Categorization of Security Design Patterns

Author

Jeremiah Y. Dangler, East Tennessee State UniversityFollow

Degree Name

MS (Master of Science)

Program

Computer and Information Science

Date of Award

5-2013

Committee Chair or Co-Chairs

Martin L. Barrett

Committee Members

Phillip E. Pfeiffer, Michael R. Lehrfeld

Abstract

Strategies for software development often slight security-related considerations, due to the difficulty of developing realizable requirements, identifying and applying appropriate techniques, and teaching secure design. This work describes a three-part strategy for addressing these concerns. Part 1 provides detailed questions, derived from a two-level characterization of system security based on work by Chung et. al., to elicit precise requirements. Part 2 uses a novel framework for relating this characterization to previously published strategies, or patterns, for secure software development. Included case studies suggest the framework's effectiveness, involving the application of three patterns for secure design (Limited View, Role-Based Access Control, Secure State Machine) to a production system for document management. Part 3 presents teaching modules to introduce patterns into lower-division computer science courses. Five modules, integer over ow, input validation, HTTPS, les access, and SQL injection, are proposed for conveying an aware of security patterns and their value in software development.

Document Type

Thesis - unrestricted

Recommended Citation

Dangler, Jeremiah Y., "Categorization of Security Design Patterns" (2013). Electronic Theses and Dissertations. Paper 1119. https://dc.etsu.edu/etd/1119

Copyright

Copyright by the authors.