Security patterns can be applied to achieve goals in the area of security. All of the classical design patterns have different instantiations to fulfill some information security goal: such as confidentiality, integrity, and availability. Additionally, one can create a new design pattern to specifically achieve some security goal.
Existing security pattern
The pattern community has provided a collection of security patterns, which were discussed in workshops at Pattern Languages of Programs conferences. They have been unified and published in a joint project. The Open Group provides a set of documented security patterns.
Available system patterns
These are patterns that are concerned with the availability of the assets. The assets are either services or resources offered to users.
Check-pointed system pattern describes a design to use replication and recover when a component fails.
Standby pattern has the goal to provide a fall back component able to resume the service of the failing component.
Comparator-checked fault tolerant system pattern provides a way to monitor the failure-free behavior of a component.
Replicated system pattern describes a design of redundant components, and a means of load balancing and redirection in between to decrease the chance of non-availability of the service.
Error detection/correction pattern has the goal to deduce errors and possibly correct them to guarantee correct information exchange or storage.
Protected system patterns
This is a set of patterns concerned with the confidentiality and integrity of information by providing means to manage access and usage of the sensitive data. The protected system pattern provides some reference monitor or enclave that owns the resources and therefore must be bypassed to get access. The monitor enforces as the single point a policy. The GoF refers to it as "Protection Proxy". The policy pattern is an architecture to decouple the policy from the normal resource code. An authenticated user owns a security context that is passed to the guard of resource. The guard checks inside the policy whether the context of this user and the rules match and provides or denies access to the resource. The authenticator pattern is also known as the Pluggable Authentication Modules or Java Authentication and Authorization Service.
This is a set of security patterns evolved by Sun Java Center – Sun Microsystems engineers Ramesh Nagappan and Christopher Steel, which helps building end-to-end security into multi-tier Java EE enterprise applications, XML-based Web services, enabling identity management in Web applications including single sign-on authentication, multi-factor authentication, and enabling Identity provisioning in Web-based applications.
Authentication Enforcer pattern can be used to manage and delegate authentication processes
Authorization Enforcer pattern can be used to manage and delegate authorization processes
Intercepting Validator pattern helps performing security validation for input data from clients
Secure Base Action pattern shows centralizing handling of security tasks in a base action class
Secure Logger pattern can be used to log sensitive data and ensuring tamper-proof storage
Secure Session Manager shows securely centralizing session information handling
Web Agent Interceptor pattern shows how to use an interceptor mechanism to provide security for Web applications
Obfuscated Transfer Object pattern shows how to protect data passed around in transfer objects and between application tiers
Audit Interceptor pattern shows to capture security-related events to support logging and auditing
Message Interceptor Gateway pattern shows a single entry point solution for centralization of security enforcement for incoming and outgoing XML Web Service messages. It helps to apply transport-level and message-level security mechanisms required for securely communicating with a Web services endpoint.
Secure Message Router pattern facilitates secure XML communication with multiple partner endpoints that adopt message-level security. It acts as a security intermediary component that applies message-level security mechanisms to deliver messages to multiple recipients where the intended recipient would be able to access only the required portion of the message and remaining message fragments are made confidential.
Single Sign-On Delegator pattern describes how to construct a delegator agent for handling a legacy system for single sign-on.
Assertion Builder pattern defines how an identity assertion can be built.
Credential Synchroniser pattern describes how to securely synchronize credentials and principals across multiple applications using Identity provisioning
