Abstract
Middleware typically includes a set of functions that provide services to distributed applications. To design middleware architectures, developers often employ architectural patterns – solutions to recurring software problems. In general these patterns do not contain any security features, however, it is possible to make secured versions of them using experience or by considering security threats and countermeasures in real-life implementations. Using this inductive approach we have built up a catalog of such (compound security) patterns for middleware. They can be used by developers early in the software development life-cycle to efficiently determine a set of relevant security requirements. In this paper we continue the same line of work to secure the Wrapper Façade and Distributed Publish/Subscribe patterns, extending the inductive approach from before with a deductive approach based on a use-case driven threat analysis. We document the resulting Secure Façade compound pattern briefly, and the Secure Publish/Subscribe in more detail.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Buschmann, F., Meunier, R., Rohnert, H., Sommerland, P., Stal, M.: Pattern- oriented software architecture. Wiley (1996)
Kircher, M., Jain, P.: Pattern-oriented software architecture. Patterns for Resource Management, vol. 3. Wiley (2004)
Schmidt, D., Stal, M., Rohnert, H., Buschmann, F.: Pattern-Oriented Software Architecture. Patterns for Concurrent and Networked Objects, vol. 2. John Wiley & Sons, West Sussex (2000)
Uzunov, A.V., Fernandez, E.B., Falkner, K.: Securing distributed systems using patterns: A survey. Computers & Security 31, 681–703 (2012)
Fernandez, E.B., Washizaki, H., Yoshioka, N.: Abstract security patterns. In: Procs. of the 2nd Workshop on Software Patterns and Quality (SPAQu 2008) (Position paper), in Conjunction with the 15th Conf. on Pattern Languages of Programs (PLoP), Nashville, TN (2008)
Voelter, M., Kircher, M., Zdun, U.: Remoting Patterns: Foundations of Enterprise, Internet and Realtime Distributed Object Middleware. Wiley (2005)
Anderson, R.: Corba Security Service Specification, OMG (2001), http://www.omg.org/docs/formal/02-03-11.pdf
Belapurkar, A., Chakrabarti, A., Ponnapalli, H., Varadarajan, N., Padmanabhuni, S., Sundarrajan, S.: Distributed Systems Security: Issues, Processes and Solutions. Wiley (2009)
Kaufman, C., Perlman, R., Speciner, M.: Network Security, 2nd edn. Prentice-Hall (2002)
Fernandez, E.B., Larrondo Petrie, M.M.: Securing design patterns for distributed systems. In: Xiao, Y. (ed.) Security in Distributed, Grid, and Pervasive Computing, ch. 3, pp. 53–66. Auerbach Pubs., Taylor & Francis Group, LLC (2007)
Morrison, P., Fernandez, E.B.: Securing the Broker pattern. In: Procs. of the 11th European Conf. on Pattern Languages of Programs, EuroPLoP (2006)
Fernandez, E.B., Ortega-Arjona, J.L.: The Secure Pipes and Filters pattern. In: Procs. of the Third Int. Workshop on Secure System Methodologies Using Patterns (Spattern) (2009)
Ortega-Arjona, J.L., Fernandez, E.B.: The Secure Blackboard pattern. In: Procs. 15th Int. Conference on Pattern Languages of Programs, PLoP (2008)
Fernandez, E.B., Ortega-Arjona, J.L.: Securing the Adapter pattern. In: Procs. of the OOPSLA MiniPLoP (2009)
Delessy, N., Fernandez, E.B.: The Secure MVC pattern. Accepted for the First International Symposium on Software Architecture and Patterns, In: Conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology (LACCEI), Panama City, Panama, July 23-27 (2012)
Fernandez, E.B., Fonoage, M., VanHilst, M., Larrondo-Petrie, M.M.: The secure three-tier architecture. In: Procs. of the Second Workshop on Engineering Complex Distributed Systems (ECDS 2008), Barcelona, Spain, pp. 555–560 (2008)
Fernandez, E.B., Yoshioka, N., Washizaki, H.: Two patterns for distributed systems: Enterprise Service Bus (ESB) and Distributed Publish/Subscribe. In: 18th Conference on Pattern Languages of Programs, PLoP (2011)
Fernandez, E.B., VanHilst, M., Larrondo Petrie, M.M., Huang, S.: Defining Security Requirements Through Misuse Actions. In: Ochoa, S.F., Roman, G.-C. (eds.) Advanced Software Engineering: Expanding the Frontiers of Software Technology. IFIP, pp. 123–137. Springer US (2006)
Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A methodology to develop secure systems using patterns. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Vision, pp. 107–126. IDEA Press (2006)
Fernandez, E.B.: Security Patterns in Practice: Building Secure Architectures using Software Patterns, 1st edn. Wiley Series on Software Design Patterns. Wiley (to appear)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design patterns: elements of reusable object-oriented software. Addison-Wesley, Boston (1994)
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish/subscribe. ACM Comput. Surv. 35, 114–131 (2003)
Braga, A., Rubira, C., Dahab, R.: Tropyc: A pattern language for cryptographic object-oriented software. In: Harrison, N., Foote, B., Rohnert, H. (eds.) Pattern Languages of Program Design 4, ch. 16. Addison-Wesley (1998)
Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating security and systems engineering. Wiley Series in Software Design Patterns. Wiley (2006)
Zou, X., Ramamurthy, B., Magliveras, S.S.: Secure Group Communications Over Data Networks, 1st edn. Springer (2005)
Brown, F.L., Divietri, J., De Villegas, G.D., Fernandez, E.B.: The Authenticator Pattern. In: Procs. of PLoP 1999 (1999)
Hashizume, K., Fernandez, E.B., Huang, S.: Digital Signature with Hashing and XML Signature patterns. In: Procs. 14th European Conf. on Pattern Languages of Programs, EuroPLoP (2009)
Priebe, T., Fernandez, E.B., Mehlau, J., Pernul, G.: A pattern system for access control. In: Farkas, C., Samarati, P. (eds.) Research Directions in Data and Applications Security XVIII, pp. 235–249. Springer (2004)
Uzunov, A.V., Fernandez, E.B., Falkner, K.: A software engineering approach to authorization in distributed, collaborative systems using security patterns and security solution frames (submitted for publication)
Delessy, N., Fernandez, E.B., Larrondo-Petrie, M.M., Wu, J.: Patterns for Access Control in Distributed Systems. In: Proceedings of the 14th Pattern Languages of Programs Conference (PLoP), Monticello, Illinois, USA (2007)
Wong, W., Verdi, F., Magalhaes, M.: A security plane for publish/subscribe based content oriented networks. In: Procs. ACM CoNEXT (2008)
Ssekibuule, R.: Secure Publish-Subscribe Mediated Virtual Organizations. In: Procs. ISSA (2010), http://icsa.cs.up.ac.za/issa/2010/Proceedings/Full/18_Paper.pdf
Srivatsa, J., Liu, L.: Securing publish-subscribe overlay services with Event Guard. In: Procs. 12th ACM Conference on Computer and Communications Security (CCS), pp. 289–298. ACM (2005)
Pesonen, L.I.W., Eyers, D.M., Bacon, J.: Access Control in Decentralised Publish/Subscribe Systems. J. Netw. 2, 57–67 (2007)
Osmani, A.: Patterns For Large-Scale JavaScript Application Architecture, http://addyosmani.com/largescalejavascript/
OWASP, Security Analysis of Core J2EE Design Patterns Project/BusinessTier, https://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project/BusinessTier
Peltz, C.: Applying Design Issues and Patterns in Web Services, http://www.devx.com/enterprise/Article/10397/1954
Fernandez, E.B., Mujica, S., Valenzuela, F.: Two security patterns: Least Privilege and Secure Logger/Auditor. In: Procs. AsianPLoP (2011)
Harrison, N.B., Avgeriou, P.: How do architecture patterns and tactics interact? A model and annotation. J. Syst. Softw. 83, 1735–1758 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fernandez, E.B., Uzunov, A.V. (2012). Secure Middleware Patterns. In: Xiang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-35362-8_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35361-1
Online ISBN: 978-3-642-35362-8
eBook Packages: Computer ScienceComputer Science (R0)