Shamal Faily
Security patterns considered harmful?
Faily, Shamal
Authors
Abstract
While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims that security patterns should be considered harmful because: (i) they abdicate design responsibility, (ii) their implications are unclear, and (iii) abstractions are still an enemy. We also consider Strong Concepts as a more useful alternative for security design.
Citation
FAILY, S. 2013. Security patterns considered harmful? In Proceedings of the 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns, 8-9 July 2013, Abingdon, UK. Oxford: Oxford Brookes University, pages 108-109.
Conference Name | 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns |
---|---|
Conference Location | Abingdon, UK |
Start Date | Jul 8, 2013 |
End Date | Jul 9, 2013 |
Acceptance Date | Jun 24, 2013 |
Online Publication Date | Jul 20, 2013 |
Publication Date | Jul 20, 2013 |
Deposit Date | Dec 10, 2021 |
Publicly Available Date | Dec 17, 2021 |
Publisher | Oxford Brookes University |
Pages | 108-109 |
Keywords | Systems security; Security risk analysis; Software engineering |
Public URL | https://rgu-repository.worktribe.com/output/1446691 |
Files
FAILY 2013 Security patterns considered harmful
(611 Kb)
PDF
You might also like
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Cybersecurity user requirements analysis: the ECHO approach.
(2022)
Conference Proceeding
Use-case informed task analysis for secure and usable design solutions in rail.
(2021)
Conference Proceeding
Visualising personas as goal models to find security tensions.
(2021)
Journal Article