Software-security patterns

Abstract

Since Gamma et al. published their design patterns, patterns are very popular in the area of software engineering. They provide best practice to handle recurring problems during the software development phase. Three years later, security patterns appeared and provided solutions for security problems. Besides the name analogy, design and security patterns should be very similar except for the security factor. In research and industry software engineering with design patterns is widespread. However, some researchers suspect that security-pattern engineering is made difficult by some issues such as terminology or description form. Detecting adoption problems can help to improve security patterns in future. Thus, they can promote the awareness of security especially in the software maintenance phase where many programmers first give attention to security problems. Therefore, we will compare design and security patterns to find indicators for negative impact on security pattern engineering in software development. We address this issue on inspecting the aspects classification, description form, provided code examples, and usage in the software life-cycle. We determine the degree of maturity of software-security patterns by comparing them to the well-explored design patterns. To achieve the objective, we inspect the pattern terminology and conducted a study on the used description forms including provided UML diagrams and code examples. Moreover, a literature review is conducted to compare their state of research w.r.t. the software life-cycle. The maturity degree of security patterns compared to common design patterns differs and we depict further research opportunities on security patterns.