Towards A Pattern-Based Security Methodology To Build Secure Information Systems

Methodologies for the construction of secure systems provide a controlled, planned development process, with verifications in all stages, thus avoiding unexpected errors and leading to an improvement in the quality and security of the system produced. These methodologies can be enriched from the use of security patterns, since these tools are widely accepted by both the scientific community and industry for the construction of secure information systems owing to the fact that they accumulate security experts' knowledge in a documented and structured manner, thus providing a systematic means to solve recurrent problems. In this paper we present a first approximation of a pattern based security methodology to support both the construction of secure information systems and maintenance of the level of security attained. This proposal is based on real case studies, and is now in the first stages of application in real settings. Interesting results are already appearing that will allow us to refine and validate the proposal.