Pub. Date:
Security Patterns in Practice: Designing Secure Architectures Using Software Patterns / Edition 1

Security Patterns in Practice: Designing Secure Architectures Using Software Patterns / Edition 1

by Eduardo Fernandez-Buglioni
Current price is , Original price is $65.0. You

Temporarily Out of Stock Online

Please check back later for updated availability.


Learn to combine security theory and code to produce secure systems

Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML.

  • Provides an extensive, up-to-date catalog of security patterns
  • Shares real-world case studies so you can see when and how to use security patterns in practice
  • Details how to incorporate security from the conceptual stage
  • Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and more
  • Author is well known and highly respected in the field of security and an expert on security patterns

Security Patterns in Practice shows you how to confidently develop a secure system step by step.

Product Details

ISBN-13: 9781119998945
Publisher: Wiley
Publication date: 04/15/2013
Series: Wiley Software Patterns Series
Pages: 582
Product dimensions: 7.50(w) x 9.10(h) x 1.50(d)

About the Author

Eduardo B. Fernandez (FL, USA - is a professor in the Department of Computer Science and Engineering at the Florida Atlantic University in Boca Raton, Florida. Ed has published numerous papers and four books on authorization models, object-oriented analysis & design, and security patterns. He has lectured all over the world at both academic and industrial meetings. His current interests include security patterns, web services, cloud computing security and fault tolerance. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. Ed is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Lucent, and others.

Table of Contents

Foreword xvii

Preface xix

Part I Introduction

Chapter 1 Motivation and Objectives 1

Why Do We Need Security Patterns? 1

Some Basic Definitions 3

The History of Security Patterns 5

Industrial Use of Security Patterns 6

Other Approaches to Building Secure Systems 6

Chapter 2 Patterns and Security Patterns 7

What is a Security Pattern? 7

The Nature of Security Patterns 8

Pattern Descriptions and Catalogs 10

The Anatomy of a Security Pattern 11

Pattern Diagrams 17

How Can We Classify Security Patterns? 17

Pattern Mining 19

Uses for Security Patterns 20

How to Evaluate Security Patterns and their Effect on Security 21

Threat Modeling and Misuse Patterns 22

Fault Tolerance Patterns 22

Chapter 3 A Secure Systems Development Methodology 23

Adding Information to Patterns 23

A Lifecyle-Based Methodology 24

Using Model-Driven Engineering 27

Part II Patterns

Chapter 4 Patterns for Identity Management 31

Introduction 32

Circle of Trust 34

Identity Provider 36

Identity Federation 38

Liberty Alliance Identity Federation 44

Chapter 5 Patterns for Authentication 51

Introduction 51

Authenticator 52

Remote Authenticator/Authorizer 56

Credential 62

Chapter 6 Patterns for Access Control 71

Introduction 71

Authorization 74

Role-Based Access Control 78

Multilevel Security 81

Policy-Based Access Control 84

Access Control List 91

Capability 96

Reified Reference Monitor 100

Controlled Access Session 104

Session-Based Role-Based Access Control 107

Security Logger and Auditor 111

Chapter 7 Patterns for Secure Process Management 117

Introduction 117

Secure Process/Thread 120

Controlled-Process Creator 126

Controlled-Object Factory 129

Controlled-Object Monitor 132

Protected Entry Points 136

Protection Rings 139

Chapter 8 Patterns for Secure Execution and File Management 145

Introduction 145

Virtual Address Space Access Control 146

Execution Domain 149

Controlled Execution Domain 151

Virtual Address Space Structure Selection 156

Chapter 9 Patterns for Secure OS Architecture and Administration 163

Introduction 163

Modular Operating System Architecture 165

Layered Operating System Architecture 169

Microkernel Operating System Architecture 174

Virtual Machine Operating System Architecture 179

Administrator Hierarchy 184

File Access Control 187

Chapter 10 Security Patterns for Networks 193

Introduction 194

Abstract Virtual Private Network 195

IP Sec VPN 200

TLS Virtual Private Network 202

Transport Layer Security 205

Abstract IDS 214

Signature-Based IDS 219

Behavior-Based IDS 224

Chapter 11 Patterns for Web Services Security 231

Introduction 231

Application Firewall 234

XML Firewall 242

XACML Authorization 248

XACML Access Control Evaluation 254

Web Services Policy Language 260

WS-Policy 263

WS-Trust 272

SAML Assertion 279

Chapter 12 Patterns for Web Services Cryptography 285

Introduction 286

Symmetric Encryption 288

Asymmetric Encryption 295

Digital Signature with Hashing 301

XML Encryption 309

XML Signature 317

WS-Security 330

Chapter 13 Patterns for Secure Middleware 337

Introduction 337

Secure Broker 339

Secure Pipes and Filters 347

Secure Blackboard 353

Secure Adapter 358

Secure Three-Tier Architecture 362

Secure Enterprise Service Bus 366

Secure Distributed Publish/Subscribe 372

Secure Model-View-Controller 375

Chapter 14 Misuse Patterns 383

Introduction 383

Worm 390

Denial-of-Service in VoIP 397

Spoofing Web Services 403

Chapter 15 Patterns for Cloud Computing Architecture 411

Introduction 411

Infrastructure-as-a-Service 413

Platform-as-a-Service 423

Software-as-a-Service 431

Part III Use of the Patterns

Chapter 16 Building Secure Architectures 441

Enumerating Threats 442

The Analysis Stage 445

The Design Stage 448

Secure Handling of Legal Cases 451

SCADA Systems 459

Medical Applications 466

Conclusions 478

Chapter 17 Summary and the Future of Security Patterns 479

Summary of Patterns 479

Future Research Directions for Security Patterns 494

Security Principles 496

The Future 497

Appendix A Pseudocode for XACML Access Control Evaluation 499

Glossary 501

References 509

Index of Patterns 543

Index 547

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews