Security patterns encapsulate security-related problems and solutions that recur in certain contexts for secure software system development and operations. Almost 500 security patterns have been proposed since the late 1990s. Technical investigations on their applications have advanced implementation, but the direction, overall picture, and significant technical challenges remain unclear. In this study, we propose a taxonomy for security pattern research by conducting a systematic literature review. Over 200 papers are categorized based on the taxonomy. The taxonomy is expected to guide practitioners to choose existing security pattern methods and tools. In addition, the taxonomy and the survey results should support communications among practitioners and researchers, and improve the quality of security pattern research and the effectiveness of security patterns.