How to Design for Software Reliability, Security, and Maintainability
Many enterprises unfortunately depend on software that is insecure, unreliable, and fragile. They compensate by investing heavily in workarounds and maintenance, and by employing hordes of "gurus" to manage their systems' flaws. This must change. And it can. In this book, respected software architect Clifford J. Berg shows how to design high-assurance applicationsapplications with proven, built-in reliability, security, manageability, and maintainability.
High-Assurance Design presents basic design principles and patterns that can be used in any contemporary development environment and satisfy the business demand for agility, responsiveness, and low cost. Berg draws on real-world experience, focusing heavily on the activities and relationships associated with building superior software in a mainstream business environment. Practicing architects, lead designers, and technical managers will benefit from the coverage of the entire software lifecycle, showing how to:
Understand and avoid the problems that lead to unreliable, insecure software
Refocus design and development resources to improve software
Identify project risks and plan for assurable designs
Obtain the requirements needed to deliver high assurance
Design application systems that meet the identified requirements
Verify that the design satisfies these requirements
Plan and design tests for reliability and security
Integrate security design, reliability design, and application design into one coherent set of processes
Incorporate these concerns into any software development methodology
© Copyright Pearson Education. All rights reserved.
Download the Sample
Chapter related to this title.
About the Author.
2. Assurance Requirements.
3. Design Specification and Verification.
4. Planning for an Assurable Design.
5. Methods of Attack.
6. Realms of Trust.
7. Access Control Containers.
8. Compartmentalization and Classification.
9. Transport and Storage of Secrets.
10. Design Considerations for Secure Operation.
11. Compositional Integrity.
13. Transactional Integrity.
14. Caching and Replication.
15. Distributed Services and Messaging.
18. Failure Response Design.
19. Methodological Considerations.
20. Case Study: Transactional Integrity.
21. Case Study: Application Security.
22. Case Study: Manageability.
Appendix A: References.
Appendix B: Failure Response Conditions and Requirements.
Appendix C: List of Design Principles, by Chapter.
Appendix D: List of Design Patterns, Alphabetical.
Appendix E: List of Attack Patterns, by Section.
This book attempts to bring awareness of these issues to the mainstream software development community, and tries to provide developers with basic principles and techniques that can be applied to the development of business applications. Today's dynamic development environmentdriven by a desire for agility, responsiveness, and low costcan adopt these techniques to improve their processes.
Indeed, there is a substantial disconnect between the security and reliability communities and application developers. I discuss this problematic situation somewhat in the introductory chapter. Blame resides on both sides: developers do not take security and reliability seriously; and experts in security and reliability have not tried to talk in the language of developers. For example, the very term "security policy" has a significant turn-off effect on developers, as it sounds bureaucratic, lethargic, and removed from the ground-level struggles that developers face. I would propose eradicating that term and replacing it with a set of more tactical terms such as security principle, decision, rule, goal, and design. But in this book I am not going to belabor terminology.
This book is somewhat timely because the frequency of high-profile security breaches affecting the public seems to be on the increase. At the same time, companies are increasingly accountable for lapses in security and diligence.
This book is written for the practicing software application architect who works in a business application design and programming environment. It is also written for lead designers and technical managers in such an environment, as well as those who manage IT organizations and are somewhat technically inclined. This book is not intended to be useful to pattern gurus, reliability experts, or security experts, because it does not meet their standards of formality.
This book does not focus on one particular technical area. This is deliberate. In my work I have found that problems related to reliability and security tend to fall all over a range of issues of different kinds. Application software architects do not have time to become experts in each area. This book attempts to draw attention to those areas that I have found to be problematic in many applications. Thus, this book is highly cross-disciplinary by its very nature. Because of this book's intended audience, and because of the integrative nature of the content of this book, coverage of topics is not "canonical" in a traditional sense; rather, coverage is concise so as to not overburden the intended type of readerwho tends to be a very busy deadline-driven and results-oriented personand coverage attempts to reveal the synergy between the topics that are covered.
The result is a kind of "handbook" format, tailored to the vocabulary and knowledge of the typical software project architect. Those wanting a more formal or complete treatment should refer to specialized texts in the separate subjects of reliability and security. The purpose of this book is therefore not to teach one how to design an arbitrarily reliable or secure system; rather, it is to help architects of critical business applications learn how to make their applications meet the reliability and security needs of business. Those who need to build the very most reliable or secure systems such as spacecraft, operating systems, nuclear systems, etc., must have expert level knowledge and the budget to go with it, and those communities need to employ experts in the various areas and utilize very deliberate methodologies that include detailed modeling, simulation, and comprehensive quality control. Most business application projectseven enterprise-level projectsdo not have the budget or time for such an approach.
The design principles and patterns in this book are based on actual usage, and no attempt has been made to distill them into an abstract minimal subset. Thus, while the principles are not necessarily orthogonal, and the patterns are not necessarily minimally composed, they are nevertheless practical and represent real-world situations. Indeed, all of the patterns in this book have been used in real-world business applications.
The patterns shown here are not always structural, but more frequently are temporal and focus on activities and relationships. Thus, structural issues that impact reusability, such as inheritance, are not my primary concern. In this book, I am more concerned with accessibility, closure, and completeness of function.
Download the Foreword
file related to this title.
Download the Index
file related to this title.