Learn to combine security theory and code to produce secure systems

Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML.

• Provides an extensive, up-to-date catalog of security patterns
• Shares real-world case studies so you can see when and how to use security patterns in practice
• Details how to incorporate security from the conceptual stage
• Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and more
• Author is well known and highly respected in the field of security and an expert on security patterns

Security Patterns in Practice shows you how to confidently develop a secure system step by step.

Everything you need to build sophisticated security controls into every phase of your software lifecycle

In today's world of mobile networking and remote sensing, cloud computing and web interfacing, applications and the networks they run on have never been more complex. Nor have they ever been more vulnerable to attack.

Despite the vast amounts spent each year on system security, the number and scope of attacks on websites and databases worldwide continues to escalate.

Clearly, what's needed is a more systematic approach to security that the piecemeal methodology followed since the early 1990sa holistic, case-based approach based on best practices and proven solutions to the full array of modern security threats.

Written by one of the world's leading experts on the subject, Security Patterns in Practice supplies you with just such approach.

With the help of numerous, real-world case studies, author Eduardo B. Fernandez show you how to incorporate security into every phase of the software lifecyclefrom concept to design to implementation and reengineeringusing security patterns.

Dr. E. B. Fernandez also supplies you with a vast catalog of up-to-date security patternsalong with detailed implementation advice and descriptions in UMLcovering the full range of modern security issues, including:

• Identity management
• Access control
• Network security and web services security
• Cloud computing security
• Authentication
• Process management
• Web services cryptography
• Building secure architecture

Security Patterns in Practice arms you with everything you need to confidently develop or reengineer the most secure applications possible, without having to become a security expert.

Preface xix

Part I Introduction

Chapter 1 Motivation and Objectives 1

Chapter 2 Patterns and Security Patterns 7

Chapter 3 A Secure Systems Development Methodology 23

Part II Patterns Chapter 4 Patterns for Identity Management 31

Chapter 5 Patterns for Authentication 51

Chapter 6 Patterns for Access Control 71

Chapter 7 Patterns for Secure Process Management 117

Chapter 8 Patterns for Secure Execution and File Management 145

Chapter 9 Patterns for Secure OS Architecture and Administration 163

Chapter 10 Security Patterns for Networks 193

Chapter 11 Patterns for Web Services Security 231

Chapter 12 Patterns for Web Services Cryptography 285

Chapter 13 Patterns for Secure Middleware 337

Chapter 14 Misuse Patterns 383

Chapter 15 Patterns for Cloud Computing Architecture 411

Part III Use of the Patterns

Chapter 16 Building Secure Architectures 441

Chapter 17 Summary and the Future of Security Patterns 479

Appendix A Pseudocode for XACML Access Control Evaluation 499

Glossary 501

References 509

Index of Patterns 543

Index 547