Abstract
Interdependencies between different security patterns can influence the properties of a particular pattern when applied in conjunction with other patterns. The resulting properties will often be weaker due to the possibility of new attacks. In this paper we introduce a mechanism that leads towards a generic process for pattern integration. As an example, we use the interesting case in which the proper integration of two patterns provides stronger security properties than the simple unification of the two properties. Formally, this increase in security is achieved by linking parameters of refined versions of the individual properties. The example shows the combination of two different authenticity properties (authenticity of a device based on trusted platform module functionality and authenticity of a user by using SSL). Remarkably, previously proposed combinations of solutions do not satisfy the desired integrated security properties. This indicates that pattern integration requires means that go beyond simple unification. Our pattern integration process presents a first step in this direction.
Original language | English |
---|---|
Title of host publication | Proceedings - 20th International Workshop on Database and Expert Systems Applications, DEXA2009 |
Pages | 171-175 |
Number of pages | 5 |
DOIs | |
Publication status | Published - 2009 |
Externally published | Yes |
Event | International Workshop on Secure Systems Methodologies Using Patterns 2009 - Linz, Austria Duration: 31 Aug 2009 → 4 Sept 2009 Conference number: 3rd https://ieeexplore.ieee.org/xpl/conhome/5337077/proceeding (Proceedings) |
Conference
Conference | International Workshop on Secure Systems Methodologies Using Patterns 2009 |
---|---|
Abbreviated title | SPattern 2009 |
Country/Territory | Austria |
City | Linz |
Period | 31/08/09 → 4/09/09 |
Other | Held within the "International Conference on Database and Expert Systems Applications 2009" |
Internet address |