Tutorial:  Designing Secure Architectures using Security Patterns (Half-day Tutorial) CANCELLED
Leader: Eduardo Fernandez

Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. We consider the structure and purpose of security patterns, show a variety of security patterns, and illustrate their use in the construction of secure systems. These patterns include Authentication, Authorization, Role-based Access Control, Firewalls, Web Services Security, and application-oriented secure architectures for health, legal, and financial applications.

This tutorial will introduce patterns in a conceptual way, relating them to their functions and to the system architecture, pure enumerations are not useful to designers. We show how to apply these patterns through a secure system development method. The patterns are shown using UML models and some examples are taken from Security Patterns (Wiley, 2006), authored by Dr. Fernandez

Level: Intermediate. Attendee background: General knowledge of UML and object-oriented design is assumed. Understanding of basic security concepts is helpful but not necessary. Tutorial objectives: Attendees will be able to understand the idea behind security patterns, get acquainted with some of them, and use them to build secure systems.

Eduardo Fernandez (ed@cse.fau.edu) is Professor of Computer Science and Engineering at Florida Atlantic University. He has published numerous papers on security and object-oriented design. He has lectured at many academic and industrial meetings. His interests include object-oriented design and security patterns. He holds a MS degree from Purdue University and a PhD from UCLA.