Using Security Patterns to Develop Secure Systems—Ten Years Later

1. Introduction

We initiated an international collaboration between our security groups about 12 years ago, centered on methodologies to build secure systems using patterns. We summarized our work at that time in (Fernandez et al., 2010). We describe here where we are now and where we are going. This article should be considered a survey of our work and not an attempt to present new work or to introduce in detail the models presented here, for that we refer the reader to our previous publications. We also provide a section comparing our work to others but again in each paper we relate our work to others in more detail. In particular, we have worked or we are working on:

• 1.

  Secure software development methodology: We have worked on a general methodology to build secure systems and have produced until now some specific aspects of it, which are described below. Of course, these aspects have value independently of this methodology and can be applied to other methodologies or used on their own;

• 2.

  Modeling and Classification of security patterns: We have tried to provide a precise characterization of security patterns that can be used as a basis for classification. A good classification makes the application of the patterns much easier along the software lifecycle. It also helps understand the nature and value of the patterns. Another objective is to identify which patterns are missing;

• 3.

  Misuse patterns: A misuse pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. They can be used in the lifecycle to prevent the occurrence of known types of attacks and to evaluate a completed system;

• 4.

  Characterization and selection of access control models: Access control is a fundamental aspect of security. There are many variations of the basic access control models and it is confusing for a software developer to select an appropriate model for her application. We have defined a way to clarify their relationships and a way to guide designers in selecting an appropriate model;

• 5.

  Databases in secure applications: Most applications need to include databases to store the persistent information, which constitutes most of the information assets of the institution. We have studied the effect of databases on the security of a system under development.

We have not continued working on topics 2,4, and 5. Instead, we have started work on using our models to describe cloud and IoT systems. The work on misuse patterns has been included in the study of clouds and IoT. The following sections describe these aspects in detail.