A natural classification scheme for software security patterns

The pattern classification is semi-automatically inferred by means of a data-store integrating disparate publicly available security data.

This classification exposes relationships among software attacks, weaknesses, security principles and security patterns. It expresses the pattern combinations that can counter a given attack. Besides the pattern classification, we show that the data-store can be used to generate Attack Defense Trees. In our context, these illustrate, for a given attack, its sub-attacks and the related defenses given under the form of security pattern combinations.

Such trees make the pattern classification more readable even for beginners in security patterns. Finally, we evaluate on 25 human subjects the benefits of using Attack Defense Trees and a classification established for Web applications, which covers attacks, software weaknesses, 66 security principles and 26 security patterns.

Skip to main content. This service is more advanced with JavaScript available. Advertisement Hide. Conference paper First Online: 09 June This is a preview of subscription content, log in to check access. Rodriguez, E. Schumacher, M. Engineering , 1— Google Scholar. Slavin, R. Alvi, A. Yskout, K. Bunke, M. DOI: Salva Published in ICISSP 19 February Computer Science Security at the design stage of the software life cycle can be performed by means of security patterns, which are viable and reusable solutions to regular security problems.

These steps provide the justifications of the classification and can be followed again to upgrade it. From the classification, we also generate… Expand. View PDF. Save to Library Save. Create Alert Alert. Share This Paper. Background Citations. Methods Citations. Results Citations. Figures and Topics from this paper. Citation Type. Has PDF. Publication Type. You can change the active elements on the page buttons and links by pressing a combination of keys:.

I accept. Polski English Login or register account. Alvi, Aleem Khalid , Zulkernine, Mohammad. Abstract Software security patterns are a proven solution for recurring security problems. Security pattern catalogs are increasing rapidly. This creates difficulty in selecting appropriate software security patterns for a particular recurring security problem.

There are several classification schemes to organize software security patterns. Every classification scheme has unique selection criteria for choosing a security pattern.

However, no classification scheme considers security flaws, which is the root cause of software security vulnerabilities. In this paper, we provide a natural classification scheme for software security patterns. Our classification scheme is associated with software lifecycle phases. Security flaws are incorporated in the classification of software security patterns with security objectives in the requirement phase, security properties in the design phase, and attack patterns in the implementation phase.

Furthermore, we enhance the existing security pattern template with classification parameters.