Security Patterns - Integrating Security and Systems Engineering
- Essential for designers building large-scale systems who want best practice solutions to typical security problems
- Real world case studies illustrate how to use the patterns in specific domains
For more information visit www.securitypatterns.org
- Markus Schumacher, SAP AG, Germany,
- Eduardo Fernandez-Buglioni, Florida Atlantic University, USA,
- Duane Hybertson, The MITRE Corp, USA,
- Frank Buschmann, Siemens AG, Germany,
- Peter Sommerlad, Hochschule für Technik Rapperswil, Germany
Table of Contents
Patterns at a Glance.
No Pattern is an Island.
Humans are the Target.
Patterns Resolve Problems and Shape Environments.
Towards Pattern Languages.
A Brief Note on The History of Patterns.
The Pattern Community and its Culture.
Chapter 2: Security Foundations.
General Security Resources.
Chapter 3: Security Patterns.
The History of Security Patterns.
Characteristics of Security Patterns.
Why Security Patterns?
Sources for Security Pattern Mining.
Chapter 4: Patterns Scope and Enterprise Security.
The Scope of Patterns in the Book.
Mapping to the Taxonomy.
Organization in the Context of an Enterprise Framework.
Chapter 5: The Security Pattern Landscape.
Enterprise Security and Risk Management Patterns.
Identification & Authentication (I&A) Patterns.
Access Control Model Patterns.
System Access Control Architecture Patterns.
Operating System Access Control Patterns.
Firewall Architecture Patterns.
Secure Internet Applications Patterns.
Cryptographic Key Management Patterns.
Related Security Pattern Repositories Patterns.
Chapter 6: Enterprise Security and Risk Management.
Security Needs Identification for Enterprise Assets.
Enterprise Security Approaches.
Enterprise Security Services.
Enterprise Partner Communication.
Chapter 7: Identification and Authentication (I&A).
Automated I&A Design Alternatives.
Password Design and Use.
Biometrics Design Alternatives.
Chapter 8: Access Control Models.
Role-Based Access Control.
Role Rights Definition.
Chapter 9: System Access Control Architecture.
Access Control Requirements.
Single Access Point.
Full Access with Errors.
Chapter 10: Operating System Access Control.
Controlled Process Creator.
Controlled Object Factory.
Controlled Object Monitor.
Controlled Virtual Address Space.
Controlled Execution Environment.
Chapter 11: Accounting.
Security Accounting Requirements.
Audit Trails and Logging Requirements.
Intrusion Detection Requirements.
Chapter 12: Firewall Architectures.
Packet Filter Firewall.
Chapter 13: Secure Internet Applications.
Protection Reverse Proxy.
Integration Reverse Proxy.
Chapter 14: Case Study: IP Telephony.
IP Telephony at a Glance.
The Fundamentals of IP Telephony.
Vulnerabilities of IP Telephony Components.
IP Telephony Use Cases.
Securing IP telephony with patterns.
Applying Individual Security Patterns.
Chapter 15: Supplementary Concepts.
Security Principles and Security Patterns.
Enhancing Security Patterns with Misuse Cases.
Chapter 16: Closing Remarks.
Sign up now »
- FTTechnical Business AnalystNSW
- FTSenior Python DeveloperNSW
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTR&D EngineerSA
- FTLead Software EngineerSA
- FTFlash / ActionScript Developer - ContractNSW
- FTQuality ManagerSA
- FTOS Web Applications DeveloperNSW
- FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
Learn how others have delivered industry-leading, multi-platform management and security solutions. In this whitepaper, we look how app developers can develop, deploy and manage apps that enterprises can rely on ...
The nature of work has changed fundamentally and forever and it continues to evolve rapidly. Geographic distance and ...
"Suggesting that people's "purpose is to get information to flow through the ..."
Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey
- Analytics and personalisation drive leading marketer behaviour: Report
- Innovation and big data take centre stage during CMO panel
- Twitter targets second screen interaction with Amplify advertising partnerships
- Facebook talks hyper-targeting, analytics and cross-platform at AANA event
- Tapping into social experience: Tourism Australia