Home > Research > Publications & Outputs > Security engineering with patterns


View graph of relations

Security engineering with patterns

Research output: Contribution in Book/Report/ProceedingsConference contribution


Publication date1/09/2001
Host publicationProceedings of the 8th Conference on Pattern Languages of Programs (PLoP 2001)
<mark>Original language</mark>English


Conducting digital business requires secure network and application architectures. The recently increasing occurrence of severe attacks has shown, however, that we will still need quite some time and effort to reach security standards of IT systems alike the standard already usual in other fields. At present, there is a huge gap between theory and the code of practice. Whereas scientists work on formal approaches for the specification and verification of security requirements, practitioners have to meet the users requirements. The Pattern Community recognized this problem, too. Patterns literally capture the experience from experts in a structured way. Thus novices can benefit from know-how and skills of experts. Hence, we propose to apply the pattern approach to the security problem. We show that recent security approaches are not sufficient and describe how Security Patterns contribute to the overall process of security engineering. A Security Pattern System provides linkage between Security Patterns. Thus dependencies between specific security problems can be considered in a comprehensive way.