Security engineering with patterns : origins, theoretical model, and new applications

For quite some time, in systems and software design, security only came as a second thought or even as a nice-to-have add-on. However, since the breakthrough of the Internet as a virtual backbone for electronic commerce and similar applications, security is now recognized as a fundamental requirement. This book presents a systematic security improvement approach based on the pattern paradigm. The author first clarifies the key concepts of security patterns, defines their semantics and syntax, demonstrates how they can be used, and then compares his model with other security approaches. Based on the author's model and best practice in security patterns, security novices are now in a position to understand how security experts solve problems and can basically act like them by using the patterns available as building blocks for their designs.

1. Introduction.- 2. Patterns in Software Development.- 3. Ontologies.- 4. The Human Factor.- 5. Classifying Security Improvement Artifacts.- 6. Toward a Security Core Ontology.- 7. Foundations of Security Patterns.- 8. A Theoretical Model for Security Patterns.- 9. New Applications of Security Patterns.- 10. Summary and Outlook.- A. Sources for Mining Security Patterns.- B. Example Security Patterns and Annotations.- C. Ontology Development.- D. F-Logic Primer.- E. Gaining Security Expertise.