Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management / Edition 1 available in Paperback
About the Author
Christopher Steel, CISSP, ISSAP, is the President and CEO of FortMoon Consulting and was recently the Chief Architect on the U.S. Treasury's Pay.gov project. He has over fifteen years experience in distributed enterprise computing with a strong focus on application security, patterns, and methodologies. He presents regularly at local and industry conferences on security-related topics.
Ramesh Nagappan is a Java Technology Architect at Sun Microsystems. With extensive industry experience, he specializes in Java distributed computing and security architectures for mission-critical applications. Previously he coauthored three best-selling books on J2EE, EAI, and Web Services. He is an active contributor to open source applications and industry-standard initiatives, and frequently speaks at industry conferences related to Java, XML, and Security.
Ray Lai, Principal Engineer at Sun Microsystems, has developed and architected enterprise applications and Web services solutions for leading multinational companies ranging from HSBC and Visa to American Express and DHL. He is author of J2EE Platform Web Services (Prentice Hall, 2004).
Table of Contents
Foreword by Judy Lin.
Foreword by Joe Uniejewski.
About the Authors.
1. Security by Default.
Business Challenges Around Security
What Are the Weakest Links?
The Impact of Application Security
The Four W's
Strategies for Building Robust Security
Proactive and Reactive Security
The Importance of Security Compliance
The Importance of Identity Management
The Importance of Java Technology
Making Security a "Business Enabler"
2. Basics of Security.
Security Requirements and Goals
The Role of Cryptography in Security
The Role of Secure Sockets Layer (SSL)
The Importance and Role of LDAP in Security
Common Challenges in Cryptography
II. JAVA SECURITY ARCHITECTURE AND TECHNOLOGIES.
3. The Java 2 Platform Security.
Java Security Architecture
Java Applet Security
Java Web Start Security
Java Security Management Tools
J2ME Security Architecture
Java Card Security Architecture
Securing the Java Code
4. Java Extensible Security Architecture and APIs.
Java Extensible Security Architecture
Java Cryptography Architecture (JCA)
Java Cryptographic Extensions (JCE)
Java Certification Path API (CertPath)
Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Service (JAAS)
Java Generic Secure Services API (JGSS)
Simple Authentication and Security Layer (SASL)
5. J2EE Security Architecture.
J2EE Architecture and Its Logical Tiers
J2EE Security Definitions
J2EE Security Infrastructure
J2EE Container-Based Security
J2EE Component/Tier-Level Security
J2EE Client Security
EJB Tier or Business Component Security
EIS Integration Tier-Overview
J2EE Architecture--Network Topology
J2EE Web Services Security-Overview
III. WEB SERVICES SECURITY AND IDENTITY MANAGEMENT.
6. Web Services Security--Standards and Technologies.
Web Services Architecture and Its Building Blocks
Web Services Security--Core Issues
Web Services Security Requirements
Web Services Security Standards
XML Key Management System (XKMS)
OASIS Web Services Security (WS-Security)
WS-I Basic Security Profile
Java-Based Web Services Security Providers
XML-Aware Security Appliances
7. Identity Management Standards and Technologies.
Identity Management--Core Issues
Understanding Network Identity and Federated Identity
Introduction to SAML
SAML Usage Scenarios
The Role of SAML in J2EE-Based Applications and Web Services
Introduction to Liberty Alliance and Their Objectives
Liberty Alliance Architecture
Liberty Usage Scenarios
The Nirvana of Access Control and Policy Management
Introduction to XACML
XACML Data Flow and Architecture
XACML Usage Scenarios
IV. SECURITY DESIGN METHODOLOGY, PATTERNS, AND REALITY CHECKS.
8. The Alchemy of Security Design--Methodology, Patterns, and Reality Checks.
Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning
Adopting a Security Framework
Refactoring Security Design
Service Continuity and Recovery
V. DESIGN STRATEGIES AND BEST PRACTICES.
9. Securing the Web Tier--Design Strategies and Best Practices.
Web-Tier Security Patterns
Best Practices and Pitfalls
10. Securing the Business Tier--Design Strategies and Best Practices.
Security Considerations in the Business Tier
Business Tier Security Patterns
Best Practices and Pitfalls
11. Securing Web Services--Design Strategies and Best Practices.
Web Services Security Protocols Stack
Web Services Security Infrastructure
Web Services Security Patterns
Best Practices and Pitfalls
12. Securing the Identity--Design Strategies and Best Practices.
Identity Management Security Patterns
Best Practices and Pitfalls
13. Secure Service Provisioning--Design Strategies and Best Practices.
User Account Provisioning Architecture
Introduction to SPML
Service Provisioning Security Pattern
Best Practices and Pitfalls
VI. PUTTING IT ALL TOGETHER.
14. Building End-to-End Security Architecture--A Case Study.
Use Case Scenarios
VII. PERSONAL IDENTIFICATION USING SMART CARDS AND BIOMETRICS.
15. Secure Personal Identification Strategies Using Smart Cards and Biometrics.
Physical and Logical Access Control
Smart Card-Based Identification and Authentication
Biometric Identification and Authentication
Multi-factor Authentication Using Smart Cards and Biometrics
Best Practices and Pitfalls
"The problems that exist in the world todaycannot be solved by the level of thinking that created them."--Albert Einstein
Security now has unprecedented importance in the information industry. It compels every business and organization to adopt proactive or reactive measures that protect data, processes, communication, and resources throughout the information lifecycle. In a continuous evolution, every day a new breed of business systems is finding its place and changes to existing systems are becoming common in the industry. These changes are designed to improve organizational efficiency and cost effectiveness and to increase consumer satisfaction. These improvements are often accompanied by newer security risks, to which businesses must respond with appropriate security strategies and processes. At the outset, securing an organization's information requires a thorough understanding of its security-related business challenges, potential threats, and best practices for mitigation of risks by means of appropriate safeguards and countermeasures. More importantly, it becomes essential that organizations adopt trusted proactive security approaches and enforce them at all levels--information processing, information transmittal, and information storage.
What This Book Is About
This book is meant to be a hands-on practitioner's guide to security. It captures a wealth of experience about using patterns-driven and best practices-based approaches to building trustworthy IT applications and services. The primary focus of the book is on the introduction of a security design methodology using a proven set of reusable patterns, best practices, reality checks, defensive strategies, and assessment checklists that can be applied to securing J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification. The book presents a catalog of 23 new security patterns and 101 best practices, identifying use case scenarios, architectural models, design strategies, applied technologies, and validation processes. The best practices and reality checks provide hints on real-world deployment and end-user experience of what works and what does not. The book also describes the architecture, mechanisms, standards, technologies, and implementation principles of applying security in J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification and explains the required fundamentals from the ground up.
Starting with an overview of today's business challenges, including the identification of security threats and exploits and an analysis of the importance of information security, security compliance, basic security concepts, and technologies, the book focuses in depth on the following topics:
- Security mechanisms in J2SE, J2EE, J2ME, and Java Card platforms
- Web Services security standards and technologies
- Identity Management standards and technologies
- Security design methodology, patterns, best practices, and reality checks
- Security patterns and design strategies for J2EE applications
- Security patterns and design strategies for Web Services
- Security patterns and design strategies for Identity Management
- Security patterns and design strategies for Service Provisioning
- Building an end-to-end security architecture--case study
- Secure Personal Identification strategies for using Smart Cards and Biometrics
The book emphasizes the use of the Java platform and stresses its importance in developing and deploying secure applications and services.
What This Book Is Not
While this book is heavily based on Java technologies, we do not describe the specific Java APIs intended for basic J2EE application development (e.g., JSPs, Servlets, and EJB). If you wish to learn the individual API technologies, we highly recommend the J2EE blueprints, tutorials, and recommended books on the official Java home page at http://java.sun.com.
We use UML diagrams to document the patterns and implementation strategies. If you wish to learn the UML basics, please refer to The Unified Modeling Language User Guide by Grady Booch, James Rumbaugh, and Ivar Jacobson (Addison-Wesley, 1999).
Who Should Read This Book?
This book is meant for all security enthusiasts, architects, Java developers, and technical project managers who are involved with securing information systems and business applications. The book is also valuable for those who wish to learn basic security concepts and technologies related to Java applications, Web Services, Identity Management, Service Provisioning, and Personal Identification using Smart Cards and Biometrics.
The book presumes that the reader has a basic conceptual knowledge of development and deployment of business applications using Java. We have attempted to write this book as an introduction to all security mechanisms used in the design, architecture, and development of applications using the Java platform. We intended our use of the methodology, patterns, best practices, and pitfalls to be an invaluable resource for answering the real-world IT security problems that software architects and developers face every day.
Most of us no longer have time to read a software development book from cover to cover. Therefore, we have broken this book into different technology parts; the book may thus be read in almost in any sequence according to the reader's specific interests.
How This Book Is Organized
The content of this book is organized into seven parts:
Part I: Introduction
Part I introduces the current state of the industry, business challenges, and various application security issues and strategies. It then presents the basics of security.
Chapter 1: Security by Default
This first chapter describes current business challenges, the weakest links of security, and critical application flaws and exploits. It introduces the security design strategies, concepts of patterns-driven security development, best practices, and reality checks. It also highlights the importance of security compliance, Identity Management, the Java platform, and Personal Identification technologies such as Smart Cards and Biometrics. In addition, this chapter presents security from a business perspective and offers recommendations for making a case for security as a business enabler that delivers specific benefits.
Chapter 2: Basics of Security
This chapter introduces the fundamentals of security, including the background and guiding principles of various security technologies. It also provides a high-level introduction to securing applications by using popular cryptographic techniques. In addition, it discusses basic concepts about the role of directory services and identity management in security.
Part II: Java Security Architecture and Technologies
Part II provides in-depth coverage and demonstration of security practices using J2SE, J2EE, J2ME, and Java Card technologies. It delves into the intricate details of Java platform security architecture and its contribution to the end-to-end security of Java-based application solutions.
Chapter 3: The Java 2 Platform Security
This chapter explores the inherent security features of the various Java platforms and the enabling of Java security in stand-alone Java applications, applets, Java Web start (JNLP) applications, J2ME MIDlets, and Java Card applets. It also explores how to use Java security management tools to manage keys and certificates. This chapter also discusses the importance of applying Java code obfuscation techniques.
Chapter 4: Java Extensible Security Architecture and APIs
This chapter provides an in-depth discussion of the Java extensible security architecture and its API framework as well as how to utilize those API implementations for building end-to-end security in Java-based application solutions. In particular, the chapter illustrates how to use Java security APIs for applying cryptographic mechanisms and public-key infrastructure, how to secure application communica*tion, and how to plug in third-party security providers in Java-based applications.
Chapter 5: J2EE Security Architecture
This chapter explains the J2EE security architecture and mechanisms and then illustrates how to apply them in the different application tiers and components. It features in-depth coverage of the J2EE security mechanisms applied to Web components (JSPs, Servlets, and JSFs), business components (EJBs), and integration components (JMS, JDBC, and J2EE connectors). This chapter also highlights J2EE-based Web services security and relevant technologies. In addition, it illustrates the different architectural options for designing a DMZ network topology that delivers security to J2EE applications in production.
Part III: Web Services Security and Identity Management
Part III concentrates on the industry-standard initiatives and technologies used to enable Web services security and identity management.
Chapter 6: Web Services Security--Standards and Technologies
This chapter explains the Web services architecture, its core building blocks, common Web services security threats and vulnerabilities, Web services security requirements and Web services security standards and technologies. It provides in-depth details about how to represent XML-based security using industry-standard initiatives such as XML Signature, XML Encryption, XKMS, WS-Security, SAML Profile, REL Profile and WS-I Basic Security Profile. In addition, this chapter also introduces the Java-based Web services infrastructure providers and XML-aware security appliances that facilitate support for enabling security in Web services.
Chapter 7: Identity Management--Standards and Technologies
This chapter provides an in-depth look at the standards and technologies essential for managing identity information. It highlights the identity management challenges and then introduces the architectural models for implementing standards-based identity management. It illustrates how to represent XML standards such as SAML, XACML and Liberty Alliance (ID-*) specifications for enabling federated identity management and identity-enabled services.
Part IV: Security Design Methodology, Patterns, and Reality Checks
Part IV describes a security design methodology and introduces a patterns-driven security design approach that can be adopted as part of a software design and development process.
Chapter 8: The Alchemy of Security Design-Security Methodology, Patterns, and Reality Checks
This chapter begins with a high-level discussion about the importance of using a security design methodology and then details a security design process for identifying and applying security practices throughout the software life cycle including architecture, design, development, deployment, production, and retirement. The chapter describes various roles and responsibilities and explains core security analysis processes required for the analysis of risks, trade-offs, effects, factors, tier options, threat profiling, and trust modeling. This chapter also introduces the security design patterns catalog and security assessment checklists that can be applied during application development to address security requirements or provide solutions.
Part V: Design Strategies and Best Practices
Part V presents the security patterns, strategies, and best practices categorized specific to J2EE application tiers, Web services, Identity Management, and Service Provisioning.
Chapter 9: Securing the Web Tier--Design Strategies and Best Practices
This chapter presents seven security patterns that pertain to designing and deploying J2EE Web-tier and presentation components such as JSPs, servlets, and other related components. Each pattern addresses a common problem associated with the Web-tier or presentation logic and describes a design solution illustrating numerous implementation strategies. It describes the results of using the pattern, highlights security factors and their associated risks when using the pattern, and demonstrates verification of pattern applicability through the use of reality checks. The chapter also provides a comprehensive list of best practices for securing J2EE Web components and Web-based applications.
Chapter 10: Securing the Business Tier--Design Strategies and Best Practices
This chapter presents seven security patterns that pertain to designing and deploying J2EE Business-tier components such as EJBs, JMS, and other related components. Each pattern addresses a set of security problems associated with the Business tier and describes a design solution illustrating numerous implementation strategies along with the results of using the pattern. It highlights security factors and associated risks of using the Business-tier security pattern and finally verifies pattern applicability through the use of reality checks. The chapter also provides a comprehensive list of best practices and pitfalls in securing J2EE business components.
Chapter 11: Securing Web Services--Design Strategies and Best Practices
This chapter presents three security patterns that pertain to designing and deploying Web services. The chapter begins with a discussion of the Web services security infrastructure and key components that contribute to security. Then it describes each pattern, addresses the security problems associated with Web services, and describes a design solution illustrating numerous implementation strategies and consequences of using the Web services pattern. It also highlights security factors and associated risks using the pattern and verifies pattern applicability using reality checks. Finally, the chapter provides a comprehensive list of best practices and pitfalls in securing Web services.
Chapter 12: Securing the Identity-Design Strategies and Best Practices
This chapter presents three security patterns that pertain to Identity Management. Each pattern addresses an Identity Management-specific issue, describes a design solution illustrating implementation strategies, presents the results of using the pattern, and then highlights security factors and associated risks using the pattern. Finally, the chapter verifies pattern applicability using reality checks. It also provides a comprehensive list of best practices in Identity Management.
Chapter 13: Secure Service Provisioning--Design Strategies and Best Practices
This chapter begins with a high-level discussion of business challenges, the scope of Service Provisioning, and the relationship of Service Provisioning to Identity Management. Then it details the process for user account provisioning and discusses various architecture and application scenarios. It presents a security pattern that applies to user account provisioning and illustrates implementation strategies and the results of using the pattern. Then it highlights security factors and associated risks involved with using the pattern and verify pattern applicability using reality checks. This chapter also introduces SPML and its relevance in Service Provisioning. Finally, the chapter provides a comprehensive list of best practices for Service Provisioning.
Part VI: Putting It All Together
Part VI presents a case study that illustrates a real-world security implementation scenario and describes how to put the security design process to work using the patterns and best practices.
Chapter 14: Building an End-to-End Security Architecture--Case Study
This chapter uses a real-world example of a Web portal that shows how to define and implement an end-to-end security solution using the security design methodology, design patterns, and best practices introduced in this book. The chapter walks through the security design process, illustrating how to analyze and identify risks, how to balance trade-offs, how to identify and apply security patterns, and how to perform factor analysis, tier analysis, threat profiling, and reality checks.
The chapter also provides details about how to adopt a patterns-driven security design process, the pertinent do's and don'ts, and describes how to align security in different logical tiers together to deliver end-to-end security.
Part VII: Personal Identification Using Smart Cards and Biometrics
Part VII provides in-depth coverage on Personal Identification using Smart Cards and Biometrics. It delves into the enabling technologies, architecture, implementation strategies of using Smart Cards, Biometrics and combination of both.
Chapter 15: Secure Personal Identification Using Smart Cards and Biometrics
This chapter explores the concepts, technologies, architectural strategies, and best practices for implementing secure Personal Identification and authentication using Smart Cards and Biometrics. The chapter begins with a discussion of the importance of converging physical and logical access control and the role of using Smart Cards and Biometrics in Personal Identification. This chapter illustrates the architecture and implementation strategies for enabling Smart Cards and Biometrics-based authentication in J2EE-based enterprise applications, UNIX, and Windows environments as well as how to combine these in multifactor authentication. Finally, the chapter provides a comprehensive list of best practices for using Smart Cards and Biometrics in secure Personal Identification.
Companion Web Site
The official companion Web site for this book is www.coresecuritypatterns.com. All example illustrations found within this book can be downloaded from that site. The site will also include errata, changes, updates, and additional reading recommendations and references.
The Prentice Hall Web site for this book is http://www.phptr.com/title/ 0131463071.
The authors would like to receive reader feedback, so we encourage you to post questions using the discussion forum linked to the Web site. You can also contact the authors at their prospective email addresses. Contact information can be found at www.coresecuritypatterns.com. The Web site also includes a reader's forum for public subscription and participation. Readers may also post their questions, share their views, and discuss related topics.
Welcome to Core Security Patterns. We hope you enjoy reading this book as much as we enjoyed writing it. We trust that you will be able to adopt the theory, concepts, techniques, and approaches that we have discussed as you design, deploy, and upgrade the security of your IT systems--and keep those systems immune from all security risks and vulnerabilities in the future.
--Chris, Ramesh, and Ray