Jump to content

Security pattern

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by MrOllie (talk | contribs) at 23:15, 12 September 2010 (WP:EL). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Design pattern (computer science) can be applied to achieve goals in the area of security. Every classical design pattern has different instantiations to fulfill some of the Information security goals as confidentiality, integrity or availability. Additionally one can add new design pattern specifically to achieve some security goals.

Existing Security Pattern

The pattern community provides a collection of many security patterns that were discussed in workshops at Pattern Languages of Programs (PLoP) conferences. They have been unified and published in a joint project[1]. Heyman and Yskout have also collected[2] and analyzed [3] a massive amount of security patterns.

The Open Group provides a set of documented security pattern.

Available System Patterns

Theses are patterns that are concerned with the availability of the assets. The assets are either services or resources offered to users.

Check pointed System pattern describes a design to use Replication (computer science) and recover when a component fails.

Standby pattern has the goal to provide a fall back component able to resume the service of the failing component.

Comparator-checked fault tolerant system pattern provides a way to monitor the failure free behavior of a component.

Replicated system pattern describes a design of redundant components and a mean of load balancing and redirection in between to decrease the chance of non availability of the service.

Error detection/correction pattern has the goal to deduce errors and possibly correct them to guarantee correct information exchange or storage.

Protected System Patterns

This is a set of patterns concerned with the confidentiality and integrity of information by providing means to manage access and usage of the sensitive data.

The protected system pattern provides some reference monitor or enclave that owns the resources and therefor must be bypassed to get access. The monitor enforces as the single point a policy. The GoF refers to it as "Protection Proxy".

The policy pattern is an architecture to decouple the policy from the normal resource code. An authenticated user owns a security context (erg. a role) that is passed to the guard of resource. The guard checks inside the policy whether the context of this user and the rules match and provides or denies access to the resource.

The authenticator pattern is also known as the Pluggable Authentication Modules or Java Authentication and Authorization Service (JAAS).

Subject descriptor pattern

Secure Communication is similar to Single sign-on, RBAC

Security Context is a combination of the communication protection proxy, security context and subject descriptor pattern.

Security Association is an extension of the secure communication pattern.

Secure Proxy pattern can be used for defense in depth.

References

  1. ^ Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann, Peter Sommerlad. Security Patterns: Integrating Security and Systems Engineering, Wiley Series in Software Design Patterns, 2005.
  2. ^ Yskout, K. et al., A system of security patterns. Technical report CW-469, Katholieke Unversiteit Leuven, December 2006.
  3. ^ Heyman, T., et al., W. An analysis of the security patterns landscape. In SESS ’07: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (Washington, DC, USA, 2007), IEEE Computer Society
Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_pattern&oldid=384480561"