Revisiting Architectural Tactics for Security

Architectural tactics are design decisions intended to improve some system quality factor. Since their initial formulation, they have been formalized, compared with patterns and associated to styles. However, the initial set of tactics for security has only been refined once. We have examined the tactics set and classification from the viewpoint of security research, and concluded that some tactics would be better described as principles or policies, some are not needed, and others do not cover the functions needed to secure systems, which makes them not very useful for designers. We propose here a refined set and classification of architectural tactics for security, which we consider more appropriate than the original and the previously refined sets. We also suggest a possible realization for this modified set. Finally, we conclude that patterns can be complementary and not alternatives because they can be used together: patterns can realize tactics.