WICSA 2011 BTPI: Tactics and Patterns in Information Security
From WICSA Conference Wiki
Organizers:
- Rick Kazman, University of Hawaii/Software Engineering Institute
- Jungwoo Ryoo, Penn State University
When: Tuesday, 21 June, 18:00–19:00
We define tactic as an atomic design primitive intended for a software architect to reason about architectural design solutions that directly affect a single quality attribute such as security, without considering other quality attributes. Our main hypothesis is that tactics can be used as building blocks to compose patterns.
Currently, most practitioners skip the tactics stage and jump directly into designing with patterns, which makes the design process more challenging and often overwhelming. The choices of tactics and patterns are interwoven into the architectural phase.
As of this writing, the distinction between tactics and patterns is not clearly distinguished and disseminated in the research and practice literature. In fact, many tactics appear to be misidentified as patterns simply due to the lack of awareness of the concept of a tactic. One of our research goals is to identify the tactics misclassified as patterns and to reclassify them as tactics.
During this BoF, we plan to exchange ideas on the core premises of a tactics extraction and validation methodology. Participants will be presented with some security patterns from the community. We will brainstorm together which of these are patterns and which are true design primitives and hence should be reclassified as tactics.
Materials
- Survey
- We would like you to take this survey before you come to our BoF session if possible.
- Pattern Descriptions
- Please read the descriptions of the patterns we will discuss during our meeting if you can.
- Send us an e-mail at jryoo@psu.edu if there are any important patterns, you think, we missed from this list.
Attendees
- Rick Kazman
- Jungwoo Ryoo
- I co-proposed this workshop because I believe tactics are crucial in designing secure software and deserve more attention in the research community.
- Add Your Name Here if you think you will attend
- and anything you want to say to stimulate discussion
