Back to home page of Munawar




Security Patterns and Pattern Language


I have been maintaining a comprehensive catalog of all published security patterns in the last 15 years. It contains over 90 security patterns. It is snapshot of the collective knowledge of the entire security pattern community.

I have also studied the classification issue of security patterns and the impact of patterns on secure software architecture. 

I have presented a tutorial on security and software architecture at OOPSLA in 2006, 2007 and 2008.


Research Plan

Christopher Alexander introduces a pattern language as a way to communicate the nature of order by describing the way patterns relate to one another. His work inspired many computer scientists to develop pattern languages for software, but so far we have not produced a result that is as impressive as his.Pattern Language

Our first approach is to classify all security patterns into distinct categories to make it easier to find the patterns relevant to a specific problem. Then we will create small pattern languages, one for each category of patterns (see figure). Then, we will combine the small diagrams into one large diagram, adding more inter-group relationships. We will validate the pattern language in two ways: by communicating with security experts and pattern experts, and by looking for evidences of pattern inter-relationships in secure software systems.


People (Past and Present)
Munawar Hafiz (Auburn University), Paul Adamczyk (Booz Allen Hamilton), Ralph Johnson (UIUC), Ward Cunningham (Microsoft), David Towbridge (Microsoft), Steve Chapin (Syracuse University), Karthick Jayaraman (Microsoft)


Publications

          Growing a Pattern Language (For Security)

          (pdf)

          Munawar Hafiz, Paul Adamczyk and Ralph Johnson

          In Proceedings Proceedings of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012 

          Oct 2012



          A Pattern Language for Designing Privacy Enhancing Technologies.

          Draft version (pdf)

          Munawar Hafiz

          To be published in Software---Practice and Experience



          Evolution of Mail Transfer Agent architecture: The impact of security.

          Draft version (pdf)

          Munawar Hafiz and Ralph Johnson

          Software---Practice and Experience, 38(15): 1569-1599

          Dec 2008

 

 

          Organizing Security Patterns.

          Draft version (pdf)

          Munawar Hafiz, Paul Adamczyk and Ralph Johnson

          IEEE Software Special Issue on Software Patterns, 24(4), pp. 52-60

          Jul/Aug 2007

 

 

          Network congestion control at the application layer.

          (pdf)

          Paul Adamczyk, Federico Balaguer, Munawar Hafiz and Craig Robinson

          Proceedings of the 14th Pattern Languages of Programs, PLoP 2007

          Allerton, Illinois, Sep 2007

 

 

          A collection of privacy design patterns.

          (pdf)

          Munawar Hafiz

          Proceedings of the 13th Pattern Languages of Programs, PLoP 2006

          Allerton, Illinois, Oct 2006

 

 

          Multiple design patterns for Voice over IP (VoIP) security.

          (pdf)

          Zahid Anwar, William Yurcik, Ralph Johnson, Munawar Hafiz and Roy Campbell

          In Workshop on Information Assurance (WIA), held in conjunction with the 25th IEEE International Performance Computing 

          and Communications Conference, IPCCC 2006

          Phoenix, Arizona, Apr 2006

 

 

          Security patterns and evolution of MTA architecture.

          (pdf)

          Munawar Hafiz

          In companion of the 20th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2005

          San Diego, California, Oct 2005  

 

 

          Secure Pre-forking: A pattern for security and performance.

          (pdf)

          Munawar Hafiz

          Proceedings of the 12th Pattern Language of Programs, PLoP 2005

          Allerton, Illinois, Sep 2005

 

 

          Unique atomic chunks: A pattern for security and reliability.

          (pdf)

          Munawar Hafiz

          Proceedings of the 11th Pattern Language of Programs, PLoP 2004

          Allerton, Illinois, Sep 2004

 

 

          Security architecture of qmail.

          (pdf)

          Munawar Hafiz, Ralph Johnson and Raja Afandi

          Proceedings of the 11th Pattern Language of Programs, PLoP 2004

          Allerton, Illinois, Sep 2004

 

 

 

Tutorial Presentation

 


          Security: Philosophy, Patterns and Practices.

          Tutorial 16 in the 23rd Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2008

          Nashville, Tennessee, Oct 2008

 

 

          Security Patterns and Secure Software Architecture.

          Tutorial 14 in the 22nd Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2007

          Montreal, Canada, Oct 2007

 

          

          Security Patterns and Secure Software Architecture.

          Tutorial 51 in the 21st Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2006

          Portland, Oregon, Oct 2006



 

Last modified: Mar 05, 2013

Conceived and Maintained by: Munawar Hafiz