Building Secure Web Systems Architectures Using Security Patterns

Prof. Eduardo B. Fernandez, Ph.D. (http://www.cse.fau.edu/~ed)

Dept. of Computer Science and Eng., Florida Atlantic University, Boca Raton, FL 33431

Email: ed AT cse.fau.edu

Time: 13:30-17:00 on November 1st

Room: Marseille

Chair: Eduardo B. Fernandez


Software patterns are encapsulated solutions to recurrent problems in a context. Patterns combine experience and good practices to develop basic models that can be used to build new systems, to evaluate existing systems, and as a communication medium for designers. Security patterns provide guidelines for secure system requirements, design, and evaluation. We consider their structure, show a variety of them, and illustrate their use in the construction of secure web-based systems. These patterns include among others Authentication, Authorization/Access Control, Firewalls, Secure Broker, Web Services Security, and Cloud Security patterns. We have built a catalog of over 100 security patterns. We complement these patterns with misuse patterns, which describe how an attack is performed from the point of view of the attacker, we show XSS as an example. We integrate patterns in the form of security reference architectures that represent complete systems. Reference architectures have not been used much in security and we explore their possibilities. We show how to apply these patterns through a secure system development methodology. We introduce patterns in a conceptual way, relating them to their purposes and to the functional parts of the architecture. Example architectures include a browser and a cloud computing system. The use of patterns can provide a holistic view of security, which is a fundamental principle to build secure systems. Patterns can be applied throughout the software lifecycle and provide an ideal communication tool for the builders of the system. They are also useful to record design decisions. The patterns and reference architectures are shown using UML models and examples are taken from my book: “Security patterns in practice: Building secure architectures using software patterns”, Wiley Series on Software Design Patterns, 2013. The talk also includes some recent patterns, e.g. Network Function Virtualization. Security is a fundamental quality for any web system. Most proposed solutions are ad hoc or partial; regretfully security must be holistic and systematic. Patterns provide the basis for systematic and holistic approaches and are becoming more important every day. Attendees will be able to understand the idea behind security patterns and security reference architectures, get acquainted with some of them, and use them to build architectures for secure systems.

The WordNet Database: Form, Function, and Use

Mark A. Finlayson, Assistant Professor of Computer Science

School of Information and Computing Sciences, Florida International University

11200 S.W. 8th Street, ECS Room 362, Miami, FL 33199

Email: markaf AT fiu.edu

Time: 15:30-17:30 on November 2nd

Room: Monte Carlo

Chair: Mark A. Finlayson


Wordnet (http://wordnet.princeton.edu/) is a large lexical database of the English language. Like a regular dictionary, it indexes base form words (such as the word run) to meanings (e.g., “move fast by using one's feet” as well as “a score in baseball”). Unlike a regular dictionary, it encodes significant amounts of additional information about the interrelationships of word meanings and lexical forms. Perhaps most helpfully, it marks what words are almost exactly synonymous, and so can be used as a thesaurus in addition to a dictionary. Beyond this, however, Wordnet encodes a number of other relationships, such as the fact that an animal (synonymous with animate being, creature, or fauna) is a type of organism, which is in turn a type living thing. This is called the semantic relationship of type-subtype, and Wordnet encodes semantic and lexical relationships between its entries such as type-subtype, part-whole, substance-whole, member-set, domain-topic, antonymy, derivationally related forms, among others. In addition to this rich repository of language meaning, Wordnet is further notable for its size, containing over 155,000 base wordforms, 117,000 meanings, and 188,000 relationships beyond synonymy, including over 46,000 lexical relationships and 142,000 semantic relationships.

Wordnet can be of great use to any application that has to interact with natural language text. In this tutorial, we will first learn about the form of the Wordnet database: the core concepts, what kinds of relationships are encoded in the database, and some caveats about the database contents. We will also examine a small selection of tasks enabled by each type of information encoded in the database. These tasks are provided only as a sample of potential applications, as the range of uses is limited only by one’s imagination. Tasks we will learn about include low-level NLP tasks such as lemmatization or root finding (given the inflected form “running” return the root “run”, or given the irregular form “is” return the root “be”), all the way up to conceptual processing tasks such as determining that cats and dogs are more similar to one another than to turtles, plants, or cars.

In addition to the form and utility of the database, we will learn how to interact with the database programmatically. We will first review ways of loading Wordnet into common databases such as MySQL, Sqlite, PostgresSQL, and the like, such that it can be . After this we will examine how to interface with the database directly within a Java programming language environment, focusing on the library the MIT Java Wordnet Interface (JWI). JWI ( http://projects.csail.mit.edu/jwi) is small, extremely fast, easy to use, and provides API access to all available Wordnet database information.