: Identify Threats -> Plan Mitigation Strategy -> Instantiate Strategy
|<--------- STRIDE / LINDDUN -------->|<- Security Patterns ->|
( http://melancholy8914.blogspot.co.uk/2017/01/uncover-security-design-flaws-with.html / http://melancholy8914.blogspot.co.uk/2017/01/uncover-privacy-design-flaws-with.html )
2. Security Pattern
: a well-understood solution to control, stop or mitigate a set of specific threats through some security mechanisms defined in a given context
- Template: Standard way to describe a pattern
Sections
|
Descriptions
|
| Name | - Should capture the essence of the pattern in a concise and catchy manner |
| Intent | - Should summarise the pattern briefly in 2/3 sentences - Includes what the purpose or intent of the pattern |
| Aliases | - Should enumerate other names for the patterns |
| Problem & Forces | - Outlines the context in which the patterns is applicable, as well as explaining the motivation for using patterns |
| Solution | - Should describe at a high level how the pattern solves the problem described in the problem statement |
| Static structure | - Presents the constituent elements involved in the usage of this pattern |
| Dynamic structure | - Describes interactions between the various components in the static structure |
| Implementation & Pitfalls | - Most common mistakes in the usage of this pattern and provide the reader with guidance for avoiding them |
| Consequences | - Describes the possible impact of using the pattern with respect to CIAA, performance, cost, manageability and usability |
| Example and Known Uses | - Explicit references to products or systems |
- Instantiating a Security Pattern
* New components need to be introduced
* Wire the new components to the existing ones
* Modify existing components
http://www.securitypatterns.org
댓글 없음:
댓글 쓰기