O'Reilly logo

Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by Eduardo Fernandez-Buglioni

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 16

Building Secure Architectures

Design in art, is a recognition of the relation between various things, various elements in the creative flux. You can’t invent a design. You recognize it, in the fourth dimension. That is, with your blood and your bones, as well as with your eyes.

D H Lawrence

We present now some examples of how the patterns we have described in this book can be used to build secure architectures. We use the methodology we presented in Chapter 3, although other methodologies are also possible. It is even possible not to use any methodology, but in this case the application of the patterns depends entirely on the experience and knowledge of the designer. We first expand some aspects of our methodology, then show four examples taken from different types of applications, from financial [Bra08a], control [Fer10d], legal [Fer07c] and medical domains[Fer05g] [Fer12b] [Sor04] [Sor05].

The examples show the use of the patterns in the following stages of the application lifecycle:

Requirements stage. Use cases define the required interactions with the system. We study each action within a use case and see which attacks are possible. We then determine which policies would stop these attacks. From the use cases we can also determine the required rights for each actor, and thus apply a need-to-know policy.
Analysis stage. Analysis patterns, and in particular semantic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required