Security Patterns - Frank Buschmann, Eduardo Fernandez-Buglioni, Duane Hybertson, Markus Schumacher, Peter Sommerlad Blick ins Buch

Security Patterns (eBook)

Integrating Security and Systems Engineering

, , , , (Autoren)

eBook Download: PDF
2006 | 1. Auflage
600 Seiten
Wiley (Verlag)
978-0-470-85885-1 (ISBN)

Lese- und Medienproben

Security Patterns - Frank Buschmann, Eduardo Fernandez-Buglioni, Duane Hybertson, Markus Schumacher, Peter Sommerlad
Ebook-Leseprobe (PDF)
Systemvoraussetzungen
33,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Most security books are targeted at security engineers and specialists. Few show how build security into software. None breakdown the different concerns facing security at different levels of the system: the enterprise, architectural and operational layers. Security Patterns addresses the full spectrum of security in systems design, using best practice solutions to show how to integrate security in the broader engineering process.
  • Essential for designers building large-scale systems who want best practice solutions to typical security problems
  • Real world case studies illustrate how to use the patterns in specific domains

For more information visit www.securitypatterns.org



Markus Schumacher, SAP AG, Germany.

Eduardo Fernandez-Buglioni, Florida Atlantic University, USA.

Duane Hybertson, The MITRE Corp, USA.

Frank Buschmann, Siemens AG, Germany.

Peter Sommerlad, Hochschule für Technik Rapperswil, Germany.

Most security books are targeted at security engineers and specialists. Few show how build security into software. None breakdown the different concerns facing security at different levels of the system: the enterprise, architectural and operational layers. Security Patterns addresses the full spectrum of security in systems design, using best practice solutions to show how to integrate security in the broader engineering process. Essential for designers building large-scale systems who want best practice solutions to typical security problems Real world case studies illustrate how to use the patterns in specific domains For more information visit www.securitypatterns.org

Markus Schumacher, SAP AG, Germany. Eduardo Fernandez-Buglioni, Florida Atlantic University, USA. Duane Hybertson, The MITRE Corp, USA. Frank Buschmann, Siemens AG, Germany. Peter Sommerlad, Hochschule für Technik Rapperswil, Germany.

Chapter 1: The Pattern Approach.

Patterns at a Glance.

No Pattern is an Island.

Patterns Everywhere.

Humans are the Target.

Patterns Resolve Problems and Shape Environments.

Towards Pattern Languages.

Documenting Patterns.

A Brief Note on The History of Patterns.

The Pattern Community and its Culture.

Chapter 2: Security Foundations.

Overview.

Security Taxonomy.

General Security Resources.

Chapter 3: Security Patterns.

The History of Security Patterns.

Characteristics of Security Patterns.

Why Security Patterns?

Sources for Security Pattern Mining.

Chapter 4: Patterns Scope and Enterprise Security.

The Scope of Patterns in the Book.

Organization Factors.

Resulting Organization.

Mapping to the Taxonomy.

Organization in the Context of an Enterprise Framework.

Chapter 5: The Security Pattern Landscape.

Enterprise Security and Risk Management Patterns.

Identification & Authentication (I&A) Patterns.

Access Control Model Patterns.

System Access Control Architecture Patterns.

Operating System Access Control Patterns.

Accounting Patterns.

Firewall Architecture Patterns.

Secure Internet Applications Patterns.

Cryptographic Key Management Patterns.

Related Security Pattern Repositories Patterns.

Chapter 6: Enterprise Security and Risk Management.

Security Needs Identification for Enterprise Assets.

Asset Valuation.

Threat Assessment.

Vulnerability Assessment.

Risk Determination.

Enterprise Security Approaches.

Enterprise Security Services.

Enterprise Partner Communication.

Chapter 7: Identification and Authentication(I&A).

I&A Requirements.

Automated I&A Design Alternatives.

Password Design and Use.

Biometrics Design Alternatives.

Chapter 8: Access Control Models.

Authorization.

Role-Based Access Control.

Multilevel Security.

Reference Monitor.

Role Rights Definition.

Chapter 9: System Access Control Architecture.

Access Control Requirements.

Single Access Point.

Check Point.

Security Session.

Full Access with Errors.

Limited Access.

Chapter 10: Operating System Access Control.

Authenticator.

Controlled Process Creator.

Controlled Object Factory.

Controlled Object Monitor.

Controlled Virtual Address Space.

Execution Domain.

Controlled Execution Environment.

File Authorization.

Chapter 11: Accounting.

Security Accounting Requirements.

Audit Requirements.

Audit Trails and Logging Requirements.

Intrusion Detection Requirements.

Non-Repudiation Requirements.

Chapter 12: Firewall Architectures.

Packet Filter Firewall.

Proxy-Based Firewall.

Stateful Firewall.

Chapter 13: Secure Internet Applications.

Information Obscurity.

Secure Channels.

Known Partners.

Demilitarized Zone.

Protection Reverse Proxy.

Integration Reverse Proxy.

Front Door.

Chapter 14: Case Study: IP Telephony.

IP Telephony at a Glance.

The Fundamentals of IP Telephony.

Vulnerabilities of IP Telephony Components.

IP Telephony Use Cases.

Securing IP telephony with patterns.

Applying Individual Security Patterns.

Conclusion.

Chapter 15: Supplementary Concepts.

Security Principles and Security Patterns.

Enhancing Security Patterns with Misuse Cases.

Chapter 16: Closing Remarks.

References.

Index.

Erscheint lt. Verlag 1.5.2006
Reihe/Serie Wiley Series in Software Design Patterns
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Programmiersprachen / -werkzeuge
Schlagworte Computer Science • Informatik • Programmierung u. Software-Entwicklung • Programming & Software Development • Softwareentwicklung
ISBN-10 0-470-85885-0 / 0470858850
ISBN-13 978-0-470-85885-1 / 9780470858851
Haben Sie eine Frage zum Produkt?
PDFPDF (Adobe DRM)
Größe: 10,7 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Andere eBook-Ausgabe
EPUB (Adobe DRM)
33,99 €
Print-Ausgabe
Buch | Hardcover
48,36 €
Mehr entdecken
aus dem Bereich
Handbuch Unternehmenssicherheit - Klaus-Rainer Müller
Handbuch Unternehmenssicherheit
Umfassendes Sicherheits-, Kontinuitäts- und Risikomanagement mit …

von Klaus-Rainer Müller

eBook Download (2023)
Springer Vieweg (Verlag)
79,99
Hacking u. Security - Michael Kofler; Klaus Gebeshuber; Peter Kloep …
Hacking u. Security
Das umfassende Handbuch

von Michael Kofler; Klaus Gebeshuber; Peter Kloep …

eBook Download (2022)
Rheinwerk Computing (Verlag)
49,90
auf Facebook teilen
bei Twitter
Link zu dieser Seite kopieren