Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns

Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns

Language: English

Pages: 255

ISBN: 3319352180

Format: PDF / Kindle (mobi) / ePub

Cyberpatterns are predictable regularities in cyberspace helping us to design and implement more effective and secure systems, and to detect and respond to breaches, failures and deficiencies in operational systems.

Cyberpatterns is in its infancy and there are many challenges including:
* Developing a scientific foundation of pattern-oriented research methods
* Developing better engineering practice in novel application domains such as for cloud and cyberphysical systems
* Constructing a sharable knowledge-base to aid education of students, design of novel systems and the development of automated design tools
* Innovative applications of design patterns to pattern recognition and big data

* Presents the state-of-the-art in the novel field of cyberpatterns
* Demonstrates the application of patterns to cyber security and other key cyberspace domains
* Supports the development of a sound scientific, engineering and mathematical foundation for cyberspace

This important new book provides an introduction to and coverage of the state-of-the-art of cyberpatterns, from a theoretical standpoint and via practical applications, bringing together different interdisciplinary areas under one roof to portray a holistic view of the underlying principles and mechanisms of cyberpatterns.



















Exploring the inconsistency between the horizontal scope of the problem compared with the lifecycle stage when the pattern is developed and its level of abstraction Establishing a systematic methodology with guidelines for incorporating security patterns within the various development stages to aid their differing objectives Developing patterns within fresh domains and applications such as data patterns Abstracting and modelling the processes and techniques involved in each lifecycle stage to

Evidently, our architectural three-layer model shown in Fig. 1 is inspired by the OSI model, but we explicitly model people at the social level rather than their logical user accounts, and the physical world that is underneath the purely logical OSI network model. In addition, our logical layers are also more abstract and general, as they incorporate all computational aspects, including storage, processing and control, not only networking. More details on these and other design issues, such as

elaboration in Hoglund and McGraw’s book [4]. These are not patterns in the sense of design patterns, as most sections are missing from their templates. Finally, Barnum and Sethi [2] standardised what is now understood as an attack pattern with a comprehensive template consistent with design patterns. They subsequently described the use of attack patterns [5] to help testers act like attackers attempting to break into systems, alluding to our concept of aiding pen testing of operational systems.

type of attack, which can be particularised by incorporating known information about the system under test to aid grey box testing. Firstly, we discuss relevant security frameworks used in pen testing. Most security testing templates have few sections and focus on the specific test data without considering the surrounding context. The Information Systems Security Assessment Framework (ISSAF) [16] from the Open Information Systems Security Group (OISSG) is a very comprehensive framework that

Being a normal business routine, this category of non-criminal scripts can typically be extracted from the established business processes in an organisation. These processes could either be designed or ad-hoc; with the former it could be that the actual routine is different from the one designed, e.g. in cases when users find it difficult to comply with designed procedures [4]. Examples of scripts of attackers and regular users are illustrated below: Users’ generic script:1.User is asked to

Download sample