Security patterns considered harmful?

Faily, Shamal

Authors

Shamal Faily

Abstract

While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims that security patterns should be considered harmful because: (i) they abdicate design responsibility, (ii) their implications are unclear, and (iii) abstractions are still an enemy. We also consider Strong Concepts as a more useful alternative for security design.

Citation

FAILY, S. 2013. Security patterns considered harmful? In Proceedings of the 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns, 8-9 July 2013, Abingdon, UK. Oxford: Oxford Brookes University, pages 108-109.

Conference Name	2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns
Conference Location	Abingdon, UK
Start Date	Jul 8, 2013
End Date	Jul 9, 2013
Acceptance Date	Jun 24, 2013
Online Publication Date	Jul 20, 2013
Publication Date	Jul 20, 2013
Deposit Date	Dec 10, 2021
Publicly Available Date	Dec 17, 2021
Publisher	Oxford Brookes University
Pages	108-109
Keywords	Systems security; Security risk analysis; Software engineering
Public URL	https://rgu-repository.worktribe.com/output/1446691