Title: Architecting software with security patterns
Authors: Scandariato, Riccardo
Yskout, Koen
Heyman, Thomas
Joosen, Wouter
Issue Date: Apr-2008
Publisher: Department of Computer Science, K.U.Leuven
Series Title: CW Reports vol:CW515
Abstract: Security patterns, as domain-independent expert knowledge packaged in a reusable format, are able to offer significant guidance to the software engineer in developing secure systems. However, the overabundance of published security patterns complicates the process of finding the right pattern to solve the problem at hand. This is due to three reasons. First, not all security patterns are relevant to the software engineer. Second, the domain independence of patterns sometimes complicates finding a solution to a domain specific problem. Third, patterns exist on different levels of abstraction. Not all patterns can be applied to every step in the development process of a system. This report proposes a method to facilitate the selection of a suitable set of security patterns to realize a specific set of security requirements. It is comprised of two parts. First, additional structure is superimposed on this collection. Second, a methodology is proposed that, given this structured inventory of patterns, guides the software engineer from the security requirements to an appropriate solution using patterns, taking into account various trade-offs and relations between patterns.
Publication status: published
KU Leuven publication type: IR
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
CW515.pdfDocument Published 393KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.