Markus Schumacher - Security Patterns: Integrating Security and Systems Engineering

Security Patterns

Copyright 2006 John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England
Telephone (+44) 1243 779777

Email (for orders and customer service enquiries):
Visit our Home Page on www.wiley.com

All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the Permissions Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to , or faxed to (+44) 1243 770620.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The Publisher is not associated with any product or vendor mentioned in this book.

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Other Wiley Editorial Offices

John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA

Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA

Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany

John Wiley & Sons Australia Ltd, 42 McDougall Street, Milton, Queensland 4064, Australia

John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809

John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data

Security patterns : integrating security and systems engineering / Markus Schumacher [et al.].
p. cm.
Includes bibliographical references and index.
ISBN-13: 978-0-470-85884-4 (cloth : alk. paper)
ISBN-10: 0-470-85884-2 (cloth : alk. paper)
1. Computer security. 2. Systems engineering. I. Schumacher, Markus.

QA76.9.A25S438 2005
005.8dc22
2005026865

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN-13 978-0-470-85884-4 (HB)
ISBN-10 0-470-85884-2 (HB)

For you, dear reader! Go and create secure software systems.
Markus

To Minjie, Lian, and Anna.
Eduardo

For my wife, Diane, for making considerable sacrifice to allow me to work on this book.
Duane

For Martina, Beb, and Anna.
Frank

For Andrea.
Peter

Foreword

Security has become an important topic for many software systems. With the growing success of the Internet, computer and software systems have become more and more networked. Researchers are already developing scenarios in which millions of devices are connected and cooperatively running web-based commerce, government, health, and other types of security-sensitive systems. Much of the research effort in these scenarios is devoted to security aspects.

What could happen if, in a pervasive health scenario, cardiology data collected by wireless sensors attached to your body and pre-processed by software on your PDA is intercepted and manipulated by an unauthorized person during its transmission to your doctor? Or think of a scenario in which the software in your car is updated remotely because an attacker has compromised the manufacturers servers. What if your car, which has just been updated, no longer brakes, but instead activates its drive-by-wire accelerator? What if, in the near future, the control tower that just took over handling of the aircraft in which you are a passenger discovers that the plane no longer does what the pilots or the tower want, but, instead, what some hijackers want it to do? Perhaps worst of all, think about potential for disaster should someone maliciously take over control of a nuclear power plant

You simply do not want these things to happen! In other words, you require the system to ensure a proper level of confidentiality and integrity before you trust and use it.

Although the importance of security is widely acknowledged, only a few projects address it with the appropriate priority. Security is still an afterthought in many projects. Check the latest security articles in your favorite IT magazine, and you will find reports of successful intrusions into, or denial of service attacks against, all sorts of enterprise-level systemswhich, ironically enough, are often not performed by experts, but by high-school kids or students via very simple measures like scripts.

So why is there this discrepancy between the acknowledgement of security and its prioritization in software development? Certainly not because security is still an unexplored field in software. Moreover, security requirements are often expressed vaguely or not at all, and software architectures often expose limited security-related decisions. To survive in todays networked and open computing world, it is crucial to go beyond the realms of authentication.

Project managers, software architects, developers, testers, and other stakeholders of a software system need to ensure that security is an integral part of all software projects.

This is where the book you are holding steps in. Unlike other books on the market that tend to cover the latest research ideas and new security technologies, this new book covers real-world knowledge and experience from international security experts. It uses patterns, a successful and widely adopted technology for describing, communicating, and sharing knowledge. The authors guide you through the field of security, address key questions, and clearly show you how to build secure systems, and present corresponding proven solutions.

For example, how do you identify an organizations or systems security needs, and how do you define an appropriate security approach to meet these needs? Is confidentiality a security property you need in your system, or integrity, availability, or accountability? Or even a mixture of the four? And how do you ensure these properties by appropriate means of prevention, detection, and response? Via identification and authentication (I&A)? Or do you also need a means of access control and authorization in your systems, or even accounting and auditing? And how do all services interact to provide a consistent and coherent security concept for your system? Once you know what security services you need and how they interoperate, what are their different realization options? For example, is a password-based or a PKI-based I&A appropriate to meet your security needs? And what different options are available to you? Smart cards? RFID tags? Or is it sufficient that you provide a log-on service for your system that requests your user ID and password?