An Analysis of the Security Patterns Landscape Thomas Heyman, Koen Yskout, Riccardo Scandariato, Wouter Joosen DistriNet, Department of Computer Science, K.U.Leuven Celestijnenlaan 200A, B-3001 Leuven, Belgium first.lastname@cs.kuleuven.be Abstract Architectural and design patterns represent effective techniques to package expert knowledge in a reusable way. Over time, they have proven to be very successful in soft- ware engineering. Moreover, in the security discipline, a well-known principle calls for the use of standard, time- tested solutions rather than inventing ad-hoc solutions from scratch. Clearly, security patterns provide a way to adhere to this principle. However, their adoption does not live up to their potential. To understand the reasons, this paper analyzes an extensive set of published security patterns ac- cording to several dimensions and outlines the directions for improvement. 1. Introduction In the software engineering discipline, patterns represent a well-known technique to package domain-independent knowledge and expertise in a reusable way. Architectural and design patterns constitute solid solutions that can be employed out of the box by architects and designers in or- der to solve known, recurrent problems. A pattern provides three main advantages. First, the solution is known to be sound because it is time-tested. Second, benefits and draw- backs of a pattern are known in advance and they can be taken into account while sketching the solution. Third, pat- terns establish a common vocabulary that can ease commu- nication between different stakeholders. In the security discipline, a well-known principle calls for the use of community resources rather than inventing ad-hoc solutions from scratch [21]. For instance, creating a new encryption protocol is risky because of the likeli- hood of design flaws. Likewise, it is not advisable to imple- ment a well-known protocol from scratch, because of pos- sible coding flaws. Security patterns offer invaluable help in order to enforce this principle at the architectural and de- sign level. First, design glitches can be avoided by apply- ing well-known design solutions. Second, security patterns should include enough detailed information (down to the level of reference code), e.g., to help automate the imple- mentation phase. In other words, security patterns are tools to provide additional guarantees that a software product is correct. Security patterns have gained significant attention by the research community after the seminal work by Yoder and Barcalow [22]. The authors have surveyed the literature that has been published over the last ten years. Figure 1 (darker line) shows the publication trend of security patterns over this period. Using the Gartner’s Hype Cycle terminology [2], it is evident from the graph that we passed the peak of inflated expectations followed by disillusionment. We are now in the “slope of enlightenment”, where focused experi- mentation leads to a true understanding of the applicability, shortcomings and benefits of a technology. The key issue is that no objective examination has been conducted so far to understand the reasons that hinder the adoption of security patterns. Although there is no lack of both security patterns and catalogs that collect them, secu- rity patterns have an inadequate reputation and this clearly hampers their adoption. Patterns have proven to be successful in software engi- neering, e.g., the Gang of Four (GoF) patterns are exten- sively used in today’s libraries and frameworks. There is no evident reason why the same should not happen for secu- rity patterns. Indeed, the authors strongly believe that they have high potential, especially as an instrument to bridge the knowledge gap between the design phase and secure code. The contribution of this paper is to provide an overview of the current landscape of security patterns, identify short- comings and suggest directions for improvement. For this work, the complete (to the authors’ knowledge) set of se- curity patterns that are available in literature has been ana- lyzed. In figures, the authors surveyed about 220 patterns published in the period 1996–2006. Accordingly, the major drawbacks in existing literature are pinpointed by answer- ing three main questions, as listed below. For each question, the directions for improvement are outlined constructively. 1. Are all existing patterns really patterns? A clear defi- 29th International Conference on Software Engineering Workshops(ICSEW'07) 0-7695-2830-9/07 $20.00 © 2007