This is a collection of academic papers. It falls toward the theory end of the theory-practice spectrum. Blackwell and Zhu are major contributors to the work as well as being joint editors. The papers, as a collection, provide a framework for further study. They present formalized methods, vocabulary, and ontology for describing security and attack patterns in the information systems domain. It is recommended reading for academics with an interest in the area. Its secondary audience would be security professionals and software developers. Members of the secondary audience may find it heavy going, because of its theoretical orientation.
The Oxford Brookes University is not to be confused with Oxford University. The Oxford Brookes University started as a School of Arts in 1865. In 1992, it was upgraded from a polytechnic to a university by government legislation. Since 2012, an annual conference on cyberpatterns has been held there. The use of patterns in software security is a relatively new development in the study of software patterns.
The 21 presented papers are organized into seven parts. Each part begins with a summary of the constituent papers.
Part 1 comprises two introductory papers, one by each of the editors. They describe the state of current research, and propose future directions, with particular emphasis on secure systems. The three papers in Part 2 present a theoretical discussion of patterns as applied to the general area of software development.
There are three papers in Part 3, introducing patterns as applied to the security domain. One focuses on aspect-oriented programming for cross-cutting domains such as security. The second, chapter 7, looks at network resilience and the problems inherent in managing conflicting interpretations of a sudden increase in network traffic, a denial of service attack, or a flash crowd event. The third discusses secure service development.
Part 4, an introduction to attack patterns, has five interesting papers. Chapter 9, the first, presents a method of formally describing and categorizing attack patterns. Chapter 10 provides guidance in recognizing attack patterns. Penetration testing, using attack patterns to develop a new framework for testing, is the topic of chapter 11. In chapter 12, the authors offer concepts to assist in the prevention and discovery of memory corruption vulnerabilities introduced in software development. Chapter 13, “‘Weird Machine’ Patterns,” describes the methodology of exploit development. It compares and contrasts it with conventional software development. It lists a wide range of exploitation techniques and enumerates the papers describing them in detail.
The three papers in Part 5 explore sociotechnical aspects of patterns. Chapter 14 proposes a framework based on an adaptation of an existing framework from the general crime prevention space to the cybercrime space. A prototype workbench tool is described in chapter 15. Chapter 16 describes a risk assessment methodology using pre-mortems, scenarios where it is assumed that the system has failed; reasons for its failure are elicited from stakeholders.
Artificial intelligence (AI) and pattern matching are the focus of the four papers in Part 6. The first examines the potential uses of AI in computer security and forensics. The second, chapter 18, discusses the partitional clustering of malware using k-means. Chapter 19 proposes a novel method of monitoring running services, and chapter 20 describes methods of extracting geospatial information from a hard drive.
Part 7, “The Future,” is a paper jointly written by the editors outlining future directions for research.
This well-written book achieves its purposes--to describe the current state of research in the subject area and to outline directions for future research--quite well.
