Security Patterns Template and Security Patterns Template and TutorialTutorial

- Darrell M. Kienzle, Ph.D., Matthew C. Elder, Ph.D., David S. Tyree, James Edwards-Hewitt

Presented by Dan Frohlich

OverviewOverview

What is a Pattern?What is a Security Pattern?The Security Pattern Template.Related Work.

What is a Pattern?What is a Pattern?

Developed by Christopher Alexander for Architectural and Urban Planning

Made popular for software design by GoF.Definition: A solution to a problem in a

context.– Summary, solution and impact– Expanded to include recurrence, a teaching

component, and a name by J. Vlissides (GoF)

VariationsVariations

Architectural patterns.– Enterprise Level (System Patterns)

AntiPatterns.– Document common mistakes

Pattern Languages.– Families of solutions good for OO

Frameworks.

What is a Security Pattern?What is a Security Pattern?

Technique for encapsulating and disseminating security expertise.

Some but not all are design PatternsStructural Security Patterns

– Like GoF Design PatternsProcedural Security Patterns

– Improve the development process of secure software

Audience drives Level of DetailAudience drives Level of Detail

Concepts– General Strategies like “Least Privilege”

Classes of Patterns– General problem area with many solutions

Patterns– General enough to be used in many circumstances

Examples– A worked solution for a specific problem instance

The Security Pattern Template.The Security Pattern Template.

Pattern Name– Noun describing a thing to be built.

(Structural)– Verb describing recommended action.

(Procedural)Abstract

– Describes intent/purpose– Independent of context– Indicates limits on applicability.

The Security Pattern Template.The Security Pattern Template.

Aliases– Also Known As

Problem– Context for application– Motivation for use

Solution– Applicability / Rationale– How the Pattern solves the Problem

The Security Pattern Template.The Security Pattern Template.

Static Structure– Includes a Diagram if applicable or a note if

not– Enumerates the components of the Diagram

Dynamic Structure– Collaborations– Outlines Component interactions

The Security Pattern Template.The Security Pattern Template.

Implementation Issues– Detailed hints and techniques– Identify pitfalls, and guide reader around them

Common attacks– Identify attacks that interact with this pattern– Links to public databases

The Security Pattern Template.The Security Pattern Template.

Known Uses– Cite examples of this pattern from all 3 levels

when possible.– Code Level

Rely on language features.

– System LevelRely on OS features

– Network Level Implemented with network level components.

The Security Pattern Template.The Security Pattern Template.

Sample Code– Presented whenever possible.– Adds tangibility to an abstract idea.

Consequences– Each area should be discussed.– Accountability, Confidentiality, Integrity,

Availability, Performance, Cost, Manageability, Usability

The Security Pattern Template.The Security Pattern Template.

Related Patterns– Reference related patterns and the nature of

the relationshipReferences

– Enumerate citations related to the pattern

Related WorkRelated Work

Security Properties of Design Patterns– Security ramifications of GoF

NRL Patterns work– Formal verification of security-critical

softwarewww.security-patterns.de

– Collaborative site for security pattern developers

Related Work (cont.)Related Work (cont.)

OpenGroup Security Forum– Developing a library of architectural security

patterns.

QuestionsQuestions