Abstract:

Systems are often developed without security in mind. This omission is primarily because the application programmer is focusing more on trying to learn the domain rather than worrying about how to protect the system. In these cases, security is usually the last thing he or she needs or wants to worry about. When the time arrives to deploy these systems, it quickly becomes apparent that adding security is much harder than just adding a password protected login screen. This tutorial will present a collection of patterns to be used when dealing with application security. Secure Access Layer provides an interface for applications to use the security of the systems on which they are built. Single Access Point limits entry into the application through one single point. Check Point gives the developer a way to handle an unknown or changing security policy. Groups of users have different Roles that define what they can and cannot do. The global information about the user is distributed throughout the application with a Session. Finally, users are presented with either a Limited View of legal options or are given a Full View With Errors. These patterns work to provide a security framework for building applications.

Outline:

Introduction (5 mins)
Motivation a few examples (10-15 mins)
General Problem
General Solution
Architectural Elements for Application Secuirty (30 mins)
A Description of the Patterns in Action with Examples (60 mins)
Implementation Issues (30-45 mins)
Advantages and Disadvantages (15 mins)
Other Alternatives - Related Ideas and Architectures (15 mins)
Summary and Questions (10-15 mins)

Duration: Half-day

Level: Intermediate