CHAPTER 16
Building Secure Architectures
Design in art, is a recognition of the relation between various things, various elements in the creative flux. You can’t invent a design. You recognize it, in the fourth dimension. That is, with your blood and your bones, as well as with your eyes.
D H Lawrence
We present now some examples of how the patterns we have described in this book can be used to build secure architectures. We use the methodology we presented in Chapter 3, although other methodologies are also possible. It is even possible not to use any methodology, but in this case the application of the patterns depends entirely on the experience and knowledge of the designer. We first expand some aspects of our methodology, then show four examples taken from different types of applications, from financial [Bra08a], control [Fer10d], legal [Fer07c] and medical domains[Fer05g] [Fer12b] [Sor04] [Sor05].
The examples show the use of the patterns in the following stages of the application lifecycle:
Requirements stage. Use cases define the required interactions with the system. We study each action within a use case and see which attacks are possible. We then determine which policies would stop these attacks. From the use cases we can also determine the required rights for each actor, and thus apply a need-to-know policy.Get Security Patterns in Practice: Designing Secure Architectures Using Software Patterns now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
