Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

No matter how elegant the security architecture is, if the application cannot sustain security attacks, or fails to recover to continuous business service, the application security design is still crippled. A robust and reliable security design should include design strategies for service continuity and recovery.

A preventive security design will also predetermine the tolerance level of potential security threats. This is usually done by estimating the capacity or sizing of the unexpected security threats and factoring them into the security design process. For example, security architects can benchmark (via simulation or system test) the tolerance level for handling a high influx of simultaneous authentication requests that may be a malicious denial of attack. They can then add any detection and exception-handling process logic in the authentication service security design. A robust security design will add processing logic to handle the service recovery scenarios when a security service is attacked and then restored to previous working condition. For example, the Secure Session Façade pattern should be able to handle session recovery after the application server is restored to normal working condition after security attacks or other non-security-related downtime. This security recovery design strategy typically goes hand in hand with implementing high availability of the security infrastructure for service continuity and requires a procedure to handle the service recovery in the IT security policy documentation.

Категории