This Technical Guide provides a pattern-based security design methodology and a system of security design patterns. This methodology, with the pattern catalog, enables system architects and designers to develop security architectures which meet their particular requirements. Contents Chapter 1 Introduction............................................................................................... 1 Chapter 2 The Nature of Patterns........................................................................ 5 2.1 Minimal Definition for a Pattern.............................................................. 5 2.2 How to Recognize a Pattern..................................................................... 6 2.3 Defining a Good Pattern............................................................................ 6 Chapter 3 The Open Group Pattern Template............................................. 9 Chapter 4 The System of Security Patterns................................................... 11 4.1 Available System Patterns ........................................................................ 11 4.2 Protected System Patterns......................................................................... 11 Chapter 5 Design Methodology........................................................................... 13 5.1 System Security Sequence......................................................................... 13 5.2 Available System Sequence...................................................................... 14 5.3 Protected System Sequence ...................................................................... 14 5.4 Review........................................................................................................... 15 Chapter 6 Example: Secure Mail .......................................................................... 17 Chapter 7 Available System Patterns................................................................ 27 7.1 Checkpointed System ................................................................................ 28 7.2 Standby ......................................................................................................... 31 7.3 Comparator-Checked Fault-Tolerant System....................................... 35 7.4 Replicated System....................................................................................... 39 7.5 Error Detection/Correction...................................................................... 42 Chapter 8 Protected System Patterns................................................................. 45 8.1 Protected System......................................................................................... 46 8.2 Policy ............................................................................................................. 53 8.3 Authenticator............................................................................................... 58 8.4 Subject Descriptor....................................................................................... 59 8.5 Secure Communication ............................................................................. 64 8.6 Security Context.......................................................................................... 71 8.7 Security Association................................................................................... 75 8.8 Secure Proxy................................................................................................. 79 Glossary....................................................................................................... 85 Index............................................................................................................... 89