| |
| |
| |
| The Pattern Approach | |
| |
| |
| Patterns at a Glance | |
| |
| |
| No Pattern is an Island | |
| |
| |
| Patterns Everywhere | |
| |
| |
| Humans are the Target | |
| |
| |
| Patterns Resolve Problems and Shape Environments | |
| |
| |
| Towards Pattern Languages | |
| |
| |
| Documenting Patterns | |
| |
| |
| A Brief Note on The History of Patterns | |
| |
| |
| The Pattern Community and its Culture | |
| |
| |
| |
| Security Foundations | |
| |
| |
| Overview | |
| |
| |
| Security Taxonomy | |
| |
| |
| General Security Resources | |
| |
| |
| |
| Security Patterns | |
| |
| |
| The History of Security Patterns | |
| |
| |
| Characteristics of Security Patterns | |
| |
| |
| Why Security Patterns? | |
| |
| |
| Sources for Security Pattern Mining | |
| |
| |
| |
| Patterns Scope and Enterprise Security | |
| |
| |
| The Scope of Patterns in the Book | |
| |
| |
| Organization Factors | |
| |
| |
| Resulting Organization | |
| |
| |
| Mapping to the Taxonomy | |
| |
| |
| Organization in the Context of an Enterprise Framework | |
| |
| |
| |
| The Security Pattern Landscape | |
| |
| |
| Enterprise Security and Risk Management Patterns | |
| |
| |
| Identification & Authentication (I&A) Patterns | |
| |
| |
| Access Control Model Patterns | |
| |
| |
| System Access Control Architecture Patterns | |
| |
| |
| Operating System Access Control Patterns | |
| |
| |
| Accounting Patterns | |
| |
| |
| Firewall Architecture Patterns | |
| |
| |
| Secure Internet Applications Patterns | |
| |
| |
| Cryptographic Key Management Patterns | |
| |
| |
| Related Security Pattern Repositories Patterns | |
| |
| |
| |
| Enterprise Security and Risk Management | |
| |
| |
| Security Needs Identification for Enterprise Assets | |
| |
| |
| Asset Valuation | |
| |
| |
| Threat Assessment | |
| |
| |
| Vulnerability Assessment | |
| |
| |
| Risk Determination | |
| |
| |
| Enterprise Security Approaches | |
| |
| |
| Enterprise Security Services | |
| |
| |
| Enterprise Partner Communication | |
| |
| |
| |
| Identification and Authentication (I&A) | |
| |
| |
| I&A Requirements | |
| |
| |
| Automated I&A Design Alternatives | |
| |
| |
| Password Design and Use | |
| |
| |
| Biometrics Design Alternatives | |
| |
| |
| |
| Access Control Models | |
| |
| |
| Authorization | |
| |
| |
| Role-Based Access Control | |
| |
| |
| Multilevel Security | |
| |
| |
| Reference Monitor | |
| |
| |
| Role Rights Definition | |
| |
| |
| |
| System Access Control Architecture | |
| |
| |
| Access Control Requirements | |
| |
| |
| Single Access Point | |
| |
| |
| Check Point | |
| |
| |
| Security Session | |
| |
| |
| Full Access with Errors | |
| |
| |
| Limited Access | |
| |
| |
| |
| Operating System Access Control | |
| |
| |
| Authenticator | |
| |
| |
| Controlled Process Creator | |
| |
| |
| Controlled Object Factory | |
| |
| |
| Controlled Object Monitor | |
| |
| |
| Controlled Virtual Address Space | |
| |
| |
| Execution Domain | |
| |
| |
| Controlled Execution Environment | |
| |
| |
| File Authorization | |
| |
| |
| |
| Accounting | |
| |
| |
| Security Accounting Requirements | |
| |
| |
| Audit Requirements | |
| |
| |
| Audit Trails and Logging Requirements | |
| |
| |
| Intrusion Detection Requirements | |
| |
| |
| Non-Repudiation Requirements | |
| |
| |
| |
| Firewall Architectures | |
| |
| |
| Packet Filter Firewall | |
| |
| |
| Proxy-Based Firewall | |
| |
| |
| Stateful Firewall | |
| |
| |
| |
| Secure Internet Applications | |
| |
| |
| Information Obscurity | |
| |
| |
| Secure Channels | |
| |
| |
| Known Partners | |
| |
| |
| Demilitarized Zone | |
| |
| |
| Protection Reverse Proxy | |
| |
| |
| Integration Reverse Proxy | |
| |
| |
| Front Door | |
| |
| |
| |
| Case Study: IP Telephony | |
| |
| |
| IP Telephony at a Glance | |
| |
| |
| The Fundamentals of IP Telephony | |
| |
| |
| Vulnerabilities of IP Telephony Components | |
| |
| |
| IP Telephony Use Cases | |
| |
| |
| Securing IP telephony with patterns | |
| |
| |
| Applying Individual Security Patterns | |
| |
| |
| Conclusion | |
| |
| |
| |
| Supplementary Concepts | |
| |
| |
| Security Principles and Security Patterns | |
| |
| |
| Enhancing Security Patterns with Misuse Cases | |
| |
| |
| |
| Closing Remarks | |
| |
| |
| References | |
| |
| |
| Index | |