Abstract
Security is a critical component in information systems today. Designing and implementing secure systems requires a lot of skill and expertise. A secure system is based on sound software engineering principles and proven best practices in the form of guidelines and design patterns. Since Yoder and Barcalow's seminal work in 1997 on security patterns, several patterns and pattern catalogs have emerged. Today, the security pattern landscape is very vast and complex. Hence, proper organization and classification of patterns is important so that appropriate patterns can be used in a specific problem context. Patterns have been classified using various methodologies and criteria. There are many overlaps in the classification schemes and they do not cover all patterns. We propose that the classification of security patterns based on a common set of criteria and the use of analytical methods and tools will give additional insight into the relations, hierarchy and grouping of patterns, whereby their applicability can be improved. This is also important to understand pattern coverage and perform gap analysis. In this paper, we present an analytical study of security patterns and use hierarchical clustering to organize the patterns. The paper also presents an algorithm for pattern selection based on security goals.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
