1. Technical Field
The present invention relates generally to designing information technology (IT) solutions, and more specifically to a system and method for designing secure IT solutions using patterns.
2. Related Art
The repeatable practice of designing and integrating information technology (IT) solutions that satisfy the totality of business and security requirements, i.e., correct and reliable operation, has several inhibitors. These inhibitors include: (1) the organizational challenge of enumerating the totality of security and business requirements; (2) the analytical challenge of combining, organizing and articulating the resulting solution approach in a coherent manner; and (3) the technical challenge of designing, integrating and validating the information technology solution using prevailing technologies and components.
Patterns-based design seeks to reduce the variability in the analytical and technical challenges in the design process by leveraging artifacts as design models. While there are contemporary approaches for information technology solution design using patterns, these approaches tend to consider topology, i.e., network topology, etc. Using contemporary topology artifacts for patterns-based design for security has drawbacks because while these models represent current practice, they do not necessarily represent the best possible practice.
A design model that focuses strictly on a given business context is at risk of missing the security concerns that are independent of the business view, and conversely, a design model that is independent of business context is at risk of missing the security concerns that are specific to a business. Published catalogs, such as Patterns for e-Business provide design models that support a range of business contexts. There is a need for similar models that reflect both the business-related and information technology related aspects of security.
U.S. patent application Publication No.: US2002/0157015, “Method and Systems for Designing a Secure Solution” describes a method for systematically applying a totality of security requirements as defined in International Standard ISO 15408. U.S. patent application Publication No.: 2003/0040920, “Architecture designing method and system for e-business solutions,” describes a method for systematically designing solutions based upon business requirements, using patterns. Both references are hereby incorporated by reference.
Unfortunately, the above references do not teach a comprehensive approach to architecting a secure solution using patterns. Accordingly, a system is needed for designing secure IT solutions.