T39: Understanding Security with Patterns

Wednesday, Oct 25, from 13:30 to 17:00

According to security guru Bruce Schneier, security is all about trade-offs you make with respect to your always limited resources. Today, security is often a problem either when designing a system or-in the worst case-as an after-thought. Only a few experts have knowledge to design good security and we can safely assume that there is no security expert in most development teams. Before Design Patterns OO-design was a similar black art only performed well by experts. We expect Security Patterns to provide such leverage for designing secure systems, because they make discussions easier with the common names for concepts, make security design decisions more conciously, and because they tell the truth about their trade-offs. This tutorial introduces the current work on security patterns as given in the book Security Patterns - Integrating Security and Systems Engineering:

• Why Security Patterns?
• What is a Security Patterns?
• Selected Security Patterns examples with some exercises
• Community process, forum, and how to get involved
• Status and outlook - where will Security Patterns go?

Introductory:  interest in security. knowing about software and some basic UML.

Goals: You will learn about security patterns that can give you a better understanding and vocabulary of security design.

Format: lecture style with a few exercises (about 5 minutes each) for the audience to solve and discuss.