SlideShare a Scribd company logo

Security Patterns - An Introduction

Marcel Winandy
Marcel Winandy

The document introduces the secure boot pattern, which addresses ensuring the integrity of the software stack loaded on a platform. The pattern uses a chain of trust where each boot stage verifies the integrity of the next stage using cryptographic methods. The root of trust is a first module protected by hardware that verifies the initial integrity. The pattern provides security benefits while introducing complexity and overhead. Variants include authenticated boot, which detects instead of preventing integrity violations.

Technology
1 of 23
Download to read offline
Dr.-Ing. Marcel Winandy Security Patterns An Introduction
Why Patterns? Patterns help to address these objectives: • Documentation of successful solutions for repeating problems • Creation of a common „language“ It’s not about technology, it’s about a culture of documentation 
 of good architectures and designs.
What is a Pattern? • A (design) pattern is a description or template for how to solve a problem that can be used in many different situations. • „The pattern describes a problem which again and again occurs in the work, as well as the principle of its solution, in a way that the solution can be used repeatedly without changes.“ (Christopher Alexander, architect) • An organized collection of patterns that relate to a particular fi eld is called a pattern language.
What is not a Pattern? • NOT: „A pattern is a solution to a problem in a context.“ • Counter example: ‣ Problem: How to allocate objects in memory? ‣ Context: object-oriented programming system in a computer with virtual memory. ‣ Solution: Run some typical applications to fi gure out which objects need to communicate. Place those objects on the same virtual page. • This is not a pattern! This is just a solution for a problem in a context. • What is missing: abstraction of solution principle to make it applicable in similar contexts
Types of Patterns • Architectural Patterns • Analysis Patterns • Design Patterns • Coding Patterns (Ideoms) • Organizational Patterns • Anti-Patterns • Security Patterns
What can we achieve with Security Patterns? Security Pattern Language • Common understanding of concepts • Navigate through dependencies • Identify capability for reuse of security building blocks or services • Common language among architects, designers, developers, etc.
What can we achieve with Security Patterns? Security Pattern Catalogs • Derive architectural structures • Tailored for speci fi c applications, 
 use case domains, businesses • Avoid repetition of work • Avoid misunderstandings (through use of common language) • Consistent quality • Faster development Core Security Patterns Catalog
 Security Patterns for J2EE Applications
Key Elements of a Pattern Problem Context Solution Example Example Resolved Name Intent Related Patterns Consequences Known Uses Variants
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de Abstract—Trusted Computing aims at enhancing the security of IT systems by using a combination of trusted hardware and software components to provide security guarantees. This includes system state integrity and the secure link between the software and hardware of a computing platform. Although security patterns exist for operating system security, access control, and authentication, there is still none of Trusted Computing aspects. In this paper, we introduce security patterns for secure boot and for secure storage, which are important basic Trusted Computing concepts. Secure boot is at the heart of most security solutions and secure storage is fundamental for application-level security: it ensures that the integrity of software is verified before accessing stored data. Our paper aims at complementing existing system security patterns by presenting the common patterns underlying the different realizations of secure boot and secure storage. Keywords-security patterns; trusted computing; secure boot; secure storage; I. INTRODUCTION The literature on security patterns includes numerous patterns related to operating systems, e.g., concerning au- thentication and access control. However, until now, Trusted Computing (TC) has received very little attention from the pattern community. TC aims to employ a combination of hardware security mechanisms and software to address security problems that cannot be solved by software alone. Particularly relevant among these are security threats related to malicious software, such as Trojan horses and viruses. By now, there is not only a tremendous amount of research in this field, but TC concepts can also be found in a wide variety of products, ranging from embedded devices, such as mobile phones, to servers equipped with expensive tamper- resistant secure co-processors. The best-known approach to TC is based on the specifications released by the Trusted Computing Group (TCG) [1]. In this paper, we present the patterns underlying two fundamental TC concepts: secure boot and secure storage. Secure boot guarantees that violations of integrity prop- erties of the software stack that is booted on a platform can be prevented, i.e., software that violates the integrity properties cannot be loaded. A variant of this pattern, termed authenticated boot, does not prevent software from being loaded, but allows reliable verification of the load-time integrity of the software that has been booted later on. Secure boot is a building block at the heart of many TC-based solutions (including implementations of secure storage). Secure storage is a crucial application-level requirement in many scenarios. Simple encryption is often not enough to protect sensitive data: it must also be ensured that an attacker cannot obtain the decryption key. Secure storage solves this issue by using hardware (and software) to enforce access restrictions on the stored data. Before access is granted to an application, the integrity of the software is verified. Secure storage and secure boot are essential concepts for TC systems. For instance, a Common Criteria protection profile for security kernels with TC support has been eval- uated and certified recently [2], which also includes secure boot and secure storage. The security patterns described here could be helpful to implement these features for security kernels that aim to comply with this protection profile. This paper describes the common pattern underlying various existing realizations of secure boot [3], [4], [1], [5], and of secure storage [4], [1], [5]. II. SECURE BOOT PATTERN Intent: This pattern addresses how to ensure that vio- lations of integrity properties of the software stack that is booted on a platform can be either prevented (secure boot) or detected (authenticated boot). A. Example Consider a user who wants to use a computing device that was left unattended or that was used by another person before. How can the user be sure that the system software is in the intended operational state, i.e., that no critical component of the operating system or other software ap- plications has been modified in a malicious or unauthorized way? Typically, a file integrity checker program can check the integrity of system and application files. However, any file integrity checker program must rely on trusted reference values and that those values have not been tampered with. Moreover, the user wants also to be sure that the file integrity checker itself is not tampered with or deactivated at all. B. Context Users of security-sensitive applications want to be sure about the operational integrity of their applications and exe- cution environment. Unauthorized changes to the application code or the operating system may lead to unintentional program behavior or violation of security goals. Users trust the hardware, but they need a way to verify that the software loaded on this hardware has not been tampered with. Example Secure Boot Pattern
Secure Boot Pattern Intent: 
 
 This pattern addresses how to ensure that violations of integrity properties of the software stack that is booted on a platform can be either prevented (secure boot) or detected (authenticated boot).
Example • Password wallet for web authentication RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication passwords Client PC Web Server How do you know that your trusted system has started?
Context • Users want to be sure about operational integrity of applications and OS • Unauthorized changes may lead to security violation • Users trust the hardware - But need to verify integrity status of loaded software • Users can be local or remote
Problem • Software can be manipulated or exchanged • Malware can register itself within any stage of the boot process • Forces: - You want to ensure integrity of loaded software - You want the computer to always boot in a well-de fi ned secure state - You want to allow modi fi cations of the system (e.g. updates, additional software)
Solution • Chain of trust - Each boot stage veri fi es integrity of next stage - using cryptographically secure methods (hash functions, digital signature) - Only if check is ok, control is transferred to next stage; otherwise: system is halted • Root of trust - Whole process depends on integrity of fi rst module - First module therefore protected by hardware - Including the integrity veri fi cation data (hash, keys)
Solution • Structure: RuhR-University Bochum System Security Lab Solution ● Structure:
Solution • Dynamics: Root of Trust Bootloader Module 1 Module 2 Module n … Integrity Problem? Halt System
Example Resolved • Password wallet for web authentication RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication passwords Client PC Web Server How do you know that your trusted system has started? Secure Boot
Variants • Authenticated Boot - Does not halt if integrity veri fi cation fails - But allows (remote) party to verify the system state - Integrity measurement results are recorded securely for later inspection(e.g. in protected hardware registers) - Trusted (hardware) module vouches for stored results (e.g. via digital signature)
Consequences • Bene fi ts: - Software integrity state is veri fi ed at boot time - System starts only if integrity is OK - Authenticated boot: more fl exible, check later • Liabilities: - Setup/update of integrity veri fi cation data securely - Speci fi c mechanisms needed for software updates - Integrity checks are only load-time, not runtime - Adds complexity and overhead
Known Uses RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor ● Trusted Platform Module (TPM) ● Open Mobile Terminal Platform (OMTP) specs Sony PlayStation3 PCs, Laptops Mobile phones (Authenticated Boot) (Abstract definition, different implementations)
Related Patterns • Boot Loader: describes the boot process as a sequence of single bootstrap stages. • Authenticator: veri fi es the identity of a subject and creates a proof of identity for later use, e.g., in access control decisions. 

Secure Boot Pattern Problem Context Solution Example Example Resolved Name: Secure Boot Intent Related Patterns Consequences Known Uses Variants
Conclusion • Tremendous literature and resources available on Security Patterns • Common language and understanding by Security Pattern Languages • Reusable architectural structures tailored for speci fi c business applications via Security Pattern Catalogs • More consistent, quality-focused, and faster development achievable • Example given: Secure Boot Pattern

Recommended

chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testing
Cu Nguyen
 
Use GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With YouUse GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With You
CameronTait3
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Unit5
Unit5Unit5
Unit5
Integral university, India
 

Recommended

chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testing
Cu Nguyen
 
Use GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With YouUse GFA To Make Someone Fall In Love With You
Use GFA To Make Someone Fall In Love With You
CameronTait3
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Unit5
Unit5Unit5
Unit5
Integral university, India
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
Piyush Jain
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Program security
Program securityProgram security
Program security
G Prachi
 
Eirtight writing secure code
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure code
Kieran Dundon
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
Frances Coronel
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
Andres Kütt
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
Software engineering introduction
Software engineering introductionSoftware engineering introduction
Software engineering introduction
Vishal Singh
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
anilagarwal007
 
Unit4
Unit4Unit4
Unit4
Integral university, India
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii year
Preeti Mishra
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
Marcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Marcel Winandy
 

More Related Content

Similar to Security Patterns - An Introduction

Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
Piyush Jain
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Program security
Program securityProgram security
Program security
G Prachi
 
Eirtight writing secure code
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure code
Kieran Dundon
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
Frances Coronel
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
Andres Kütt
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
Software engineering introduction
Software engineering introductionSoftware engineering introduction
Software engineering introduction
Vishal Singh
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
anilagarwal007
 
Unit4
Unit4Unit4
Unit4
Integral university, India
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii year
Preeti Mishra
 

Similar to Security Patterns - An Introduction (20)

Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Program security
Program securityProgram security
Program security
 
Eirtight writing secure code
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure code
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Software engineering introduction
Software engineering introductionSoftware engineering introduction
Software engineering introduction
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
6- QUESTION 6 Which of the following is not true for Psychological Acc.pdf
 
Unit4
Unit4Unit4
Unit4
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii year
 

More from Marcel Winandy

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
Marcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Marcel Winandy
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
Marcel Winandy
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card
Marcel Winandy
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health Cloud
Marcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Marcel Winandy
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems
Marcel Winandy
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface Systems
Marcel Winandy
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
Marcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Marcel Winandy
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Marcel Winandy
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
Marcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for Browsers
Marcel Winandy
 

More from Marcel Winandy (13)

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health Cloud
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface Systems
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for Browsers
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 

Security Patterns - An Introduction

  • 1. Dr.-Ing. Marcel Winandy Security Patterns An Introduction
  • 2. Why Patterns? Patterns help to address these objectives: • Documentation of successful solutions for repeating problems • Creation of a common „language“ It’s not about technology, it’s about a culture of documentation 
 of good architectures and designs.
  • 3. What is a Pattern? • A (design) pattern is a description or template for how to solve a problem that can be used in many different situations. • „The pattern describes a problem which again and again occurs in the work, as well as the principle of its solution, in a way that the solution can be used repeatedly without changes.“ (Christopher Alexander, architect) • An organized collection of patterns that relate to a particular fi eld is called a pattern language.
  • 4. What is not a Pattern? • NOT: „A pattern is a solution to a problem in a context.“ • Counter example: ‣ Problem: How to allocate objects in memory? ‣ Context: object-oriented programming system in a computer with virtual memory. ‣ Solution: Run some typical applications to fi gure out which objects need to communicate. Place those objects on the same virtual page. • This is not a pattern! This is just a solution for a problem in a context. • What is missing: abstraction of solution principle to make it applicable in similar contexts
  • 5. Types of Patterns • Architectural Patterns • Analysis Patterns • Design Patterns • Coding Patterns (Ideoms) • Organizational Patterns • Anti-Patterns • Security Patterns
  • 6. What can we achieve with Security Patterns? Security Pattern Language • Common understanding of concepts • Navigate through dependencies • Identify capability for reuse of security building blocks or services • Common language among architects, designers, developers, etc.
  • 7. What can we achieve with Security Patterns? Security Pattern Catalogs • Derive architectural structures • Tailored for speci fi c applications, 
 use case domains, businesses • Avoid repetition of work • Avoid misunderstandings (through use of common language) • Consistent quality • Faster development Core Security Patterns Catalog
 Security Patterns for J2EE Applications
  • 8. Key Elements of a Pattern Problem Context Solution Example Example Resolved Name Intent Related Patterns Consequences Known Uses Variants
  • 9. Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de Abstract—Trusted Computing aims at enhancing the security of IT systems by using a combination of trusted hardware and software components to provide security guarantees. This includes system state integrity and the secure link between the software and hardware of a computing platform. Although security patterns exist for operating system security, access control, and authentication, there is still none of Trusted Computing aspects. In this paper, we introduce security patterns for secure boot and for secure storage, which are important basic Trusted Computing concepts. Secure boot is at the heart of most security solutions and secure storage is fundamental for application-level security: it ensures that the integrity of software is verified before accessing stored data. Our paper aims at complementing existing system security patterns by presenting the common patterns underlying the different realizations of secure boot and secure storage. Keywords-security patterns; trusted computing; secure boot; secure storage; I. INTRODUCTION The literature on security patterns includes numerous patterns related to operating systems, e.g., concerning au- thentication and access control. However, until now, Trusted Computing (TC) has received very little attention from the pattern community. TC aims to employ a combination of hardware security mechanisms and software to address security problems that cannot be solved by software alone. Particularly relevant among these are security threats related to malicious software, such as Trojan horses and viruses. By now, there is not only a tremendous amount of research in this field, but TC concepts can also be found in a wide variety of products, ranging from embedded devices, such as mobile phones, to servers equipped with expensive tamper- resistant secure co-processors. The best-known approach to TC is based on the specifications released by the Trusted Computing Group (TCG) [1]. In this paper, we present the patterns underlying two fundamental TC concepts: secure boot and secure storage. Secure boot guarantees that violations of integrity prop- erties of the software stack that is booted on a platform can be prevented, i.e., software that violates the integrity properties cannot be loaded. A variant of this pattern, termed authenticated boot, does not prevent software from being loaded, but allows reliable verification of the load-time integrity of the software that has been booted later on. Secure boot is a building block at the heart of many TC-based solutions (including implementations of secure storage). Secure storage is a crucial application-level requirement in many scenarios. Simple encryption is often not enough to protect sensitive data: it must also be ensured that an attacker cannot obtain the decryption key. Secure storage solves this issue by using hardware (and software) to enforce access restrictions on the stored data. Before access is granted to an application, the integrity of the software is verified. Secure storage and secure boot are essential concepts for TC systems. For instance, a Common Criteria protection profile for security kernels with TC support has been eval- uated and certified recently [2], which also includes secure boot and secure storage. The security patterns described here could be helpful to implement these features for security kernels that aim to comply with this protection profile. This paper describes the common pattern underlying various existing realizations of secure boot [3], [4], [1], [5], and of secure storage [4], [1], [5]. II. SECURE BOOT PATTERN Intent: This pattern addresses how to ensure that vio- lations of integrity properties of the software stack that is booted on a platform can be either prevented (secure boot) or detected (authenticated boot). A. Example Consider a user who wants to use a computing device that was left unattended or that was used by another person before. How can the user be sure that the system software is in the intended operational state, i.e., that no critical component of the operating system or other software ap- plications has been modified in a malicious or unauthorized way? Typically, a file integrity checker program can check the integrity of system and application files. However, any file integrity checker program must rely on trusted reference values and that those values have not been tampered with. Moreover, the user wants also to be sure that the file integrity checker itself is not tampered with or deactivated at all. B. Context Users of security-sensitive applications want to be sure about the operational integrity of their applications and exe- cution environment. Unauthorized changes to the application code or the operating system may lead to unintentional program behavior or violation of security goals. Users trust the hardware, but they need a way to verify that the software loaded on this hardware has not been tampered with. Example Secure Boot Pattern
  • 10. Secure Boot Pattern Intent: 
 
 This pattern addresses how to ensure that violations of integrity properties of the software stack that is booted on a platform can be either prevented (secure boot) or detected (authenticated boot).
  • 11. Example • Password wallet for web authentication RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication passwords Client PC Web Server How do you know that your trusted system has started?
  • 12. Context • Users want to be sure about operational integrity of applications and OS • Unauthorized changes may lead to security violation • Users trust the hardware - But need to verify integrity status of loaded software • Users can be local or remote
  • 13. Problem • Software can be manipulated or exchanged • Malware can register itself within any stage of the boot process • Forces: - You want to ensure integrity of loaded software - You want the computer to always boot in a well-de fi ned secure state - You want to allow modi fi cations of the system (e.g. updates, additional software)
  • 14. Solution • Chain of trust - Each boot stage veri fi es integrity of next stage - using cryptographically secure methods (hash functions, digital signature) - Only if check is ok, control is transferred to next stage; otherwise: system is halted • Root of trust - Whole process depends on integrity of fi rst module - First module therefore protected by hardware - Including the integrity veri fi cation data (hash, keys)
  • 15. Solution • Structure: RuhR-University Bochum System Security Lab Solution ● Structure:
  • 16. Solution • Dynamics: Root of Trust Bootloader Module 1 Module 2 Module n … Integrity Problem? Halt System
  • 17. Example Resolved • Password wallet for web authentication RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication passwords Client PC Web Server How do you know that your trusted system has started? Secure Boot
  • 18. Variants • Authenticated Boot - Does not halt if integrity veri fi cation fails - But allows (remote) party to verify the system state - Integrity measurement results are recorded securely for later inspection(e.g. in protected hardware registers) - Trusted (hardware) module vouches for stored results (e.g. via digital signature)
  • 19. Consequences • Bene fi ts: - Software integrity state is veri fi ed at boot time - System starts only if integrity is OK - Authenticated boot: more fl exible, check later • Liabilities: - Setup/update of integrity veri fi cation data securely - Speci fi c mechanisms needed for software updates - Integrity checks are only load-time, not runtime - Adds complexity and overhead
  • 20. Known Uses RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor ● Trusted Platform Module (TPM) ● Open Mobile Terminal Platform (OMTP) specs Sony PlayStation3 PCs, Laptops Mobile phones (Authenticated Boot) (Abstract definition, different implementations)
  • 21. Related Patterns • Boot Loader: describes the boot process as a sequence of single bootstrap stages. • Authenticator: veri fi es the identity of a subject and creates a proof of identity for later use, e.g., in access control decisions. 

  • 22. Secure Boot Pattern Problem Context Solution Example Example Resolved Name: Secure Boot Intent Related Patterns Consequences Known Uses Variants
  • 23. Conclusion • Tremendous literature and resources available on Security Patterns • Common language and understanding by Security Pattern Languages • Reusable architectural structures tailored for speci fi c business applications via Security Pattern Catalogs • More consistent, quality-focused, and faster development achievable • Example given: Secure Boot Pattern