A. Wiesauer, J. Sametinger: A Security Design Pattern Taxonomy based on Attack Patterns, ICETE 2009 - International Joint Conference on e-Business and Telecommunications, Milan, Italy, July 7-10, 2009.


Security design patterns are proven solutions to security problems in a given context with constructive measures of how to design certain parts of a software system. The literature contains numerous definitions, examples, and taxonomies of such patterns. There are also a few quality criteria for them. We suggest a new taxonomy based on attack patterns in order to enhance applicability of security design patterns especially for non-experts in software security. We further suggest a combined consideration of attack patterns, security design patterns and test cases for the validation and evaluation of security design patterns.

PDF