Technical Report
Security Engineering Pilot
-
Trusted Systems
Report Number: SERC-2013-TR-036-1
Publication Date: 2013-02-28
Project:
Security Engineering – Design Patterns and Operational Concepts
Principal Investigators:
Dr. Barry Horowitz
Co-Principal Investigators:
Dr. Peter Beling
Dr. William Melvin
Dr. Kevin Skadron
Dr. Ronald Williams
One of the strengths of the perimeter security approach is that it offers a set of standardized commercially available products. In contrast, System-Aware security solutions are highly customized to the applications to which they are embedded. Thus, there is a need to facilitate reuse of System-Aware security solutions across a diverse set of applications. One approach is to create security design patterns. These security patterns could facilitate in the reuse of System-Aware security solutions across additional systems by drawing on the consensus of engineers engaged in building these systems–similar to how they have aided in object-oriented projects [1] and more traditional security technologies [2]. In addition, these patterns would provide documentation characterizing the sufficient conditions for application as well as suggestions for additional synergistic patterns to enable the engineering community to apply them to new and existing systems.
In order to provide a starting point for the exploration and development of new secure design patterns, three
patterns are presented based upon the work outlined in this paper. The format for these patterns is based upon
those used for traditional perimeter security as presented by Schumacher in his book on “Security Patterns:
Integrating Security and Systems Engineering” [2]. However, unlike the patterns presented by Schumacher, these
patterns are not based upon implemented solutions but on research cases. Research cases were chosen as,
“Patterns support the understanding of problems and their solutions,” [2] and, “Patterns are generic—as
independent of or dependent on a particular implementation technology as need be.” [2]. Thus, design patterns
provide not only a means for recording implemented solutions, but a method for recording research cases so that
they can be applied to problems across a wide set of domains. As System-Aware security aims to provide cyber
security solutions that are applicable to many domains, design patterns provide an ideal means of recording and
presenting such solutions for reuse.