Security Patterns


Security Patterns

Design pattern (computer science) can be applied to achieve goals in the area of security. Every classical design pattern has different instantiations to fulfill some of the Information security goals as confidentiality, integrity or availability. Additionally one can add new design pattern specifically to achieve some security goals.

= Existing Security Pattern =
The Open Group provides a set of documented security pattern.

Available System Patterns

This are pattern that are concerned with the availability of the assets. The assets are either services or resources offered to users.

"Check pointed System" pattern describes a design to use Replication (computer science) and recover when a component fails.

"Standby pattern" has the goal to provide a fall back component able to resume the service of the failing component.

"Comparator-checked fault tolerant system" pattern provides a way to monitor the failure free behavior of a component.

"Replicated system" pattern describes a design of redundant components and a mean of load balancing and redirection in between to decrease the chance of non availability of the service.

"Error detection/correction" pattern has the goal to deduce errors and possibly correct them to guarantee correct information exchange or storage.

Protected System Patterns

This is a set of patterns concerned with the confidentiality and integrity of information by providing means to manage access and usage of the sensitive data.

The "protected system" pattern provides some reference monitor or enclave that owns the resources and therefor must be bypassed to get access. The monitor enforces as the single point a policy. The GoF refers to it as "Protection Proxy".

The "policy pattern" is an architecture to decouple the policy from the the normal resource code. An authenticated user owns a security context (erg. a role) that is passed to the guard of resource. The guard checks inside the policy whether the context of this user and the rules match and provides or denies access to the resource.

The "authenticator" pattern is also known as the Pluggable Authentication Modules or Java Authentication and Authorization Service (JAAS).

"Subject descriptor" pattern

"Secure Communication" is similar to Single sign-on, RBAC

"Security Context" is a combination of the communication protection proxy, security context and subject descriptor pattern.

"Security Association" is an extension of the secure communication pattern.

"Secure Proxy" pattern can be used for defense in depth.

= External links =
* [http://www.opengroup.org/publications/catalog/g031.htm The Open Group Security Pattern Guide]
* [http://www.modsecurity.org/archive/securitypatterns/ The Modsecurity Patterns for Web Applications]

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Security printing — is the field of the printing industry that deals with the printing of items such as banknotes, passports, tamper evident labels, stock certificates, postage stamps and identity cards. The main goal of security printing is to prevent forgery,… …   Wikipedia

  • Security hologram — 5000/10000 notes, etc. They are also used in credit and bank cards as well as quality products.Holograms are classified into different types with reference to the degree of level of optical security incorporated in them during the process of… …   Wikipedia

  • security — /si kyoor i tee/, n., pl. securities, adj. n. 1. freedom from danger, risk, etc.; safety. 2. freedom from care, anxiety, or doubt; well founded confidence. 3. something that secures or makes safe; protection; defense. 4. freedom from financial… …   Universalium

  • Patterns of Force (Star Trek) — NOTOC ST episode name = Patterns of Force The Enterprise visits the Nazi planet Ekos series = TOS ep num = 50 prod num = 052 remas. num = 31 date = February 16, 1968 writer = John Meredyth Lucas director = Vincent McEveety guest = David Brian… …   Wikipedia

  • security and protection system — Introduction       any of various means or devices designed to guard persons and property against a broad range of hazards, including crime, fire, accidents, espionage, sabotage, subversion, and attack.       Most security and protection systems… …   Universalium

  • security —    Operating system controls used by the network administrator to limit users access to approved areas.    The National Security Agency document called Trusted Computer System Evaluation Criteria (TCSEC) specifies security levels that vendors… …   Dictionary of networking

  • Attack patterns — In computer science, attack patterns are a group of rigorous methods for finding bugs or errors in code related to computer security.Attack patterns are often used for testing purposes and are very important for ensuring that potential… …   Wikipedia

  • WS-Security — (Web Services Security) is a communications protocol providing a means for applying security to Web services. On April 19 2004 the WS Security 1.0 standard was released by Oasis Open. On February 17 2006 they released version 1.1.Originally… …   Wikipedia

  • United Nations Security Council — Security Council redirects here. For other uses, see Security Council (disambiguation). UNSC redirects here. For other uses, see UNSC (disambiguation). United Nations Security Council مجلس أمن الأمم ال …   Wikipedia