Yurina Ito, Hironori Washizaki, Masatoshi Yoshizawa, Yoshiaki Fukazawa,
Takao Okubo, Haruhiko Kaiya, Atsuo Hazeyama, Nobukazu Yoshioka, Eduardo B. Fernandez, “Systematic Mapping of Security Patterns Research,” Proceedings of the 22nd Conference on Pattern Languages of Programs Conference 2015 (PLoP 2015), October 24-26, Pittsburgh, Pennsylvania, USA. (CORE Rank B) (to appear)

Security patterns (SPs) are reusable solutions to security problems. We study here research papers that use security patterns to build secure systems or analyze the nature of security patterns. The goal of this paper is neither listing nor direct mapping of existing over 200 SPs but finding about how SPs are being investigated within research works to guide future research targeting SPs. Although the number of SPs has recently grown, two critical problems remain due to the diversity in the results themselves and how they are shared. First, it is unclear whether or not the field is actively growing. Second, the trends in SP research (e.g., research content and their modeling methods of SPs) are uncertain. To elucidate the current trends, herein we classify 30 works on SPs using a technique called systematic mapping (SM), which reveals the following characteristics. As the frequency of less common patterns (e.g., reference monitor) increases, the amount of practical research (e.g., experimental evaluations) also increases; Regardless of SPs to be dealt with, the most common SP modeling method is UML followed by other modeling methods for specific purposes, demonstrating the importance of modeling methods complementing each other; Currently one the most common research topics is applying SPs, suggesting that the demand for efficient and reliable techniques to applying SPs is high; Future studies should examine other SPs in addition to access control to handle various threats as well as to investigate the analysis/requirement and test phases; Accumulated knowledge on SPs should improve research requiring precise modeling.