Security Patterns Repository

Patterns

all | design | requirement | architectural | implementation | procedural

(source: SBHBS06)

This pattern guides an enterprise in selecting security services for protecting its assets, after the required security approaches—prevention, detection, response—have been identified. It helps to establish the level of strength or confidence each security service should offer, based on priorities. Primary examples of such services are identification and authentication, accounting/auditing, access control/authorization, and security management.

(source: BH04)

Add redundancy to data to facilitate later detection of and recovery from errors.

(source: HSCTW+06)

A client is accessing a Web service. The Web service is designed according to the principals of service orientation, which ensures that the boundaries of the service are explicit, and requires that exception information related to the internal implementation of the service is managed within the service.

(source: SBHBS06)

Unauthorized processes could destroy or modify information in files or databases, with obvious results, or could interfere with the execution of other processes. Therefore, define an execution environment for processes, indicating explicitly all the resources that a process can use during its execution, as well as the type of access to the resources.

(source: SBHBS06)

Face recognition is a physical biometric technique that analyzes distinguishing facial features. This pattern helps you to design an appropriate face-recognition mecha- nism to satisfy I&A requirements for a specific domain or situation.

(source: SBHBS06)

This pattern describes how to control access to files in an operating system. Authorized users are the only ones that can use a file in specific ways. Apply AUTHORIZATION (245) to describe access to files by subjects. The protection object is now a file component that may be a directory or a file.

(source: SBHBS06)

Finger image is a physical biometric technique that looks at the patterns found in the tip of the finger. Finger images may be captured by placing a finger on a scanner, or by electronically scanning inked impressions on paper. This pattern helps you to de- sign an appropriate finger image mechanism to satisfy I&A requirements for a spe- cific domain or situation.

(source: Sch03)

To prevent attackers from accessing the internal network, restrict the ingoing and outgoing tra_c at the border between the internal and external network.

(source: SBHBS06)

Web applications and services often need to identify a user and keep track of a user’s session. Integrating several such services allows a single log-in and session context to be provided. A reverse proxy is an ideal point to implement authentication and authorization, by implementing a Web entry server for your back-ends. A sophisticated reverse proxy can even access external back-ends, providing the user’s id and password automatically from a ‘password wallet.’