Security Patterns in Practice : Designing Secure Architectures Using Software Patterns.
Material type: TextSeries: Wiley Software Patterns SerPublisher: New York : John Wiley & Sons, Incorporated, 2013Copyright date: ©2013Edition: 1st edDescription: 1 online resource (959 pages)Content type: text Media type: computer Carrier type: online resourceISBN: 9781119970484Subject(s): Computer architectureGenre/Form: Electronic books.Additional physical formats: Print version:: Security Patterns in Practice : Designing Secure Architectures Using Software PatternsDDC classification: 005.8 LOC classification: TK5105.59Online resources: Click to ViewCover -- Half Title page -- Title page -- Copyright page -- Dedication -- About the Author -- About the Foreword Author -- Foreword -- Preface -- Part I: Introduction -- Chapter 1: Motivation and Objectives -- 1.1 Why Do We Need Security Patterns? -- 1.2 Some Basic Definitions -- 1.3 The History of Security Patterns -- 1.4 Industrial Use of Security Patterns -- 1.5 Other Approaches to Building Secure Systems -- Chapter 2: Patterns and Security Patterns -- 2.1 What is a Security Pattern? -- 2.2 The Nature of Security Patterns -- 2.3 Pattern Descriptions and Catalogs -- 2.4 The Anatomy of a Security Pattern -- 2.5 Pattern Diagrams -- 2.6 How Can We Classify Security Patterns? -- 2.7 Pattern Mining -- 2.8 Uses for Security Patterns -- 2.9 How to Evaluate Security Patterns and their Effect on Security -- 2.10 Threat Modeling and Misuse Patterns -- 2.11 Fault Tolerance Patterns -- Chapter 3: A Secure Systems Development Methodology -- 3.1 Adding Information to Patterns -- 3.2 A Lifecyle-Based Methodology -- 3.3 Using Model-Driven Engineering -- Part II: Patterns -- Chapter 4: Patterns for Identity Management -- 4.1 Introduction -- 4.2 Circle of Trust -- 4.3 Identity Provider -- 4.4 Identity Federation -- 4.5 Liberty Alliance Identity Federation -- Chapter 5: Patterns for Authentication -- 5.1 Introduction -- 5.2 Authenticator -- 5.3 Remote Authenticator/Authorizer -- 5.4 Credential -- Chapter 6: Patterns for Access Control -- 6.1 Introduction -- 6.2 Authorization -- 6.3 Role-Based Access Control -- 6.4 Multilevel Security -- 6.5 Policy-Based Access Control -- 6.6 Access Control List -- 6.7 Capability -- 6.8 Reified Reference Monitor -- 6.9 Controlled Access Session -- 6.10 Session-Based Role-Based Access Control -- 6.11 Security Logger and Auditor -- Chapter 7: Patterns for Secure Process Management -- 7.1 Introduction -- 7.2 Secure Process/Thread.
7.3 Controlled-Process Creator -- 7.4 Controlled-Object Factory -- 7.5 Controlled-Object Monitor -- 7.6 Protected Entry Points -- 7.7 Protection Rings -- Chapter 8: Patterns for Secure Execution and File Management -- 8.1 Introduction -- 8.2 Virtual Address Space Access Control -- 8.3 Execution Domain -- 8.4 Controlled Execution Domain -- 8.5 Virtual Address Space Structure Selection -- Chapter 9: Patterns for Secure OS Architecture and Administration -- 9.1 Introduction -- 9.2 Modular Operating System Architecture -- 9.3 Layered Operating System Architecture -- 9.4 Microkernel Operating System Architecture -- 9.5 Virtual Machine Operating System Architecture -- 9.6 Administrator Hierarchy -- 9.7 File Access Control -- Chapter 10: Security Patterns for Networks -- 10.1 Introduction -- 10.2 Abstract Virtual Private Network -- 10.3 IPSec VPN -- 10.4 TLS Virtual Private Network -- 10.5 Transport Layer Security -- 10.6 Abstract IDS -- 10.7 Signature-Based IDS -- 10.8 Behavior-Based IDS -- Chapter 11: Patterns for Web Services Security -- 11.1 Introduction -- 11.2 Application Firewall -- 11.3 XML Firewall -- 11.4 XACML Authorization -- 11.5 XACML Access Control Evaluation -- 11.6 Web Services Policy Language -- 11.7 WS-Policy -- 11.8 WS-Trust -- 11.9 SAML Assertion -- Chapter 12: Patterns for Web Services Cryptography -- 12.1 Introduction -- 12.2 Symmetric Encryption -- 12.3 Asymmetric Encryption -- 12.4 Digital Signature with Hashing -- 12.5 XML Encryption -- 12.6 XML Signature -- 12.7 WS-Security -- Chapter 13: Patterns for Secure Middleware -- 13.1 Introduction -- 13.2 Secure Broker -- 13.3 Secure Pipes and Filters -- 13.4 Secure Blackboard -- 13.5 Secure Adapter -- 13.6 Secure Three-Tier Architecture -- 13.7 Secure Enterprise Service Bus -- 13.8 Secure Distributed Publish/Subscribe -- 13.9 Secure Model-View-Controller -- Chapter 14: Misuse Patterns.
14.1 Introduction -- 14.2 Worm -- 14.3 Denial-of-Service in VoIP -- 14.4 Spoofing Web Services -- Chapter 15: Patterns for Cloud Computing Architecture -- 15.1 Introduction -- 15.2 Infrastructure-as-a-Service -- 15.3 Platform-as-a-Service -- 15.4 Software-as-a-Service -- Part III: Use of the Patterns -- Chapter 16: Building Secure Architectures -- 16.1 Enumerating Threats -- 16.2 The Analysis Stage -- 16.3 The Design Stage -- 16.4 Secure Handling of Legal Cases -- 16.5 SCADA Systems -- 16.6 Medical Applications -- 16.7 Conclusions -- Chapter 17: Summary and the Future of Security Patterns -- 17.1 Summary of Patterns -- 17.2 Future Research Directions for Security Patterns -- 17.3 Security Principles -- 17.4 The Future -- Appendix A: Pseudocode for XACML Access Control Evaluation -- A.1 Pseudocode for retrieveApplicablePolicy() -- A.2 Pseudocode for evaluateApplicablePolicy() -- Glossary -- References -- Index of Patterns -- Index.
Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides an extensive, up-to-date catalog of security patterns Shares real-world case studies so you can see when and how to use security patterns in practice Details how to incorporate security from the conceptual stage Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and more Author is well known and highly respected in the field of security and an expert on security patterns Security Patterns in Practice shows you how to confidently develop a secure system step by step.
Description based on publisher supplied metadata and other sources.
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2018. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
There are no comments on this title.