Organizational Patterns for Security and Dependability

Massacci, Fabio; Asnar, Yudis; Saidane, Ayda; Riccucci, Carlo; Felici, Massimo De; Tedeschi, Alessandra; El-Khoury, Paul; Li, Keqin; Seguran, Magali; Zannone, Nicola

doi:10.4018/jsse.2011070101

Cited by 6 publications

(4 citation statements)

References 26 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Montesi and Weber [83] described the Circuit Breaker as a pattern for preventing cascading failures by guarding service calls; this pattern is implemented as a Decorator [10] applied to the interface of the service. Asnar et al developed organizational patterns for security and dependability [84]; these patterns consider the interaction of humans and systems and, as such, are particularly interesting and different from most of the patterns discussed here. Castellanos et al [85] developed model transformations, preconditions, and postconditions to automate security and dependability design patterns.…”

Section: Specialized Patterns and Related Artifacts 61 Hybrid Patternsmentioning

confidence: 99%

Dependability Patterns: A Survey

Buckley,

Fernandez

2023

Computers

View full text Add to dashboard Cite

Patterns embody the experience and knowledge of designers and are effective ways to improve nonfunctional aspects of software systems. Although there are several catalogs and surveys of security patterns, there is no catalog or general survey about dependability patterns. Our survey presented an enumeration of dependability patterns, which include fault tolerance, reliability, safety, and availability patterns. After defining classification groups and showing basic pattern relationships, we showed the references to the publications where these patterns were introduced and enumerated their intents. Another objective was evaluating these patterns to see if their descriptions are appropriate for a possible catalog, which would make them useful to developers and researchers. We found that most of them need remodeling because they use ad hoc templates or no templates. We considered some models from which we can derive patterns and methodologies that incorporate the use of patterns to build dependable software systems. We also provided directions for research.

show abstract

Section: Specialized Patterns and Related Artifacts 61 Hybrid Patternsmentioning

confidence: 99%

Dependability Patterns: A Survey

Buckley,

Fernandez

2023

Computers

View full text Add to dashboard Cite

show abstract

“…Since then, the development of the security pattern has become increasingly sophisticated. Researchers have developed many security patterns for different security problems [33][34][35][36].…”

Section: Security Patternsmentioning

confidence: 99%

“…Repeat this process to generate all defence plans (refer to line 4 and lines [23][24][25][26][27][28][29][30][31][32][33]. Secondly, we remove duplicate patterns from each defence plan by iterating through all defence plans (refer to lines 5-7 and lines [34][35][36][37][38][39][40][41][42][43][44][45][46][47]. Thirdly, we remove duplicate defence plans by iterating through all defence plans (refer to line 8 and lines [34][35][36][37][38][39][40][41][42][43][44][45][46][47].…”

Section: Generating and Prioritising Social Engineering Defence Plansmentioning

confidence: 99%

Defending against social engineering attacks: A security pattern‐based analysis framework

Song

Pang

2023

IET Information Security

View full text Add to dashboard Cite

Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's "vulnerabilities" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia and industry, it is challenging to propose a comprehensive and practical set of countermeasures to protect systems from social engineering attacks due to its interdisciplinary nature. Moreover, the existing social engineering defence research is highly dependent on manual analysis, which is time-consuming and labour-intensive and cannot solve practical problems efficiently and pragmatically. This paper proposes a systematic approach to generate countermeasures based on a typical social engineering attack process. Specifically, we systematically 'attack' each step of social engineering attacks to prevent, mitigate, or eliminate them, resulting in 62 countermeasures. We have designed a set of social engineering security patterns that encapsulate relevant security knowledge to provide practical assistance in the defence analysis of social engineering attacks. Finally, we present an automatic analysis framework for applying social engineering security patterns. We applied the case study method and performed semi-structured interviews with nine participants to evaluate our proposal, showing that our approach effectively defended against social engineering attacks.

show abstract

“…Mixed-criticality encompasses interactions of safety and security, such as mentioned by . Asnar et al [2011] present a modeling and specification framework for security requirements that have to be verified for safety-critical distributed information systems.…”

Section: Qsecurity: How Is Security Addressed In the Studies?mentioning

confidence: 99%

Assurance of System Safety: A Survey of Design and Argument Patterns

Gleirscher,

Kugele

2019

Preprint

View full text Add to dashboard Cite

The specification, design, and assurance of safety encompasses various concepts and best practices, subject of reuse in form of patterns. This work summarizes applied research on such concepts and practices with a focus on the last two decades and on the state-of-the-art of patterns in safety-critical system design and assurance argumentation. We investigate several aspects of such patterns, for example, where and when they are applied, their characteristics and purposes, and how they are related. For each aspect, we provide an overview of relevant studies and synthesize a taxonomy of first principles underlying these patterns. Furthermore, we comment on how these studies address known challenges and we discuss suggestions for further research. Our findings disclose a lack of research on how patterns improve system safety claims and, vice versa, on the decomposition of system safety into separated local concerns, and on the impact of security on safety. CCS Concepts: • General and reference → Design; Reliability; • Computer systems organization → Architectures; Dependable and fault-tolerant systems and networks; • Hardware → Safety critical systems; • Software and its engineering → Software safety; Error handling and recovery; Software verification and validation; Risk management; • Security and privacy → Security in hardware.

show abstract

Organizational Patterns for Security and Dependability

Cited by 6 publications

References 26 publications

Dependability Patterns: A Survey

Dependability Patterns: A Survey

Defending against social engineering attacks: A security pattern‐based analysis framework

Assurance of System Safety: A Survey of Design and Argument Patterns

Contact Info

Product

Resources

About