You are previewing Security Patterns in Practice: Designing Secure Architectures Using Software Patterns.
O'Reilly logo
Security Patterns in Practice: Designing Secure Architectures Using Software Patterns

Book Description

Learn to combine security theory and code to produce secure systems

Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML.

  • Provides an extensive, up-to-date catalog of security patterns

  • Shares real-world case studies so you can see when and how to use security patterns in practice

  • Details how to incorporate security from the conceptual stage

  • Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and more

  • Author is well known and highly respected in the field of security and an expert on security patterns

Security Patterns in Practice shows you how to confidently develop a secure system step by step.

Table of Contents

  1. Cover
  2. Half Title page
  3. Title page
  4. Copyright page
  5. Dedication
  6. About the Author
  7. About the Foreword Author
  8. Foreword
  9. Preface
  10. Part I: Introduction
    1. Chapter 1: Motivation and Objectives
      1. 1.1 Why Do We Need Security Patterns?
      2. 1.2 Some Basic Definitions
      3. 1.3 The History of Security Patterns
      4. 1.4 Industrial Use of Security Patterns
      5. 1.5 Other Approaches to Building Secure Systems
    2. Chapter 2: Patterns and Security Patterns
      1. 2.1 What is a Security Pattern?
      2. 2.2 The Nature of Security Patterns
      3. 2.3 Pattern Descriptions and Catalogs
      4. 2.4 The Anatomy of a Security Pattern
      5. 2.5 Pattern Diagrams
      6. 2.6 How Can We Classify Security Patterns?
      7. 2.7 Pattern Mining
      8. 2.8 Uses for Security Patterns
      9. 2.9 How to Evaluate Security Patterns and their Effect on Security
      10. 2.10 Threat Modeling and Misuse Patterns
      11. 2.11 Fault Tolerance Patterns
    3. Chapter 3: A Secure Systems Development Methodology
      1. 3.1 Adding Information to Patterns
      2. 3.2 A Lifecyle-Based Methodology
      3. 3.3 Using Model-Driven Engineering
  11. Part II: Patterns
    1. Chapter 4: Patterns for Identity Management
      1. 4.1 Introduction
      2. 4.2 Circle of Trust
      3. 4.3 Identity Provider
      4. 4.4 Identity Federation
      5. 4.5 Liberty Alliance Identity Federation
    2. Chapter 5: Patterns for Authentication
      1. 5.1 Introduction
      2. 5.2 Authenticator
      3. 5.3 Remote Authenticator/Authorizer
      4. 5.4 Credential
    3. Chapter 6: Patterns for Access Control
      1. 6.1 Introduction
      2. 6.2 Authorization
      3. 6.3 Role-Based Access Control
      4. 6.4 Multilevel Security
      5. 6.5 Policy-Based Access Control
      6. 6.6 Access Control List
      7. 6.7 Capability
      8. 6.8 Reified Reference Monitor
      9. 6.9 Controlled Access Session
      10. 6.10 Session-Based Role-Based Access Control
      11. 6.11 Security Logger and Auditor
    4. Chapter 7: Patterns for Secure Process Management
      1. 7.1 Introduction
      2. 7.2 Secure Process/Thread
      3. 7.3 Controlled-Process Creator
      4. 7.4 Controlled-Object Factory
      5. 7.5 Controlled-Object Monitor
      6. 7.6 Protected Entry Points
      7. 7.7 Protection Rings
    5. Chapter 8: Patterns for Secure Execution and File Management
      1. 8.1 Introduction
      2. 8.2 Virtual Address Space Access Control
      3. 8.3 Execution Domain
      4. 8.4 Controlled Execution Domain
      5. 8.5 Virtual Address Space Structure Selection
    6. Chapter 9: Patterns for Secure OS Architecture and Administration
      1. 9.1 Introduction
      2. 9.2 Modular Operating System Architecture
      3. 9.3 Layered Operating System Architecture
      4. 9.4 Microkernel Operating System Architecture
      5. 9.5 Virtual Machine Operating System Architecture
      6. 9.6 Administrator Hierarchy
      7. 9.7 File Access Control
    7. Chapter 10: Security Patterns for Networks
      1. 10.1 Introduction
      2. 10.2 Abstract Virtual Private Network
      3. 10.3 IPSec VPN
      4. 10.4 TLS Virtual Private Network
      5. 10.5 Transport Layer Security
      6. 10.6 Abstract IDS
      7. 10.7 Signature-Based IDS
      8. 10.8 Behavior-Based IDS
    8. Chapter 11: Patterns for Web Services Security
      1. 11.1 Introduction
      2. 11.2 Application Firewall
      3. 11.3 XML Firewall
      4. 11.4 XACML Authorization
      5. 11.5 XACML Access Control Evaluation
      6. 11.6 Web Services Policy Language
      7. 11.7 WS-Policy
      8. 11.8 WS-Trust
      9. 11.9 SAML Assertion
    9. Chapter 12: Patterns for Web Services Cryptography
      1. 12.1 Introduction
      2. 12.2 Symmetric Encryption
      3. 12.3 Asymmetric Encryption
      4. 12.4 Digital Signature with Hashing
      5. 12.5 XML Encryption
      6. 12.6 XML Signature
      7. 12.7 WS-Security
    10. Chapter 13: Patterns for Secure Middleware
      1. 13.1 Introduction
      2. 13.2 Secure Broker
      3. 13.3 Secure Pipes and Filters
      4. 13.4 Secure Blackboard
      5. 13.5 Secure Adapter
      6. 13.6 Secure Three-Tier Architecture
      7. 13.7 Secure Enterprise Service Bus
      8. 13.8 Secure Distributed Publish/Subscribe
      9. 13.9 Secure Model-View-Controller
    11. Chapter 14: Misuse Patterns
      1. 14.1 Introduction
      2. 14.2 Worm
      3. 14.3 Denial-of-Service in VoIP
      4. 14.4 Spoofing Web Services
    12. Chapter 15: Patterns for Cloud Computing Architecture
      1. 15.1 Introduction
      2. 15.2 Infrastructure-as-a-Service
      3. 15.3 Platform-as-a-Service
      4. 15.4 Software-as-a-Service
  12. Part III: Use of the Patterns
    1. Chapter 16: Building Secure Architectures
      1. 16.1 Enumerating Threats
      2. 16.2 The Analysis Stage
      3. 16.3 The Design Stage
      4. 16.4 Secure Handling of Legal Cases
      5. 16.5 SCADA Systems
      6. 16.6 Medical Applications
      7. 16.7 Conclusions
    2. Chapter 17: Summary and the Future of Security Patterns
      1. 17.1 Summary of Patterns
      2. 17.2 Future Research Directions for Security Patterns
      3. 17.3 Security Principles
      4. 17.4 The Future
  13. Appendix A: Pseudocode for XACML Access Control Evaluation
    1. A.1 Pseudocode for retrieveApplicablePolicy()
    2. A.2 Pseudocode for evaluateApplicablePolicy()
  14. Glossary
  15. References
  16. Index of Patterns
  17. Index