PLENARY
Security Design Patterns

In April 2004, the Security Forum of The Open Group published a set of Security Design Patterns. This was a major contribution to the Design Patterns world, as has been proved through the high numbers of downloads of the published Technical Guide (over 500 downloads in the first four months) and the warm reception by the Design Patterns community of experts. The Open Group has produced a short "Introduction to Security Design Patterns" booklet to provide a brief description of the origins and methodology underlying the design patterns approach to architecting and designing IT systems. This booklet is effectively extracted from the introductory chapters in the complete Technical Guide that was published in April 2004.

In this special plenary presentation, Bob Blakley - lead author of these Security Design Patterns - gave an introduction to what Design Patterns are, their history, and why they are a good architectural description technique. He illustrated how they are used by enlisting the assistance of several of the major design pattern contributors from the Security Forum, to demonstrate the roles that the "actors" in a security design pattern play.

Allen said he views the design patterns approach to architecting IT systems as complementary to TOGAF and its Architecture Development Method (ADM), and as such it represents an important contribution to our toolset for doing IT systems architecture. He invited everyone to take a copy of the Introduction to Security Design Patterns booklet, and to become involved in using design patterns.

Allen then presented special Award Plaques to the principal authors of the Technical Guide to Security Design Patterns - Bob Blakley (IBM-Tivoli) and Craig Heath (Symbian) - with a further Award Plaque to the contributing members of the Security Forum, received by the Security Forum chairman Mike Jerbic (Trusted Systems Consulting Group).

Security Design Patterns
Bob Blakley, Chief Scientist, Security & Privacy, IBM-Tivoli

Bob acknowledged his co-author Craig Heath (Symbian) in writing the catalog of Security Design Patterns that appears in the Technical Guide to Security Design Patterns - available as a download from www.opengroup.org/bookstore/catalog/g031.htm - and the contributions by other members of the Security Forum in reviews and production of this guide.

He explained that the design patterns community of experts is a close group of enthusiasts who hold regular conferences in which they "workshop" selected design patterns using a strict code of conduct, to improve their usability and effectiveness. Design patterns are not easy to write, and only the good ones will stand the test of time, this being proved by how often system architects and designers repeat using them in constructing their designs. The good patterns are targeted by this expert community for "workshopping" to make these improvements. Already one of our patterns has undergone analysis in this way, with resultant improvements and wider adoption. We therefore expect to continue to improve and extend our catalog of security design patterns, and to publish them in updated versions.

Our catalog of design patterns in the April 2004 Technical Guide was the first coherent set of patterns that addressed information security design - as such its publication represented a landmark in the design patterns community. The catalog comprises a set of 5 "available system" design patterns, and 7 "protected system" design patterns.

In his presentation, Bob gave the background to design patterns, originating from the buildings community and proposed in a series of books by buildings architect Christopher Alexander over a period 1975-1979. The landmark book on using the design patterns approach in IT systems was "Design Patterns: Elements of Re-usable Object-Oriented Software" by a group of authors who are now popularly known as the Gang of Four (GoF - Gamma, Helm, Johnson, Vlissides). Bob explained what a design pattern is, and what the motivation was to create our catalog of patterns for designing security in IT systems. He went on to cover what design patterns look like, how they are used, and then looked at each pattern in the catalog, in turn explaining what its purpose is in the context of the security of an IT system. After that he described how we use this catalog of patterns to build up a secure system - using what he termed a "generative sequence" process.

At this point he deployed several members of the Security Forum to play a specific role in an example of a security design business scenario - digital rights management (DRM) - to illustrate how the DRM scenario is analyzed into specific requirements, and how the generative sequence process is then used to select design patterns from the catalog that fulfil the operational roles that meet those requirements. At the end of this exercise he pointed out how the failure to complete the design illustrates the problem that the music and other copyright industry faces in implementing effective rights management over their material.

Home · Contacts · Legal · Copyright · Members · News

© The Open Group 1995-2012  Updated on Monday, 15 November 2004