Muutke küpsiste eelistusi

Security Patterns in Practice: Designing Secure Architectures Using Software Patterns [Kõva köide]

2.75/5 (7 hinnangut Goodreads-ist)
(Florida Atlantic University, USA)
  • Formaat: Hardback, 584 pages, kõrgus x laius x paksus: 243x193x36 mm, kaal: 1211 g
  • Sari: Wiley Software Patterns Series
  • Ilmumisaeg: 19-Apr-2013
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119998948
  • ISBN-13: 9781119998945
Teised raamatud teemal:
  • Kõva köide
  • Hind: 55,17 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 64,90 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Security Patterns in Practice: Designing Secure Architectures Using Software PatternsSuurem pilt
  • Formaat: Hardback, 584 pages, kõrgus x laius x paksus: 243x193x36 mm, kaal: 1211 g
  • Sari: Wiley Software Patterns Series
  • Ilmumisaeg: 19-Apr-2013
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119998948
  • ISBN-13: 9781119998945
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119998945.html
Märksõnad:
Learn to combine security theory and code to produce secure systems

Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML.

  • Provides an extensive, up-to-date catalog of security patterns
  • Shares real-world case studies so you can see when and how to use security patterns in practice
  • Details how to incorporate security from the conceptual stage
  • Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and more
  • Author is well known and highly respected in the field of security and an expert on security patterns

Security Patterns in Practice shows you how to confidently develop a secure system step by step.

Foreword xvii
Preface xix
Part I Introduction
Chapter 1 Motivation and Objectives
1(6)
Why Do We Need Security Patterns?
1(2)
Some Basic Definitions
3(2)
The History of Security Patterns
5(1)
Industrial Use of Security Patterns
6(1)
Other Approaches to Building Secure Systems
6(1)
Chapter 2 Patterns and Security Patterns
7(16)
What is a Security Pattern?
7(1)
The Nature of Security Patterns
8(2)
Pattern Descriptions and Catalogs
10(1)
The Anatomy of a Security Pattern
11(6)
Pattern Diagrams
17(1)
How Can We Classify Security Patterns?
17(2)
Pattern Mining
19(1)
Uses for Security Patterns
20(1)
How to Evaluate Security Patterns and their Effect on Security
21(1)
Threat Modeling and Misuse Patterns
22(1)
Fault Tolerance Patterns
22(1)
Chapter 3 A Secure Systems Development Methodology
23(8)
Adding Information to Patterns
23(1)
A Lifecyle-Based Methodology
24(3)
Using Model-Driven Engineering
27(4)
Part II Patterns
Chapter 4 Patterns for Identity Management
31(20)
Introduction
32(2)
Circle of Trust
34(2)
Identity Provider
36(2)
Identity Federation
38(6)
Liberty Alliance Identity Federation
44(7)
Chapter 5 Patterns for Authentication
51(20)
Introduction
51(1)
Authenticator
52(4)
Remote Authenticator/Authorizer
56(6)
Credential
62(9)
Chapter 6 Patterns for Access Control
71(46)
Introduction
71(3)
Authorization
74(4)
Role-Based Access Control
78(3)
Multilevel Security
81(3)
Policy-Based Access Control
84(7)
Access Control List
91(5)
Capability
96(4)
Reified Reference Monitor
100(4)
Controlled Access Session
104(3)
Session-Based Role-Based Access Control
107(4)
Security Logger and Auditor
111(6)
Chapter 7 Patterns for Secure Process Management
117(28)
Introduction
117(3)
Secure Process/Thread
120(6)
Controlled-Process Creator
126(3)
Controlled-Object Factory
129(3)
Controlled-Object Monitor
132(4)
Protected Entry Points
136(3)
Protection Rings
139(6)
Chapter 8 Patterns for Secure Execution and File Management
145(18)
Introduction
145(1)
Virtual Address Space Access Control
146(3)
Execution Domain
149(2)
Controlled Execution Domain
151(5)
Virtual Address Space Structure Selection
156(7)
Chapter 9 Patterns for Secure OS Architecture and Administration
163(30)
Introduction
163(2)
Modular Operating System Architecture
165(4)
Layered Operating System Architecture
169(5)
Microkernel Operating System Architecture
174(5)
Virtual Machine Operating System Architecture
179(5)
Administrator Hierarchy
184(3)
File Access Control
187(6)
Chapter 10 Security Patterns for Networks
193(38)
Introduction
194(1)
Abstract Virtual Private Network
195(5)
IPSec VPN
200(2)
TLS Virtual Private Network
202(3)
Transport Layer Security
205(9)
Abstract IDS
214(5)
Signature-Based IDS
219(5)
Behavior-Based IDS
224(7)
Chapter 11 Patterns for Web Services Security
231(54)
Introduction
231(3)
Application Firewall
234(8)
XML Firewall
242(6)
XACML Authorization
248(6)
XACML Access Control Evaluation
254(6)
Web Services Policy Language
260(3)
WS-Policy
263(9)
WS-Trust
272(7)
SAML Assertion
279(6)
Chapter 12 Patterns for Web Services Cryptography
285(52)
Introduction
286(2)
Symmetric Encryption
288(7)
Asymmetric Encryption
295(6)
Digital Signature with Hashing
301(8)
XML Encryption
309(8)
XML Signature
317(13)
WS-Security
330(7)
Chapter 13 Patterns for Secure Middleware
337(46)
Introduction
337(2)
Secure Broker
339(8)
Secure Pipes and Filters
347(6)
Secure Blackboard
353(5)
Secure Adapter
358(4)
Secure Three-Tier Architecture
362(4)
Secure Enterprise Service Bus
366(6)
Secure Distributed Publish/Subscribe
372(3)
Secure Model-View-Controller
375(8)
Chapter 14 Misuse Patterns
383(28)
Introduction
383(7)
Worm
390(7)
Denial-of-Service in VoIP
397(6)
Spoofing Web Services
403(8)
Chapter 15 Patterns for Cloud Computing Architecture
411(30)
Introduction
411(2)
Infrastructure-as-a-Service
413(10)
Platform-as-a-Service
423(8)
Software-as-a-Service
431(10)
Part III Use of the Patterns
Chapter 16 Building Secure Architectures
441(38)
Enumerating Threats
442(3)
The Analysis Stage
445(3)
The Design Stage
448(3)
Secure Handling of Legal Cases
451(8)
SCADA Systems
459(7)
Medical Applications
466(12)
Conclusions
478(1)
Chapter 17 Summary and the Future of Security Patterns
479(20)
Summary of Patterns
479(15)
Future Research Directions for Security Patterns
494(2)
Security Principles
496(1)
The Future
497(2)
Appendix A Pseudocode for XACML Access Control Evaluation 499(2)
Glossary 501(8)
References 509(34)
Index of Patterns 543(4)
Index 547
Eduardo B. Fernandez (FL, USA - www.cse.fau.edu/~ed) is a professor in the Department of Computer Science and Engineering at the Florida Atlantic University in Boca Raton, Florida. Ed has published numerous papers and four books on authorization models, object-oriented analysis & design, and security patterns. He has lectured all over the world at both academic and industrial meetings. His current interests include security patterns, web services, cloud computing security and fault tolerance. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. Ed is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Lucent, and others.