Even more patterns for secure operating systems

Fernández, Eduardo B.; Sorgente, Tami; Larrondo-Petrie, María M.

doi:10.1145/1415472.1415484

Cited by 15 publications

(9 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This book had 46 security patterns from the domain of enterprise security and risk management, identification and authentication, access control, accounting, firewall architecture, and secure internet application. This book aggregates many previous works on security patterns, including the first catalog of security patterns [40], Markus Schumacher [32] and Eduardo Fernandez's [6,10] work on security patterns, etc. Steel et al [33] described 23 security patterns for J2EE based applications, Web services and identity management in their book.…”

Section: Security Pattern Sourcesmentioning

confidence: 95%

Growing a pattern language (for security)

Hafiz

Adamczyk

Johnson

2012

Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software

View full text Add to dashboard Cite

Researchers and practitioners have been successfully documenting software patterns for over two decades. But the next step-building pattern languages-has proven much more difficult. This paper describes an approach for building a large pattern language for security: an approach that can be used to create pattern languages for other software domains.We describe the mechanism of growing this pattern language: how we cataloged the security patterns from books, papers and pattern collections written by all security experts over the last 15 years, how we classified the patterns to help developers find the appropriate ones, and how we identified and described the relationships between patterns in the language. To our best knowledge, this is the largest pattern language in software. But the most significant contribution of this paper is the story behind how the pattern language is grown; it illustrates the steps that can be adapted to create and grow pattern languages for other domains.

show abstract

Section: Security Pattern Sourcesmentioning

confidence: 95%

Growing a pattern language (for security)

Hafiz

Adamczyk

Johnson

2012

Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software

View full text Add to dashboard Cite

show abstract

“…To protect the SUI process from other processes and to allow some applications additional privileges, the Secure Process [17] pattern is used to isolate processes and assign authorization rights. Some applications have special dedicated meaning and hence have additional privileges.…”

Section: H Related Patternsmentioning

confidence: 99%

A Pattern for Secure Graphical User Interface Systems

Fischer

Sadeghi

Winandy

2009

2009 20th International Workshop on Database and Expert Systems Application

View full text Add to dashboard Cite

Several aspects of secure operating systems have been analyzed and described as security patterns. However, existing patterns do not cover explicitly the secure interaction of users with the user interface of applications. Especially graphical user interfaces tend to get complex and vulnerable to spoofing and eavesdropping, e.g., due to key loggers or fake dialog windows. A secure user interface system has to provide a trusted path between the user and the application the user intends to use. The trusted path must be able to ensure integrity and confidentiality of the transmitted data, and must allow for the verification of the authenticity of the end points. We present a pattern for secure graphical user interface systems and evaluate its use in different implementations. This pattern shows how to fulfill the security requirements of a trusted path while preserving, in a policy-driven way, the flexibility that graphical user interfaces generally demand.

show abstract

“…The first type is useful when we want to correlate patterns at different abstraction levels or we want to understand or explain a complete system. The second type is better when we are working at a specific level, e.g., designing an operating system [3,4].…”

Section: Use Of Abstract Patternsmentioning

confidence: 99%

“…These patterns should specify only the fundamental characteristics of the mechanism or service, not specific software aspects. Most works on security patterns [7,8] emphasize concrete patterns that solve security problems at given architectural levels or units, e.g., secure VAS in operating systems [3]. In fact, we have not seen any work where this abstraction level is explicitly considered.…”

Section: Introductionmentioning

confidence: 99%