Security Considerations

Introduction

Security is a major concern for both application architects and developers. Applications that store sensitive information need to be protected from malicious attacks and from competitors attempting to steal information or intellectual property. When designing a security model for your application, you need to be aware of security requirements from a business perspective and the implications that a chosen security model can have on performance, scalability, and deployment.

Security Considerations

If you are designing a server application, your design specification should contain a section that addresses security issues. You should consider and possibly address the following items in the application's functional specification:

·       Security goals. Understand what you are securing and make sure that you can describe it.

·       Security risks. Understand your application's vulnerabilities. You must also understand the significance of potential threats as they relate to your business.

·       Authentication. This is the process of accepting credentials from a user and validating those credentials against a designated authority. The user's (or potentially an application's or computer's) identity is referred to as a security principal. The client must provide credentials to allow the server to verify the identity of the principal. After the identity is known, the application can authorize the principal to access resources on the system. Various criteria, which help you choose the appropriate authentication mechanism, are presented in the next section of this document.

·       Authorization. This is the process of determining whether the proven identity is allowed to access a specific resource.

·       Securing data transmission. By encrypting your data as it crosses the network, you can ensure that it cannot be viewed or tampered with while in transit. You must consider the degree to which your data needs to be secured while in transit.

·       Impersonation. This mechanism allows a server process to run using the security credentials of the client. When the server is impersonating the client, any operations performed by the server are performed using the client's credentials. Impersonation does not allow the server to access remote resources on behalf of the client. This requires delegation.

·       Delegation. Like impersonation, delegation allows a server process to run using the security credentials of the client. However, delegation is more powerful and allows the server process to make calls to other computers while acting as the client.

·       Operating system security. This refers to the establishment of appropriate Access Control Lists (ACLs), and network security to prevent intruders from accessing secured resources. You must set the appropriate ACLs on the appropriate resources to allow access by only the relevant principals.

·       Securing physical access. This refers to locating your server computer in a secure room. You should not overlook this fundamental issue.

·       Code access security. This allows code to be trusted to varying degrees depending upon where it has come from and from other aspects of the code's identity. You should be aware of how to create your own access permissions.