Security Patterns Repository


all | design | requirement | architectural | implementation | procedural

(source: SBHBS06)

Speaker verification is a part-physical, part-behavioral biometric that analyses pat- terns in speech. It compares live speech with a previously-created speech model of a person’s voice. This pattern helps you to design an appropriate speaker verification mechanism to satisfy I&A requirements for a specific domain or situation.

(source: SW07)

Use the specific authorization requirement pattern to specify that a set of users is authorized (or is not authorized) to do or see certain things. Do not use the specific authorization requirement pattern to specify that user authorization is to be configurable; use the configurable authorization requirement pattern for that.

(source: BH04)

Structure a system so that the service provided by one component can be resumed from a different component.

(source: SBHBS06)

A stateful firewall filters incoming and outgoing network traffic in a computer system based on state information derived from past communications. State information generally describes whether the incoming packet is part of a new connection, or a continuing communication whose connection was approved previously. In other words, states describe a context for each packet.

(source: BH04)

Provide access to security-relevant attributes of an entity on whose behalf operations are to be performed.

(source: KE01)

Web site development requires extensive testing to enable availability, protect confidentiality, and ensure integrity. While unit testing can be done on development machines, system and integration testing should take place on machines as similar to the production servers as possible. The use of a staging server enables necessary testing while preventing the outages that often occur when developers and administrators experiment with the live production system on the fly.

(source: SBHBS06)

Threats are the likelihood of, or potential for, hazardous events occurring. They can affect any asset or object on which an enterprise places value. An enterprise threat assessment identifies the threats posed to the enterprise’s assets, and determines the likelihood or frequency of their occurrence.

(source: KETEH01)

A trusted proxy acts on behalf of the user to perform specific actions requiring more privileges than the user possesses. It provides a safe interface by constraining access to the protected resources, limiting the operations that can be performed, or limiting the user’s view to a subset of the data.

(source: HSCTW+06)

A client needs to access one or more Web services that are distributed across a network. The Web services are designed so that access to additional resources (such as databases or other Web services) is encapsulated in the business logic of the Web service. These resources must be protected against unauthorized access.