Security Patterns: Integrating Security and Systems Engineering

摘要: Chapter 1: The Pattern Approach. Patterns at a Glance. No is an Island. Everywhere. Humans are the Target. Resolve Problems and Shape Environments. Towards Languages. Documenting Patterns. A Brief Note on History of Community its Culture. 2: Security Foundations. Overview. Taxonomy. General Resources. 3: Characteristics Why Patterns? Sources for Mining. 4: Scope Enterprise Security. in Book. Organization Factors. Resulting Organization. Mapping to Context Framework. 5: Landscape. Risk Management Identification & Authentication (I&A) Access Control Model System Architecture Operating Accounting Firewall Secure Internet Applications Cryptographic Key Related Repositories 6: Management. Needs Assets. Asset Valuation. Threat Assessment. Vulnerability Determination. Approaches. Services. Partner Communication. 7: (I&A). I&A Requirements. Automated Design Alternatives. Password Use. Biometrics 8: Models. Authorization. Role-Based Control. Multilevel Reference Monitor. Role Rights Definition. 9: Architecture. Single Point. Check Session. Full with Errors. Limited Access. 10: Authenticator. Controlled Process Creator. Object Factory. Virtual Address Space. Execution Domain. Environment. File 11: Accounting. Audit Trails Logging Intrusion Detection Non-Repudiation 12: Architectures. Packet Filter Firewall. Proxy-Based Stateful 13: Applications. Information Obscurity. Channels. Known Partners. Demilitarized Zone. Protection Reverse Proxy. Integration Front Door. 14: Case Study: IP Telephony. Telephony Fundamentals Vulnerabilities Components. Use Cases. Securing telephony patterns. Applying Individual Conclusion. 15: Supplementary Concepts. Principles Enhancing Misuse 16: Closing Remarks. References. Index.