Organizing Security Patterns

“…It should be noted that a multidimensional space can be aligned with cell divisions in Trowbridge et al (2004), Hafiz et al (2007), and even German and Cowen, (2000) without hier archical grouping. From the users' perspective, reducing orthogonal classifications to a single hierarchy achieves little and hinders the exploration of relationships along different dimensions.…”

“…The 110 patterns classified fall into only two categories: integration and application, and three concerns: data, function, and network. Hafiz et al (2007) identify four potential classification dimensions: protection type, application context, threat, and Trowbridge's viewpoints. In the end they proposed a hierarchy based on application context followed by threat.…”

“…Such classifications are typically hierarchical (Fernandez, Washizaki, Yoshioka, Kubo and Fukazawa, 2008;German and Cowan, 2000;Hafiz, Adamczyk and Johnson, 2007;Trowbridge, Cunningham, Evans and Brader, 2004), and based on the solution being presented rather the problems being addressed. Existing classifica tions mimic classification in biology, where hierarchical classification enables identification by following a decision tree (e.g.…”

A Multi-Dimensional Classification for Users of Security Patterns

“…It should be noted that a multidimensional space can be aligned with cell divisions in Trowbridge et al (2004), Hafiz et al (2007), and even German and Cowen, (2000) without hier archical grouping. From the users' perspective, reducing orthogonal classifications to a single hierarchy achieves little and hinders the exploration of relationships along different dimensions.…”

“…The 110 patterns classified fall into only two categories: integration and application, and three concerns: data, function, and network. Hafiz et al (2007) identify four potential classification dimensions: protection type, application context, threat, and Trowbridge's viewpoints. In the end they proposed a hierarchy based on application context followed by threat.…”

“…Such classifications are typically hierarchical (Fernandez, Washizaki, Yoshioka, Kubo and Fukazawa, 2008;German and Cowan, 2000;Hafiz, Adamczyk and Johnson, 2007;Trowbridge, Cunningham, Evans and Brader, 2004), and based on the solution being presented rather the problems being addressed. Existing classifica tions mimic classification in biology, where hierarchical classification enables identification by following a decision tree (e.g.…”

A Multi-Dimensional Classification for Users of Security Patterns

“…Like design patterns, which are also called GoF patterns [6], security patterns can be applied to implementing and structuring software systems, but they can also model security issues and security processes in enterprises such as "Enterprise Architecture Management Patterns" [4]. Based on this heterogeneity, the classification of security patterns is an important and often discussed issue [24,28,8,9]. Different approaches exist, some describe basic topologies like separating the patterns in application domains (e.g., software, enterprise management), others describe complex layered structures.…”

“…Different approaches exist, some describe basic topologies like separating the patterns in application domains (e.g., software, enterprise management), others describe complex layered structures. In this paper, we will have a closer look on patterns that describe how to implement a specific security feature, i.e., so-called structural patterns [8].…”

An Architecture-Centric Approach to Detecting Security Patterns in Software

Towards a Unified Approach to System‐of‐Systems Risk Analysis Based on Systems Theory