Learn to combine security theory and code to produce secure systems
Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML.
- Provides an extensive, up-to-date catalog of security patterns
- Shares real-world case studies so you can see when and how to use security patterns in practice
- Details how to incorporate security from the conceptual stage
- Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, Vo IP, web services security, and more
- Author is well known and highly respected in the field of security and an expert on security patterns
Security Patterns in Practice shows you how to confidently develop a secure system step by step.
Содержание
Foreword xvii
Preface xix
Part I Introduction
Chapter 1 Motivation and Objectives 1
Chapter 2 Patterns and Security Patterns 7
Chapter 3 A Secure Systems Development Methodology 23
Part II Patterns Chapter 4 Patterns for Identity Management 31
Chapter 5 Patterns for Authentication 51
Chapter 6 Patterns for Access Control 71
Chapter 7 Patterns for Secure Process Management 117
Chapter 8 Patterns for Secure Execution and File Management 145
Chapter 9 Patterns for Secure OS Architecture and Administration 163
Chapter 10 Security Patterns for Networks 193
Chapter 11 Patterns for Web Services Security 231
Chapter 12 Patterns for Web Services Cryptography 285
Chapter 13 Patterns for Secure Middleware 337
Chapter 14 Misuse Patterns 383
Chapter 15 Patterns for Cloud Computing Architecture 411
Part III Use of the Patterns
Chapter 16 Building Secure Architectures 441
Chapter 17 Summary and the Future of Security Patterns 479
Appendix A Pseudocode for XACML Access Control Evaluation 499
Glossary 501
References 509
Index of Patterns 543
Index 547
Об авторе
Eduardo B. Fernandez (FL, USA — www.cse.fau.edu/~ed) is a professor in the Department of Computer Science and Engineering at the Florida Atlantic University in Boca Raton, Florida. Ed has published numerous papers and four books on authorization models, object-oriented analysis & design, and security patterns. He has lectured all over the world at both academic and industrial meetings. His current interests include security patterns, web services, cloud computing security and fault tolerance. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. Ed is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Lucent, and others.