T51: Security Patterns and Secure Software Architecture
Thursday, Oct 26, from 13:30 to 17:00
Recently there have been a lot of interest in security patterns. Three different groups have been working on security patterns books and recently published their work. These books approach security patterns from different perspectives. The focus of this tutorial is not to cover a particular book, but to give the audience a comprehensive look at the documented security patterns. These patterns come from the books and research papers and the drafts that people are working on. This tutorial covers about seventy security patterns. The patterns solve problems of different granularity and their context ranges from business architecture to implementation-specific issues. Security patterns are valuable in all stages of secure software development because they document proven solutions of security problems and act as a vocabulary for exchanging ideas between security architects, developers and managers. This tutorial will also touch the issue of classification of security patterns that will lead towards efficient pattern navigation. Through interactive demonstrations and practical examples of software architecture, this tutorial will expose the audience to broad ranges of security problems and their solutions.
Intermediate: Basic knowledge of security is helpful but not a requirement.
Goals: This tutorial will give the participants a comprehensive knowledge of the documented security patterns. Software Architects can learn about the problems and solutions and can incorporate these solutions in their own designs. They will also learn to use pattern classification schemes and will be able to efficiently navigate these schemes to find the security patterns that they need. Managers get introduced to security concepts from this tutorial. They will learn the jargons and will be able to use them in their communication with software architects and designers. Educators and researchers can learn how to document missing patterns. They can also take the idea of classification of security patterns or non-functional patterns in general and explore this as a research project.
Format: This tutorial has phases where I will present the patterns, then there are phases where the audience will take part in the tutorial by engaging in simple exercises on pattern classification.
Munawar Hafiz, University of Illinois at Urbana-Champaign: Munawar Hafiz is a graduate student at University of Illinois working with Professor Ralph Johnson. He has been working on security patterns for the last three years. His pattern documentation project at patternshare is funded by Microsoft's Patterns and Practices group. He also works with the P&P group to charter a classification scheme for security patterns.