security as a architectural concern
play

Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] - PowerPoint PPT Presentation

Aug 31, 2022 •101 likes •160 views

Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern Reid Holmes [TAILOR ET AL.] NFP: Security Security: The protection a ff orded a

  1. Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern Reid Holmes

  2. [TAILOR ET AL.] NFP: Security ‣ Security: “The protection a ff orded a system to preserve its integrity, availability, and confidentiality if its resources.” ‣ Confidentiality ‣ Preserving the confidentiality of information means preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information. ‣ Integrity ‣ Maintaining the integrity of information means that only authorized parties can manipulate the information and do so only in authorized ways. ‣ Availability ‣ Resources are available if they are accessible by authorized parties on all appropriate occasions. REID HOLMES - SE2: SOFTWARE DESIGN & ARCHITECTURE

  3. [TAILOR ET AL.] Security arch. principles ‣ Least privilege: ‣ Give each component only the privileges it requires. ‣ Fail-safe defaults ‣ Deny access if explicit permission is absent. ‣ Economy of mechanism ‣ Adopt simple security mechanisms. ‣ Open design ‣ Secrecy != security. REID HOLMES - SE2: SOFTWARE DESIGN & ARCHITECTURE

  4. [TAILOR ET AL.] Security arch. principles ‣ Separation of privilege ‣ Introduce multiple parties to avoid exploitation of privileges. ‣ Least common mechanism ‣ Limit critical resource sharing to only a few mechanisms. ‣ Psychological acceptability ‣ Make security mechanisms usable. ‣ Defence in depth ‣ Have multiple layers of countermeasures. REID HOLMES - SE2: SOFTWARE DESIGN & ARCHITECTURE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
Seminar Series IT and OT, Information Security Architectural and Operational Divides in the

Seminar Series IT and OT, Information Security Architectural and Operational Divides in the

Seminar Series IT and OT, Information Security Architectural and Operational Divides in the Energy Sector Cyber Resilient Energy Delivery Consortium (CREDC) Mark Guth Manager Corporate Security Critical Infrastructure Compliance March 13,

230 views • 22 slides
impact of Security. I SPEAKER'S BIOGRAPHY The Speaker is the former Chairman, Technical Committee

impact of Security. I SPEAKER'S BIOGRAPHY The Speaker is the former Chairman, Technical Committee

GSX 1201s PRESENTATION TITLE: ORGANIZATIONAL SECURITY CULTURE:A NEW BUSINESS PARADIGM ABSTRACT "Security is everybody's Concern" is the most frequently expressed among the basic principles of Security; but how it's done is just as

223 views • 9 slides
Design and Architectural Principles Internet Security [1] VU Engin Kirda

Design and Architectural Principles Internet Security [1] VU Engin Kirda

Design and Architectural Principles Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at News from the Lab Challenge 4 will be announced today (16:00) after the lecture E-Mail

384 views • 34 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security! Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript

891 views • 59 slides
Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp

Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp

Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp University of Luxembourg Interdisciplinary Centre for Security, Reliability and Trust CritiX Critical and Extreme Security and Dependability

266 views • 12 slides
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security

Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security

Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop in Systems and Networking Advances

508 views • 18 slides
RIFLE: An Architectural Framework for User-Centric Information-Flow Security Neil Vachharajani

RIFLE: An Architectural Framework for User-Centric Information-Flow Security Neil Vachharajani

RIFLE: An Architectural Framework for User-Centric Information-Flow Security Neil Vachharajani Matthew J. Bridges Jonathan Chang Ram Rangan Guilherme Ottoni Jason A. Blome George A. Reis Manish Vachharajani David I. August

426 views • 19 slides
Caring f ring for Aging ing Adults ults CONCERN CONCERN: EMPLOYE : EMPLOYEE ASSISTA E

Caring f ring for Aging ing Adults ults CONCERN CONCERN: EMPLOYE : EMPLOYEE ASSISTA E

Caring f ring for Aging ing Adults ults CONCERN CONCERN: EMPLOYE : EMPLOYEE ASSISTA E ASSISTANC NCE E PROGRAM PROGRAM A Benefit for Employees and Families 2 CONCERN: E CERN: EAP Services vices Work/Life Benefits Parenting and

554 views • 19 slides
RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and Bridges, M.J. and Chang, J. and Rangan, R. and Ottoni, G. and Blome, J.A. and Reis, G.A. and Vachharajani, M. and August, D.I. Information Flow

977 views • 19 slides
WELCOME COMMUNITY MEETING 13 JUNE 2018 ARCHITECTURAL DESIGN NEW ARCHITECTURAL DESIGN JULY

WELCOME COMMUNITY MEETING 13 JUNE 2018 ARCHITECTURAL DESIGN NEW ARCHITECTURAL DESIGN JULY

WELCOME COMMUNITY MEETING 13 JUNE 2018 ARCHITECTURAL DESIGN NEW ARCHITECTURAL DESIGN JULY 2018 AUGUST 2019 OVERVIEW SITE UPDATE SITE UPDATE SITE UPDATE SITE UPDATE SECURITY & SAFETY Student Safety is Our #1 Priority

331 views • 15 slides
Rapid Assessment key findings Key contributors in alphabetical order: ACF, Concern Aid

Rapid Assessment key findings Key contributors in alphabetical order: ACF, Concern Aid

Rapid Assessment key findings Key contributors in alphabetical order: ACF, Concern Aid International, FAO, Liberia, Food Security Cluster, LISGIS, Mercy Corps, MOA, UNDP, WFP, WeltHungerHilfe Fighting Hunger Worldwide Key informants:

713 views • 24 slides
3 Areas of Concern Almuth Ernsting, Biofuelwatch, 25 th May 2017 www.biofuelwatch.org.uk Concern

3 Areas of Concern Almuth Ernsting, Biofuelwatch, 25 th May 2017 www.biofuelwatch.org.uk Concern

Glenrothes Biomass Energys proposal for a biomass gasifier at Southfield Industrial Estate: 3 Areas of Concern Almuth Ernsting, Biofuelwatch, 25 th May 2017 www.biofuelwatch.org.uk Concern 1: Impacts on Climate and Forests + In 2016, UK

521 views • 22 slides
IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie Barbir abbieb@nortelnetworks.com Design Team IAB consideration (RFC 3238) Brief Review of Some Issue IP-layer communications (2.2) For an OPES

216 views • 8 slides
Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large system is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

893 views • 12 slides
SECURE BY DESIGN Security Design Principles for the Rest of Us GOTO London 2016 Eoin Woods -

SECURE BY DESIGN Security Design Principles for the Rest of Us GOTO London 2016 Eoin Woods -

SECURE BY DESIGN Security Design Principles for the Rest of Us GOTO London 2016 Eoin Woods - Endava @eoinwoodz 1 BACKGROUND Eoin Woods CTO at Endava (technology services, 3300 people) 10 years in product development - Bull,

453 views • 31 slides
GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager

GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager

GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager September 2013 DANTE connect communicate collaborate Before . connect communicate collaborate Agenda Defence in Depth - A Layered

323 views • 9 slides
Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional NCEdCloud Privileged Accounts) - Mark Scheible, MCNC MFA for All NCEdCloud Privileged Users As a part of continuing efforts to enhance the security

479 views • 14 slides
Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering

Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering

Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering Manager 2019 Agenda Evolution of the edge computing paradigm Introduction to MicroStack MicroStack - use cases MicroStack -

431 views • 15 slides
Building security from scratch Anthi Gilligan Application Security Engineer - Logitech

Building security from scratch Anthi Gilligan Application Security Engineer - Logitech

From ZERO to HERO Building security from scratch Anthi Gilligan Application Security Engineer - Logitech @AnGreagach Who I am and what I do The state of Infosec The experts Pitfall #1 Pitfall #2 Pitfall #3 Pitfall #4 ENCRYPT

522 views • 16 slides
Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides
Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security Consultant About me Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

599 views • 37 slides
Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential

Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential

Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential Knowledge Workshop on Nuclear Power Plant Design Safety Agenda item Title ICTP/Trieste, 9 20 October 2017 Assessment of Defence in Depth Name,

580 views • 38 slides

More recommend