With the growth of the Internet, computer security is rapidly becoming a critical business concern. In turn, as security becomes the responsibility of all IT professionals, companies must rethink the way software is built to have confidence that their mission–critical applications are protected and the privacy and integrity of their data is maintained. In this groundbreaking book, Jay Ramachandran, a security expert with AT&T′s renowned Network Services organization, explores system security architecture from a software engineering viewpoint. He explains why strong security must be a guiding principle of the development process, describes how to weave security into a system′s architecture, and identifies common patterns of implementation found in most security products. This book is an essential reference for software architects and engineers integrating security products into their applications to satisfy corporate security requirements.
Offering in–depth discussions of security principles, software process, and security technologies for cryptography, application, database, and operating system security, this book covers:
∗ The integration of architecture reviews and security assessments into the software development process, explaining application architecture as a collection of protected components communicating over secure channels and operating under constraints
∗ Security principles and architecture basics, including the impact of security products and security infrastructure components on applications
∗ Middleware, application, database, and operating system security
∗ Architectural tensions, describing how to balance security against other architectural goals such as high availability and reliability
∗ Enterprise security management, including a case study on how to build financial business cases to justify security costs
Wiley Computer Publishing
Timely. Practical. Reliable.
Visit our Web site at [external URL]
PART I: ARCHITECTURE AND SECURITY.
Chapter 1. Architecture Reviews.
Chapter 2. Security Assessments.
Chapter 3. Security Architecture Basics.
Chapter 4. Architecture Patterns in Security.
PART II: LOW–LEVEL ARCHITECTURE.
Chapter 5. Code Review.
Chapter 6. Cryptography.
Chapter 7. Trusted Code.
Chapter 8. Secure Communications.
PART III: MID–LEVEL ARCHITECTURE.
Chapter 9. Middleware Security.
Chapter 10. Web Security.
Chapter 11. Application and OS Security.
Chapter 12. Database Security.
PART IV: HIGH–LEVEL ARCHITECTURE.
Chapter 13. Security Components.
Chapter 14. Security and Other Architectural Goals.
Chapter 15. Enterprise Security Architecture.
PART V: BUSINESS CASES AND SECURITY.
Chapter 16. Building Business Cases for Security.