search menu icon-carat-right cmu-wordmark

Secure Design Patterns

Technical Report
In this report, the authors describe a set of general solutions to software security problems that can be applied in many different situations.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2009-TR-010
DOI (Digital Object Identifier)
10.1184/R1/6583640.v1

Abstract

The cost of fixing system vulnerabilities and the risk associated with vulnerabilities after system deployment are high for both developers and end users. While there are a number of best practices available to address the issue of software security vulnerabilities, these practices are often difficult to reuse due to the implementation-specific nature of the best practices. In addition, greater understanding of the root causes of security flaws has led to a greater appreciation of the importance of taking security into account in all phases in the software development life cycle, not just in the implementation and deployment phases. This report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Rather than focus on the implementation of specific security mechanisms, the secure design patterns detailed in this report are meant to eliminate the accidental insertion of vulnerabilities into code or to mitigate the consequences of vulnerabilities. The patterns were derived by generalizing existing best security design practices and by extending existing design patterns with security-specific functionality. They are categorized according to their level of abstraction: architecture, design, or implementation.  

Six new secure design patterns were added to the report in an October 2009 update.

Cite This Technical Report

Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., & Togashi, K. (2009, October 1). Secure Design Patterns. (Technical Report CMU/SEI-2009-TR-010). Retrieved June 24, 2024, from https://doi.org/10.1184/R1/6583640.v1.

@techreport{dougherty_2009,
author={Dougherty, Chad and Sayre, Kirk and Seacord, Robert and Svoboda, David and Togashi, Kazuya},
title={Secure Design Patterns},
month={Oct},
year={2009},
number={CMU/SEI-2009-TR-010},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6583640.v1},
note={Accessed: 2024-Jun-24}
}

Dougherty, Chad, Kirk Sayre, Robert Seacord, David Svoboda, and Kazuya Togashi. "Secure Design Patterns." (CMU/SEI-2009-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2009. https://doi.org/10.1184/R1/6583640.v1.

C. Dougherty, K. Sayre, R. Seacord, D. Svoboda, and K. Togashi, "Secure Design Patterns," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2009-TR-010, 1-Oct-2009 [Online]. Available: https://doi.org/10.1184/R1/6583640.v1. [Accessed: 24-Jun-2024].

Dougherty, Chad, Kirk Sayre, Robert Seacord, David Svoboda, and Kazuya Togashi. "Secure Design Patterns." (Technical Report CMU/SEI-2009-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2009. https://doi.org/10.1184/R1/6583640.v1. Accessed 24 Jun. 2024.

Dougherty, Chad; Sayre, Kirk; Seacord, Robert; Svoboda, David; & Togashi, Kazuya. Secure Design Patterns. CMU/SEI-2009-TR-010. Software Engineering Institute. 2009. https://doi.org/10.1184/R1/6583640.v1