OOPSLA 2002


Tracks
Technical Program
Tutorials
Workshops
DesignFest
Educators' Symposium
Doctoral Symposium
Demonstrations
Posters
Student Research
Competition

Student Volunteers
Special Events
Exhibits
Housing Information
Registration Information
Transportation

Monday, 4 November – 8:30-12:00 Morning – Convention Ctr - Room 201

7 Building Secure OO Systems - A Practical Guide and Overview

Andrew Schneider
BJSS, as@bjss.co.uk

Security in computer systems is becoming an increasingly important issue, both to managers and customers. As more business and leisure is conducted via electronic means, the 21st century developer will undoubtedly need knowledge in this area. Despite this, for many systems, security is still an afterthought or even more worryingly, completely ignored. This has been highlighted by a number of high profile security breaches, covered in the media. Security is a large domain, so to be effective, developers and architects need a broad understanding of the techniques and technologies available, along with an appreciation of their application.

This tutorial will provide this information and equip attendees with a framework for handling security issues during design, implementation, and deployment of a system. Other topics will include design patterns, common attacks, common design and implementation mistakes, secure coding and design practices, applications of PKI, J2EE Security and XML based security standards, FIPS 140-1, protecting data in-memory, on disk and in databases, applications of TLS/SSL, hardware security modules, vulnerability analysis and risk assessments. The tutorial will include examples and experiences drawn from real life systems.

Attendee background

All attendees wishing to build systems that are more secure and less vulnerable in today's hostile networked environments. Attendees should be developers or architects.

Format

Lecture format with real world examples and group discussion.

Presenter

Andy Schneider wears consultant and architect hats for BJSS, a software services organisation. He has been involved in implementing, designing and leading projects utilising object orientated technology since 1990. His primary interests are complex distributed systems, security and technical management. When wearing his consultant hat he finds himself performing presentations and tutorials on a regular basis. When his architect hat is on he has worked on several major secure systems for key financial organisations.