A Secure Systems Development Methodology

By three methods we may learn wisdom: first, by reflection, which is noblest; second, by imitation, which is easiest; and third by experience, which is the bitterest.


3.1 Adding Information to Patterns

A big problem for designers is to know where to apply the patterns. For an expert on security this aspect should not be a problem, but for a designer with little experience of security it can be a daunting task. Guiding the designer in the selection of patterns along the development lifecycle is very important in getting patterns accepted and used by developers.

As a possible approach to simplifying the use of patterns by designers, we can define extended patterns that include more information about their use:

Secure semantic analysis patterns (SSAPs). In this approach a SAP is made secure by adding security patterns after analyzing its use cases and its possible threats. A SAP is a pattern combining a set of basic use cases [Fer00]. For example, we produced a set of secure functions for law firms [Fer07c]. The work described in [Rod07] is also related to this topic.
Enterprise security patterns (ESPs) [Mor12]. An enterprise security pattern combines a wide range of items describing generic enterprise security architectures ...

Get Security Patterns in Practice: Designing Secure Architectures Using Software Patterns now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.