada
Abstract :
Software security patterns are a proven solution for recurring security problems. Security pattern catalogs are increasing rapidly. This creates difficulty in selecting appropriate software security patterns for a particular recurring security problem. There are several classification schemes to organize software security patterns. Every classification scheme has unique selection criteria for choosing a security pattern. However, no classification scheme considers security flaws, which is the root cause of software security vulnerabilities. In this paper, we provide a natural classification scheme for software security patterns. Our classification scheme is associated with software lifecycle phases. Security flaws are incorporated in the classification of software security patterns with security objectives in the requirement phase, security properties in the design phase, and attack patterns in the implementation phase. Furthermore, we enhance the existing security pattern template with classification parameters.
Keywords :
object-oriented methods; pattern classification; security of data; attack patterns; natural classification scheme; security flaws; security objectives; security pattern catalogs; software lifecycle phases; software security patterns; unique selection criteria; Authentication; Availability; Documentation; Software; Taxonomy; Unified modeling language; design patterns; pattern classification; secure system development; software security patterns;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4673-0006-3
DOI :
10.1109/DASC.2011.42
