An exploratory comparison of security patterns and tactics to harden systems

René Noël, Gilberto Pedraza-García, Hernán Astudillo, Eduardo B. Fernández

Research output: Contribution to conferencePaper

Abstract

The software architecture community considers non-functional requirements as key factors in designing a system architecture, and several approaches have been proposed to address them, including "architectural tactics". Specialized technical communities have developed approaches from their own perspective; in particular, security researchers have proposed "security patterns". This article describes a systematic attempt to compare both approaches, through an experimental study of the impact of chosen approach and participants' experience on the quality and effort of design decisions by non-security experts. We gathered practicing developers and graduate students, each group including novices and experts; trained subjects in both techniques; gave them a relatively simple problem (a tsunami warning system under current development); and measured the rate of effectively addressed threats (quality) and elapsed time to answer (effort). Based on previous experience, we had conjectured that security patterns would improve novices' quality but security tactics would improve experts' speed; however, preliminary results indicate that while experts were better than novices at identifying threats, they are no better at mitigating them. Further introspection suggests that more mature theories of tactics and patterns are still required for experimental comparison of architectural approaches.
Original languageEnglish
Pages378-391
Number of pages14
Publication statusPublished - 1 Jan 2014
EventCIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering -
Duration: 1 Jan 2014 → …

Conference

ConferenceCIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering
Period1/01/14 → …

Fingerprint Dive into the research topics of 'An exploratory comparison of security patterns and tactics to harden systems'. Together they form a unique fingerprint.

  • Cite this

    Noël, R., Pedraza-García, G., Astudillo, H., & Fernández, E. B. (2014). An exploratory comparison of security patterns and tactics to harden systems. 378-391. Paper presented at CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering, .