Shamal Faily
Security patterns considered harmful?
Faily, Shamal
Authors
Abstract
While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims that security patterns should be considered harmful because: (i) they abdicate design responsibility, (ii) their implications are unclear, and (iii) abstractions are still an enemy. We also consider Strong Concepts as a more useful alternative for security design.
Citation
FAILY, S. 2013. Security patterns considered harmful? In Proceedings of the 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns, 8-9 July 2013, Abingdon, UK. Oxford: Oxford Brookes University, pages 108-109.
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns |
| Start Date | Jul 8, 2013 |
| End Date | Jul 9, 2013 |
| Acceptance Date | Jun 24, 2013 |
| Online Publication Date | Jul 20, 2013 |
| Publication Date | Jul 20, 2013 |
| Deposit Date | Dec 10, 2021 |
| Publicly Available Date | Dec 17, 2021 |
| Publisher | Oxford Brookes University |
| Peer Reviewed | Peer Reviewed |
| Pages | 108-109 |
| Keywords | Systems security; Security risk analysis; Software engineering |
| Public URL | https://rgu-repository.worktribe.com/output/1446691 |
Files
FAILY 2013 Security patterns considered harmful
(611 Kb)
PDF
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search