Using security patterns to develop secure systems

We initiated an international collaboration between our security groups a few years ago, centered on methodologies to build secure systems using patterns. We describe here where we are now and where we are going. This chapter should be considered a survey of our work and not an attempt to present new work or to introduce in detail the models presented here, for that we refer the reader to our previous publications. We also provide a section comparing our work to others but again in each paper we relate our work to others in more detail. In particular, we have worked or we are working on: Secure software development methodologyWe have worked on a general methodology to build secure systems and have produced until now some specific aspects of it, which are described below. Of course, these aspects have value independently of this methodology and can be applied to other methodologies or on their own. Modeling and Classification of security patternsWe have tried to provide a precise characterization of security patterns that can be used as a basis for classification. A good classification makes the application of the patterns much easier along the software lifecycle. It also helps understand the nature and value of the patterns. Another objective is to identify which patterns are missing. Misuse patternsA misuse pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to tra ce the attack once it has happened by appropriate collection and observation of forensics data. They can be used in the lifecycle to prevent the occurrence of known types of attacks and to evaluate a completed system. Characterization and selection of access control modelsAccess control is a fundamental aspect of security. There are many variations of the basic access control models and it is confusing for a software developer to select an appropriate model for her application. We have defined a way to clarify their relationships and a way to guide designers in selecting an appropriate model. Databases in secure applications Most applications need to include databases to store the persistent information, which constitutes most of the information assets of the institution. We have studied the effect of databases on the security of a system under development.