CW 514

Koen Yskout, Thomas Heyman, Riccardo Scandariato, Wouter Joosen
Security patterns: 10 years later

Abstract

Reusing time-tested solutions rather than inventing ad-hoc quick fixes is a well-known security principle. Architectural and design patterns represent proven techniques to package knowledge from software engineering experts in a reusable format. More importantly, the solution proposed by a pattern is known to be sound because it is time-tested -- its strengths, weaknesses and possible drawbacks are known in advance. Therefore, in software security engineering, security patters have been considered to be a very promising means to increase the quality of secure design and make security more accessible to software engineers. However, their adoption does not live up to their potential. To understand why this is so, this paper analyzes the literature of security patterns published over the last ten years and outlines existing gaps.