|
Published Articles >> Table of Contents >> Abstract
July/August 2007 (Vol. 24, No. 4)
pp. 52-60
Organizing Security Patterns
Munawar Hafiz, University of Illinois
Paul Adamczyk, University of Illinois
Ralph E. Johnson, University of Illinois
Full Article Text:
   
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MS.2007.114
Send link to a friend
| Abstract |
|
Every empire, after a period of rapid expansion, needs some time for consolidation or it risks disintegration. The expansion of software patterns has produced a large body of work that now needs organization. This article documents early efforts to consolidate and organize a subset of software patterns in the security domain. Lessons learned through this process can help people trying to organize patterns for other domains. This article is part of the special issue on software patterns.
|
 References
|
[1] M.W. Eichin and J.A. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988," IEEE Symp. Research in Security and Privacy, IEEE Press, 1989, pp. 326–343.
[2] Information Technology Security Evaluation Criteria, ver. 1.2, Commission of European Communities, 1991; www.iwar.org.uk/comsec/resources/standards itsec.htm.
[3] J.A. Zachman, "A Framework for Information Systems Architecture," IBM Systems J., vol. 26, no. 3, 1987, pp. 276–292.
[4] D. Trowbridge et al., "Describing the Enterprise Architectural Space," MSDN, 2004; http://msdn2.microsoft.com/en-us/library ms978655.aspx.
[5] IEEE Std. 1471-2000. IEEE Recommended Practice for Architectural Description of Software Intensive Systems, IEEE, 2000.
[6] F. Swiderski and W. Snyder, Threat Modeling, Microsoft Press, 2004.
[7] C. Alexander, S. Ishakawa, and M. Silverstein, A Pattern Language, Oxford Univ. Press, 1977.
[1] J. Yoder and J. Barcalow, "Architectural Patterns for Enabling Application Security," Proc. 4th Conf. Pattern Languages of Programs (PLoP 97), 1997, http://jerry.cs.uiuc.edu/plop/plopd4-submissions P60.doc.
[2] S. Romanosky, Security Design Patterns Part 1, 2001; www.cgisecurity.com/libsecurityDesignPatterns.html .
[3] M. Hafiz, "A Collection of Privacy Design Patterns," Proc. 13th Conf. Pattern Languages of Programs (PLoP 06), 2006, http://hillside.net/plop/2006/Papers/Library PLoP2006_mhafiz0_0.pdf.
[4] M. Hafiz, "Security Architecture of Mail Transfer Agents," master's thesis, Univ. of Illinois at Urbana-Champaign, 2005.
[5] B. Blakley and C. Heath, Security Design Patterns Technical Guide—Version 1, Open Group, 2004; www.opengroup.org/securitygsp.htm.
[6] D.M. Kienzle et al., "Security Patterns Repository, Version 1.0," 2002,www.modsecurity.org/archive/securitypatterns dmdj_repository.pdf.
[7] C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management, Prentice Hall, 2005.
[8] M. Schumacher et al., Security Patterns: Integrating Security and Systems Engineering, John Wiley & Sons, 2005.
[9] J. Hogg et al., Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0, Microsoft Press, 2006.
|
 Additional Information
|
Index Terms- patterns, security, protection
Citation:
Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson,
"Organizing Security Patterns,"
IEEE Software,
vol. 24,
no. 4,
pp. 52-60,
Jul/Aug,
2007
|
|
RSS Feed