Customer Reviews

High-Assurance Design: Architecting Secure and Reliable Enterprise Applications

5 star:		(4)
4 star:		(1)
3 star:		(2)
2 star:		(0)
1 star:		(0)

 

 

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

"High-Assurance Design" (HAD) is the sort of book one should read when sitting down to design decently complex applications. It's not a network architecture book, so you won't read about using router ACLs, firewalls, and host IPS for "defense in depth." Rather, the author is trying to teach what he calls "intrusion-aware design" (p 88). The book contains some real gems, like this principle on p 78: "A system cannot be said to be secure if the design of the actual system cannot be articulated." That is exceptionally accurate. The author explains how developers should "design for verifiability," which really applies to anyone building a complex system. I also bought the idea that reliability is the parent concept, with security as part of reliability (ch 2).

For a person who doesn't develop software professionally, I found all of those concepts to be very powerful and helpful. Programmers, especially Java and object-oriented types like Cliff Berg, will probably really enjoy later chapters in HAD like ch 7. (It was too much for me.) In some cases, however, I questioned the utility of the principles in these later sections. For example, p 301 offers this gem: "Run securely." No kidding! This and other non-actionable (or non-demonstrated) principles resulted in my offering four stars instead of five. The author is also a big agile programming fan, especially liking Extreme Programming (XP). XP, however, seems antithetical to many of his recommendations. His attempts to square this circle didn't really convince me, although certain aspects of XP are definitely compelling.

I recommend reading HAD to benefit from the wonderful insights found in the first half of the book. You'll find that apply very well to multiple security problem sets -- not just secure software development.

Software architects seeking advanced applications development guides should take a look at Clifford J. Berg's HIGH-ASSURANCE DESIGN: ARCHITECTING SECURE AND RELIABLE ENTERPRISE APPLICATIONS, Many enterprises rely on software which is insecure or fragile and which requires expensive maintenance: here software architect Clifford Berg shows designers that high-assurance applications with proven reliability can be easily built using the same design principles as the less reliable models. Chapters identify key problems in unreliable software, show how to improve it, and tell how to obtain the requirements and systems which meet the goal of reliable design.

I've read this book cover to cover. If you are expecting some "tome of knowledge" that is going to impress people but collect dust, this book is not for you. This is going to be a well worn desk-reference for managers, architects, and software engineers.

The book's nineteen chapters cover all the practical elements of assurance that should be expected out of commercial software. Not only has the author covered the issues of what the software has to do, but also has covered the human aspect of fielding the software and the very human aspect of system and application administrators that have to deal with the software in a changing environment. It is obvious that the author has been in each situation that the book describes. Oh yes, and to prove that there are three case studies that show the assurance process in action.

This is a must-get book if you are leading a team, work in a corporate environment, or are about to launch you public facing application.

With the amount of money that is spent on software development, you would think that most software developed would be secure, reliable and maintainable. However, many times this is not the case.

This books covers the gamut of complex issues to consider when designing reliable applications. For example, issues include
application design, security, logging, concurrency, caching, methodology, monitoring, transactional integrity, and much more. The author also adds a couple of case studies to tie the theoretical with the practical. The "lists" in Appendix C, D and E are also very helpful!

I'd highly recommend this book to anyone wanting to move up to the next level in his/her software development/architecture career, that is, moving beyond the basics of coding and simple design/architecture.

It's truly amazing how well the book is kept in such a great condition. Also, it was promptly delivered to me. Thanks for that. And this book, I am sure I am going to spoil it by using it; by reading it multiple times. I may not pass it on to any body as I want to own it now and for a long time to come:-)

Thanks.
Murali Mohan

We got this book few weeks ago and I had an opportunity to gather some facts about the high-assurance design which the book claims to be. I found this book a bit interesting as it tries to reach quite a lot of QoS _ilities of an enterprise application. The good side of book is it will help you if you are trying to design a straight-forward or simple solution with known tiers and components using a single platform. The book narrates a design methodology that will help you well in a simple architecture that does not mandate integration and interoperability with proprietary and non-proprietary applications. On the opposite side, I noticed quite a lot of missing gaps if I consider my application as a bunch of Web services or an ESB based delivery channel or portal solution that interfaces with a Microsoft application. The book does'nt help me much how can I build a high-degree of assurance with all those capabilities. We know this is a complex problem and there are lot of trade-offs to make and that is the missing piece of this book. Otherwise you may find this book as a good read.

The contents of the book shows an interesting structure but it does'nt help much in the end as it turns out that the author digs into vague concepts without any practical guidance on how-to implement them. It sounded like this book is about reading a proprietary architecture of an application server and its relaibility characterstics. The author comfortably escaped from narrating the details of design for solving real life problems...because the devil is in the design details and it is MISSING in this book. Unfortunately this book won't get you hands-on anywhere except for catching few jargons from the alphabet soup.