Skip to Main content Skip to Navigation
Journal articles

A catalogue associating security patterns and attack steps to design secure applications

Abstract : Design Patterns are now widely accepted and used in software engineering ; they represent generic and reusable solutions to common problems in software design. Security patterns are specialised patterns whose purpose is to help design applications that should meet security requirements. The enthusiasm surrounding security patterns has made emerge several catalogues listing up to 180 different patterns at the moment. This growing number brings an increased difficulty in choosing the most appropriate patterns for a given design problem. We propose a security pattern classification to facilitate the security pattern choice and a classification method based on data integration. The classification exposes relationships among software attacks, security principles and security patterns. It expresses the pattern combinations that are countermeasures to a given attack. This classification is semi-automatically inferred by means of a data-store integrating disparate publicly available security data. The data-store is also used to generate Attack Defense Trees. In our context, these illustrate, for a given attack, its sub-attacks, steps, techniques and the related defenses given under the form of security pattern combinations. Such trees make the pattern classification more readable even for beginners in security patterns. Finally, we evaluate on human subjects the benefits of using a pattern classification established for Web applications, which covers 215 attacks, 66 security principles and 26 security patterns.
Complete list of metadatas

Cited literature [38 references]  Display  Hide  Download

https://hal.uca.fr/hal-01984694
Contributor : Sébastien Salva <>
Submitted on : Thursday, February 14, 2019 - 1:12:45 PM
Last modification on : Wednesday, March 4, 2020 - 12:28:03 PM
Document(s) archivé(s) le : Wednesday, May 15, 2019 - 6:32:08 PM

File

paper.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Sébastien Salva, Loukmen Regainia. A catalogue associating security patterns and attack steps to design secure applications. Journal of Computer Security, IOS Press, 2019, 27 (1), pp.49-74. ⟨10.3233/JCS-171063⟩. ⟨hal-01984694⟩

Share

Metrics

Record views

168

Files downloads

285