Architectural Patterns for Enabling Application Security

By: J. Yoder, J. Barcalow
Published in: PLoPD4
Pages: 301-336
Category: Architectural, Security

Summary: Early design decisions allow application security to be added later and enable system evolution to meet changing security requirements.

Url: http://www.joeyoder.com/papers/

Pattern: Single Access Point

Pages: 303-306

It's difficult to make an application secure when there are many entry points. Set up one and only one way to get into the system and, if necessary, create a mechanism for deciding which sub-applications to launch.

• Singleton [Gamma+95] can implement this pattern.
• Use Check Point to verify user information.
• Use Session to track global information about the user's interaction with the system.

Pattern: Check Point

Pages: 307-312

You're using Single Access Point. To verify user information, create an object that encapsulates the algorithm for the security policy to handle all security checks. Use Session and Roles

• This pattern implements Strategy [Gamma+95]

Pattern: Roles

Pages: 312-316

Users have different security profiles. To manage different user-privilege relationships, create one or more role objects that define the permissions and access rights for different user groups.

Pattern: Session

Pages: 316-320

You're using Check Point. Many objects need access to shared variables. Create a Session object that holds all global information for a current user's interaction with the system.

• Thread-Specific Storage allows multiple threads to use one logically global access point to retrieve thread-specific data.
• Double-Checked Locking can be used with multitasking or parallelism.

Pattern: Full View with Errors

Pages: 320-323

You're using Roles. Applications may provide many ways to view data. Some operations may not be legal in a given state. When a user performs an illegal operation, display an error message.

• Limited View provides an alternative solution.
• CHECKS: A Pattern Language of Information Integrity###CHECKS provides more information on error notification.

Pattern: Limited View

Pages: 323-329

You're using Roles. Applications may provide many ways to view data. Some operations may not be legal in a given state. Allow users to see only what they have access to. Provide only the selections and menus their privileges permit.

• Full View with Errors describes an alternate solution.
• CHECKS: A Pattern Language of Information Integrity###CHECKS provides more on error notification.

Pattern: Secure Access Layer

Pages: 329-332

Most applications are integrated with other systems. No application can be secure if it is not properly integrated with the security of the systems it uses. Build your application's security around operating system, networking, and database security mechanisms. Build a secure access layer for communicating with the program on a secure lower-level.

• Layered Architecture [Shaw95], Layers