Secure Design Patterns

The cost of fixing system vulnerabilities and the risk associated with vulnerabilities after system deployment are high for both developers and end users. While there are a number of best practices available to address the issue of software security vulnerabilities, these practices are often difficult to reuse due to the implementation-specific nature of the best practices. In addition, greater understanding of the root causes of security flaws has led to a greater appreciation of the importance of taking security into account in all phases in the software development life cycle, not just in the implementation and deployment phases. This report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Rather than focus on the implementation of specific security mechanisms, the secure design patterns detailed in this report are meant to eliminate the accidental insertion of vulnerabilities into code or to mitigate the consequences of vulnerabilities. The patterns were derived by generalizing existing best security design practices and by extending existing design patterns with security-specific functionality. They are categorized according to their level of abstraction: architecture, design, or implementation.

Six new secure design patterns were added to the report in an October 2009 update.

PDF [1164 KB]

Authors

Chad Dougherty

Kirk Sayre

Robert C. Seacord

David Svoboda

Kazuya Togashi (JPCERT/CC)

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2009-TR-010
October 2009

Cite This Report

SEI:

Dougherty, Chad; Sayre, Kirk; Seacord, Robert; Svoboda, David; & Togashi, Kazuya. Secure Design Patterns (CMU/SEI-2009-TR-010). Software Engineering Institute, Carnegie Mellon University, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm

IEEE:

C. Dougherty, K. Sayre, R. Seacord, D. Svoboda, and K. Togashi, "Secure Design Patterns," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2009-TR-010, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm

APA:

Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., & Togashi, K. (2009). Secure Design Patterns (CMU/SEI-2009-TR-010). Retrieved May 18, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm

CHI:

Dougherty, Chad, Kirk Sayre, Robert Seacord, David Svoboda, and Kazuya Togashi. Secure Design Patterns (CMU/SEI-2009-TR-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm

MLA:

Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., & Togashi, K. 2009. Secure Design Patterns (Technical Report CMU/SEI-2009-TR-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.