TY - JOUR
T1 - Abstract security patterns and the design of secure systems
AU - Fernandez, Eduardo B.
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
AU - Yoder, Joseph
N1 - Funding Information:
We thank the National Institute of Informatics (NII) of Japan for supporting the visits of E. B. Fernandez and J. Yoder to Tokyo. The CIbSE 2014 and the Cybersecurity referees provided useful comments that helped improve this paper.
Publisher Copyright:
© 2022, The Author(s).
PY - 2022/12
Y1 - 2022/12
N2 - During the initial stages of software development, the primary goal is to define precise and detailed requirements without concern for software realizations. Security constraints should be introduced then and must be based on the semantic aspects of applications, not on their software architectures, as it is the case in most secure development methodologies. In these stages, we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals, without consideration of implementation details. We can consider the effects of threats on the application assets and try to find ways to stop them. These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns (ASPs), that include only the core functions of these mechanisms, which must be present in every implementation of them. An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy. We describe here the properties of ASPs and present a detailed example. We relate ASPs to each other and to Security Solution Frames, which describe families of related patterns. We show how to include ASPs to secure an application, as well as how to derive concrete patterns from them. Finally, we discuss their practical value, including their use in “security by design” and IoT systems design.
AB - During the initial stages of software development, the primary goal is to define precise and detailed requirements without concern for software realizations. Security constraints should be introduced then and must be based on the semantic aspects of applications, not on their software architectures, as it is the case in most secure development methodologies. In these stages, we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals, without consideration of implementation details. We can consider the effects of threats on the application assets and try to find ways to stop them. These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns (ASPs), that include only the core functions of these mechanisms, which must be present in every implementation of them. An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy. We describe here the properties of ASPs and present a detailed example. We relate ASPs to each other and to Security Solution Frames, which describe families of related patterns. We show how to include ASPs to secure an application, as well as how to derive concrete patterns from them. Finally, we discuss their practical value, including their use in “security by design” and IoT systems design.
KW - IoT systems design
KW - Secure software architecture
KW - Secure software development
KW - Security patterns
KW - Security requirements
UR - http://www.scopus.com/inward/record.url?scp=85127441676&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127441676&partnerID=8YFLogxK
U2 - 10.1186/s42400-022-00109-w
DO - 10.1186/s42400-022-00109-w
M3 - Article
AN - SCOPUS:85127441676
SN - 2096-4862
VL - 5
JO - Cybersecurity
JF - Cybersecurity
IS - 1
M1 - 7
ER -