Navigation

• Education
  • International programmes
  • Faculties
  • ECTS
  • Vision and policy
• Research
  • Research at KU Leuven
  • Support and funding
  • Industry and Society
  • Phd
  • Postdoc researcher
  • Output and impact
  • Networking
  • Vision and policy
• Admissions
  • How to apply
  • Scholarships
  • Degree seeking students
  • Non-degree seeking students
  • Doctoral students
  • Reseachers
  • Short term study visits
  • Prepare your stay
• Living in Leuven
  • Welcome activities
  • News and agenda
  • Student Services
  • Housing
  • Insurance
  • Sports and culture
  • Student organisations
• About KU Leuven
  • Mission statement
  • Facts and figures
  • International networks
  • Development Cooperation
  • Academic Calendar
  • Alumni
  • Fundraising
  • Services and support
  • Boards and councils
  • News and press
  • Jobs

CW 469

Koen Yskout, Thomas Heyman, Riccardo Scandariato, Wouter Joosen
A system of security patterns

Abstract

For the past 5 years, MITRE has been tracking the types of errors that lead to publicly reported vulnerabilities. The results show that the number of vulnerabilities is not getting any smaller. On the contrary, they observed a 55% increase over the past two years. Furthermore, over 4500 vulnerabilites that were tracked in 2005, only 25% were due to infrastructural software, like the OS. More than 75% of all vulnerabilities were actually due to faulty application software. This suggest an inadequate adoption of proven secure software engineering techniques, as also recognized by the research community.

Designing secure software is a hard endeavor, requiring unique skills, which one cannot expect from an average development team. It would be beneficial if a set of easily usable bricks would be made available to a larger base of designers upon which sound and secure software can be built, without the need for them to fully grasp all the underpinnings of security engineering. A viable solution is represented by security patterns, which provide domain-independent, time-tested security knowledge and expertise. Furthermore, they preserve this knowledge in a reusable format, so that other (non-expert) designers may benefit.

This technical report presents an extensive inventory in which security patterns are collected to form a coherent system. Based on a broad survey of existing literature, we applied a reduction process in order to both simplify the patterns landscape according to several dimensions and remove heterogeneity. For the resulting set of core security patterns, we provide a uniform description and, most importantly, enhance the patterns by means of meta-information enabling and facilitating both the search for and the selection of the right pattern for the job.