Skip header Section
Skip Bibliometrics Section
Security Patterns in Practice: Designing Secure Architectures Using Software PatternsMay 2013
- Author:
- Eduardo Fernandez-Buglioni
Skip Abstract Section
Abstract
Learn to combine security theory and code to produce secure systemsSecurity is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides an extensive, up-to-date catalog of security patternsShares real-world case studies so you can see when and how to use security patterns in practiceDetails how to incorporate security from the conceptual stage Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and moreAuthor is well known and highly respected in the field of security and an expert on security patternsSecurity Patterns in Practice shows you how to confidently develop a secure system step by step.
Cited By
Buitrago M, Borne I and Buisson J Deriving metrics for software architectures from the "protected entry points" security patterns Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, (1473-1475)- Fernandez E and Brazhuk A The Abstract Secure Communication Path (ASCP) Pattern and a Derived VPN Pattern Proceedings of the 29th Conference on Pattern Languages of Programs, (1-5)
- Brazhuk A and Fernandez E An Abstract Security Pattern for Zero Trust Access Control Proceedings of the 29th Conference on Pattern Languages of Programs, (1-5)
- Cordeiro A, Vasconcelos A and Correia M A Catalog of Security Patterns Proceedings of the 29th Conference on Pattern Languages of Programs, (1-14)
- Zhang X and Jaskolka J Security Patterns for Machine Learning: The Data-Oriented Stages Proceedings of the 27th European Conference on Pattern Languages of Programs, (1-12)
- van den Berghe A, Yskout K and Joosen W A reimagined catalogue of software security patterns Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical Systems, (25-32)
- Shin M, Kang T and Gomaa H Design of Secure Connectors for Complex Message Communications in Software Architecture Proceedings of the 2021 European Symposium on Software Engineering, (21-28)
- Basic F, Steger C and Kofler R Embedded Platform Patterns for Distributed and Secure Logging Proceedings of the 26th European Conference on Pattern Languages of Programs, (1-9)
- B. Fernandez E, Astudillo H and Orellana C A pattern for a Secure IoT Thing Proceedings of the 26th European Conference on Pattern Languages of Programs, (1-6)
- Al-Momani A, Wuyts K, Sion L, Kargl F, Joosen W, Erb B and Bösch C Land of the lost: privacy patterns' forgotten properties Proceedings of the 36th Annual ACM Symposium on Applied Computing, (1217-1225)
- Orellana C, Fernandez E and Astudillo H A pattern for a secure sensor node Proceedings of the 27th Conference on Pattern Languages of Programs, (1-10)
- Fernandez E A pattern for a secure cloud-based IoT architecture Proceedings of the 27th Conference on Pattern Languages of Programs, (1-9)
- Kaneko T and Yoshioka N A five-layer model for the analysis of complex socio-technical systems Proceedings of the 27th Conference on Pattern Languages of Programs, (1-7)
- Brazhuk A and Olizarovich E Format and Usage Model of Security Patterns in Ontology-Driven Threat Modelling Artificial Intelligence, (382-392)
- Villagrán-Velasco O, Fernández E and Ortega-Arjona J Refining the evaluation of the degree of security of a system built using security patterns Proceedings of the 15th International Conference on Availability, Reliability and Security, (1-7)
- Muñoz A and Fernandez E TPM, a pattern for an architecture for trusted computing Proceedings of the European Conference on Pattern Languages of Programs 2020, (1-8)
- Zhang P, Schmidt D and White J A pattern sequence for designing blockchain-based healthcare information technology systems Proceedings of the 26th Conference on Pattern Languages of Programs, (1-22)
- Alnaim A, Alwakeel A and Fernandez E A misuse pattern for distributed denial-of-service attack in network function virilization Proceedings of the 26th Conference on Pattern Languages of Programs, (1-10)
- Papa R, Fernandez E and Cardei M A pattern for a UAV-aided wireless sensor network Proceedings of the 26th Conference on Pattern Languages of Programs, (1-9)
- Cheng B, Doherty B, Polanco N and Pasco M Security patterns for automotive systems Proceedings of the 22nd International Conference on Model Driven Engineering Languages and Systems, (54-63)
- Alnaim A, Alwakeel A and Fernandez E A Misuse Pattern for Compromising VMs via Virtual Machine Escape in NFV Proceedings of the 14th International Conference on Availability, Reliability and Security, (1-6)
- Calderoni L Preserving context security in AWS IoT Core Proceedings of the 14th International Conference on Availability, Reliability and Security, (1-5)
- Moreno J, Fernandez E, Fernandez-Medina E and Serrano M BlockBD Proceedings of the 24th European Conference on Pattern Languages of Programs, (1-8)
- Wirtz R and Heisel M Managing security risks Proceedings of the 24th European Conference on Pattern Languages of Programs, (1-13)
- Márquez G, Astudillo H and Taramasco C Exploring security issues in telehealth systems Proceedings of the 1st International Workshop on Software Engineering for Healthcare, (65-72)
- Ahmadian A, Strüber D and Jürjens J Privacy-enhanced system design modeling based on privacy features Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, (1492-1499)
- Moreno J, Fernandez E, Fernandez-Medina E and Serrano M Neuralyzer Proceedings of the 25th Conference on Pattern Languages of Programs, (1-9)
- Syed M and Fernandez E The secure container manager pattern Proceedings of the 25th Conference on Pattern Languages of Programs, (1-8)
- Yoshioka N, Washizaki H and Fernandez E (2018). Using Security Patterns to Develop Secure Systems, International Journal of Systems and Software Security and Protection, 9:4, (46-57), Online publication date: 1-Oct-2018.
- Li T, Horkoff J and Mylopoulos J (2018). Holistic security requirements analysis for socio-technical systems, Software and Systems Modeling (SoSyM), 17:4, (1253-1285), Online publication date: 1-Oct-2018.
- Syed M and Fernandez E A reference architecture for the container ecosystem Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-6)
- Fernandez E, Yoshioka N and Washizaki H Evaluating the degree of security of a system built using security patterns Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-8)
- Behrens A What are Security Patterns? Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-6)
- Syed M, Fernandez E and Moreno J A misuse Pattern for DDoS in the IoT Proceedings of the 23rd European Conference on Pattern Languages of Programs, (1-5)
- Moreno J, Fernandez E, Fernandez-Medina E and Serrano M A Security Pattern for Key-Value NoSQL Database Authorization Proceedings of the 23rd European Conference on Pattern Languages of Programs, (1-4)
- van den Berghe A, Yskout K and Joosen W Security patterns 2.0 Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, (45-48)
- Sion L, Yskout K, Van Landuyt D and Joosen W Solution-aware data flow diagrams for security threat modeling Proceedings of the 33rd Annual ACM Symposium on Applied Computing, (1425-1432)
- Nafees T, Coull N, Ferguson I and Sampson A Vulnerability anti-patterns Proceedings of the 24th Conference on Pattern Languages of Programs, (1-16)
- Silva P, Monge R and Fernandez E A reference architecture for web browsers Proceedings of the 24th Conference on Pattern Languages of Programs, (1-10)
- Reinfurt L, Breitenbücher U, Falkenthal M, Fremantle P and Leymann F Internet of things security patterns Proceedings of the 24th Conference on Pattern Languages of Programs, (1-28)
- Syed M, Fernandez E and Silva P The secure software container pattern Proceedings of the 24th Conference on Pattern Languages of Programs, (1-7)
- Fernandez E and Hamid B Two safety patterns Proceedings of the 22nd European Conference on Pattern Languages of Programs, (1-9)
- Syed M and Fernandez E The Container Manager Pattern Proceedings of the 22nd European Conference on Pattern Languages of Programs, (1-9)
- Reinfurt L, Breitenbücher U, Falkenthal M, Leymann F and Riegg A Internet of Things Patterns for Device Bootstrapping and Registration Proceedings of the 22nd European Conference on Pattern Languages of Programs, (1-27)
- Sousa T, Ferreira H, Correia F and Aguiar A Engineering Software for the Cloud Proceedings of the 22nd European Conference on Pattern Languages of Programs, (1-14)
- Washizaki H, Yu Y, Kaiya H, Yoshioka N, Hu Z, Xiong Y and Hosseinian-Far A (2017). Goal Modelling for Security Problem Matching and Pattern Enforcement, International Journal of Secure Software Engineering, 8:3, (42-57), Online publication date: 1-Jul-2017.
- van den Berghe A, Yskout K, Joosen W and Scandariato R A model for provably secure software design Proceedings of the 5th International FME Workshop on Formal Methods in Software Engineering, (3-9)
- Sion L, Yskout K, Scandariato R and Joosen W A Modular Meta-model for Security Solutions Companion Proceedings of the 1st International Conference on the Art, Science, and Engineering of Programming, (1-5)
- L'Amrani H, Berroukech B, El Bouzekri El Idrissi Y and Ajhoun R Toward Interoperability Approach between Federated Systems Proceedings of the 2nd international Conference on Big Data, Cloud and Applications, (1-6)
- Trubiani C, Ghabi A and Egyed A (2017). Exploiting traceability uncertainty between software architectural models and extra-functional results, Journal of Systems and Software, 125:C, (15-34), Online publication date: 1-Mar-2017.
- Hamid B and Perez J (2016). Supporting pattern-based dependability engineering via model-driven development, Journal of Systems and Software, 122:C, (239-273), Online publication date: 1-Dec-2016.
- Pedraza-García G, Noël R, Matalonga S, Astudillo H and Fernandez E Mitigating security threats using tactics and patterns Proccedings of the 10th European Conference on Software Architecture Workshops, (1-7)
- Fernandez E and Astudillo H Experimental evaluation of secure software methodologies using patterns Proceedings of the 11th Latin-American Conference on Pattern Languages of Programming, (1-7)
- Anabalón D, Garriga M, Flores A, Cechich A and Zunino A Pattern-based integrability on service oriented applications Proceedings of the 11th Latin-American Conference on Pattern Languages of Programming, (1-18)
- Syed M and Fernandez E A pattern for a virtual machine environment Proceedings of the 23rd Conference on Pattern Languages of Programs, (1-8)
- Jafari A and Rasoolzadegan A Securing gang of four design patterns Proceedings of the 23rd Conference on Pattern Languages of Programs, (1-10)
- Ponde P, Shirwaikar S and Gore S Hierarchical Cluster Analysis On Security Design Patterns Proceedings of the International Conference on Advances in Information Communication Technology & Computing, (1-6)
- Uzunov A (2016). A survey of security solutions for distributed publish/subscribe systems, Computers and Security, 61:C, (94-129), Online publication date: 1-Aug-2016.
- Hof H and Socher G POSTER Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, (227-228)
- Ponde P, Shirwaikar S and Kreiner C An analytical study of security patterns Proceedings of the 21st European Conference on Pattern Languages of Programs, (1-26)
- Silva P, Monge R and Fernandez E A reference architecture for web browsers Proceedings of the 21st European Conference on Pattern Languages of Programs, (1-10)
- Steinegger R, Deckers D, Giessler P and Abeck S Risk-based authenticator for web applications Proceedings of the 21st European Conference on Pattern Languages of Programs, (1-11)
- Sinnhofer A, Oppermann F, Potzmader K, Orthacker C, Steger C and Kreiner C Patterns to establish a secure communication channel Proceedings of the 21st European Conference on Pattern Languages of Programs, (1-21)
- Ponde P and Shirwaikar S (2016). An Exploratory Study of the Security Design Pattern Landscape and their Classification, International Journal of Secure Software Engineering, 7:3, (26-43), Online publication date: 1-Jul-2016.
- Syed M, Fernandez E and Ilyas M A Pattern for Fog Computing Proceedings of the 10th Travelling Conference on Pattern Languages of Programs, (1-10)
- Uzunov A, Fernandez E and Falkner K (2015). Security solution frames and security patterns for authorization in distributed, collaborative systems, Computers and Security, 55:C, (193-234), Online publication date: 1-Nov-2015.
- Sulatycki R and Fernandez E A threat pattern for the "cross-site scripting (XSS)" attack Proceedings of the 22nd Conference on Pattern Languages of Programs, (1-9)
- Syed M and Fernandez E The software container pattern Proceedings of the 22nd Conference on Pattern Languages of Programs, (1-7)
- Ito Y, Washizaki H, Yoshizawa M, Fukazawa Y, Okubo T, Kaiya H, Hazeyama A, Yoshioka N and Fernandez E Systematic mapping of security patterns research Proceedings of the 22nd Conference on Pattern Languages of Programs, (1-10)
- Nguyen P, Yskout K, Heyman T, Klein J, Scandariato R and Traon Y SoSPa Proceedings of the 18th International Conference on Model Driven Engineering Languages and Systems, (246-255)
- Fernandez E and Hamid B A pattern for network functions virtualization Proceedings of the 20th European Conference on Pattern Languages of Programs, (1-9)
- Sulatycki R and Fernandez E Two threat patterns that exploit "security misconfiguration" and "sensitive data exposure" vulnerabilities Proceedings of the 20th European Conference on Pattern Languages of Programs, (1-11)
- Motii A, Hamid B, Lanusse A and Bruel J Guiding the selection of security patterns based on security requirements and pattern classification Proceedings of the 20th European Conference on Pattern Languages of Programs, (1-17)
- van den Berghe A Towards a practical security analysis methodology Proceedings of the 37th International Conference on Software Engineering - Volume 2, (883-886)
- El Hachem J Towards model driven architecture and analysis of system of systems access control Proceedings of the 37th International Conference on Software Engineering - Volume 2, (867-870)
- Yskout K, Scandariato R and Joosen W Do security patterns really help designers? Proceedings of the 37th International Conference on Software Engineering - Volume 1, (292-302)
- Alkazimi A and Fernandez E Cipher suite rollback Proceedings of the 21st Conference on Pattern Languages of Programs, (1-9)
- Fernandez E and Vanhilst M The secure and trustable distributed name system pattern Proceedings of the 21st Conference on Pattern Languages of Programs, (1-7)
- Encina C, Fernandez E and Monge A Threat analysis and misuse patterns of federated inter-cloud systems Proceedings of the 19th European Conference on Pattern Languages of Programs, (1-8)
- Fernández E, Monge A, Carvajal R, Encina O, Hernández J and Silva P Patterns for content-dependent and context-enhanced authorization Proceedings of the 19th European Conference on Pattern Languages of Programs, (1-10)
- Bennaceur A, Bandara A, Jackson M, Liu W, Montrieux L, Tun T, Yu Y and Nuseibeh B Requirements-driven mediation for collaborative security Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, (37-42)
- Encina C O, Fernandez E and Monge A R Towards Secure Inter-Cloud Architectures Proceedings of the 8th Nordic Conference on Pattern Languages of Programs (VikingPLoP), (1-10)
- Fernandez E and Monge R A security reference architecture for cloud systems Proceedings of the WICSA 2014 Companion Volume, (1-5)
- Li Y, Runde R and Stølen K Towards a pattern language for security risk analysis of web applications Proceedings of the 20th Conference on Pattern Languages of Programs, (1-17)
- Fernandez E, Monge R and Hashizume K Two patterns for cloud computing Proceedings of the 20th Conference on Pattern Languages of Programs, (1-11)
- Maña A, Fernandez E, Ruiz J and Rudolph C Towards computer-oriented security patterns Proceedings of the 20th Conference on Pattern Languages of Programs, (1-14)
- Bonilla Villarreal I, Fernandez E, Larrondo-Petrie M and Hashizume K Whitelisting firewall pattern (WLF) Proceedings of the 20th Conference on Pattern Languages of Programs, (1-6)
Recommendations
Identifying and Implementing Security Patterns for a Dependable Security Case -- From Security Patterns to D-Case
CSE '13: Proceedings of the 2013 IEEE 16th International Conference on Computational Science and EngineeringToday's software systems are facing new and complicated challenges in confronting with security issues. There are lots of security tools and methods that are being created and used within institutes and organizations in order to mitigate risk, threats ...
Security patterns 2.0: towards security patterns based on security building blocks
SEAD '18: Proceedings of the 1st International Workshop on Security Awareness from Design to DeploymentSecurity patterns are intended to package reusable security solutions and have received considerable research attention in the two decades since their introduction. Practitioners seem less intent to use these security patterns while designing software, ...