Join us on:
Facebook
LinkedIn
Plaxo

T26. Designing Secure Architectures using Security Patterns

Eduardo B. Fernandez, Florida Atlantic University

Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. We consider the structure and purpose of security patterns, show a variety of security patterns, and illustrate their use in the construction of secure systems, emphasizing systems using web services. These patterns include among others Authentication, Authorization, Role-based Access Control, Identity, XACML, SAML, WS-Security, XML Encryption, XML Digital Signature, and XML Firewall. We introduce patterns in a conceptual way, relating them to their functions and to the system architecture, pure enumerations are not useful to designers. We show how to apply these patterns through a secure system development method. The patterns are shown using UML models and some examples are taken from my book "Security Patterns" (Wiley, 2006).

Objectives:

Attendees will be able to understand the idea behind security patterns, get acquainted with some of them, and use them to build secure systems.

Format:

Mostly slide-based lecturing. In addition, the instructor will show the detailed structure of a security pattern and will assign an exercise in pattern building.

Audience: Researchers, Practitioners
Please email any questions to . This e-mail address is being protected from spambots. You need JavaScript enabled to view it