Assured By Design LLC.

Featured in IBM Developerworks February 2006 issue!

Now used by course INFSCI 2935, Developing Secure Systems, University of Pittsburgh, School of Information Sciences
Download chart of the 185 design principles here: letter-size tabloid-size
High Assurance Design

From the Preface

The state of affairs in the world of custom application development is nothing short of a crisis. Consider these facts:

The average programmer is woefully untrained in basic principles related to reliability and security.

The tools available to programmers are woefully inadequate to expect that the average programmer can produce reliable and secure applications.

Organizations that procure applications are woefully unaware of this state of affairs, and take far too much for granted with regard to security and reliability.

This book attempts to bring awareness of these issues to the mainstream software development community, and tries to provide developers with basic principles and techniques that can be applied to the development of business applications. Today’s dynamic development environment—driven by a desire for agility, responsiveness, and low cost—can adopt these techniques to improve their processes.

Who This Book Is For

This is not a programming book. It has little code in it, and the patterns are abstractly expressed. It is also not a book about hacking. Hacking is inherently technology specific. This book is about fundamentals, and its intent is to help lay a foundation from which the reader can begin the journey of understanding how reliable and secure applications can be designed and implemented.

This book is written for the practicing software application architect who works in a business application design and programming environment. It is also written for lead designers and technical managers in such an environment, as well as those who manage IT organizations and are somewhat technically inclined.
An Addison Wesley title.
Available on Amazon


185 Design Principles
 660 Pages 46 Design Patterns
Foreword by Peter G. Neumann, Principal Scientist, SRI International


Answers For Selected Exercises
Chapter 11
1. [Answer: they should be value objects]
2. [Answer: a regression suite for the third-party numerical analysis utilities]
4. [Answer: they should be immutable]
Chapter 12
1. [Answer: a race condition can be created if one user tries to access the application and then another user also tries to access the application immediately before the broker creates the file]
6. [Answer: Yes, they should. But that does not substitute for testing in an isolated test environment.
Chapter 14
2. A [Answer: it is a reverse cache, because the application is not the actual client of the data – the application is merely servicing client requests.]
3. [Answer: latency.]
Chapter 16
5. [Answer: it sounds like the console might display as-set values instead of actual values, especially for the log file.]
Chapter 17
1. [Answer: The input arguments use a generic type (List), and the method description does not say what the type of the list elements must be. The description does not say why it does what it does. It does not indicate the cardinality relationship between input elements and output elements.]

Other Work Related to Vulnerability and Attack Taxonomies

Guidance On Defining Java Permission Models:
IBM: Tivoli Access Manager
BEA: Using Java Security to Protect WebLogic Resources

The Java Security Architecture