If a process execution environment is uncontrolled, processes can scavenge information by searching memory and accessing the disk drives where files reside. They might also take control of the operating system itself, in which case they have access to everything. Use AUTHORIZATION (245) to define the rights of a subject. From these rights we can set up the rights of processes running on behalf of the subject. Process requests are validated by CONTROLLED OBJECT MONITOR (335) or REFERENCE MONITOR (256) respectively.
This pattern addresses how to specify the rights of processes with respect to a new object. When a process creates a new object through a factory (see FACTORY METHOD and ABSTRACT FACTORY [GoF95]), the request includes the features of the new object. These features include a list of rights to access the object.
This pattern addresses how to control access by a process to an object. Use a reference monitor to intercept access requests from processes. The reference monitor checks whether the process has the requested type of access to the object.
This pattern addresses how to define and grant appropriate access rights for a new process.
This pattern addresses how to control access by processes to specific areas of their virtual address space (VAS) according to a set of predefined access types. Divide the VAS into segments that correspond to logical units in the programs. Use special words (descriptors) to represent access rights for these segments.
Credential provides secure portable means of recording authentication and authorization information for use in distributed systems.
A Credential Tokenizer encapsulates different types of user credentials as a security token that can be reusable across different security providers.
Data passes between a client and a Web service, sometimes through one or more intermediaries. Messages may also be kept in repositories, such as message queues or databases. Some of the data within the messages is considered to be sensitive in nature. There is a risk that an attacker can gain access to sensitive data, either by eavesdropping on the network or accessing a repository.
Data passes between a client and a Web service, sometimes through one or more intermediaries. The data contained in the request message from the client influences the Web service’s behavior. There is a risk that an attacker could manipulate messages in transit between the client and the Web service to maliciously alter the behavior of the Web service. Message manipulation can take the form of data modification within the message, or even substitution of credentials, to change the apparent source of the request message.