Design Pattern-engineering implementation and expansion based on C # security design pattern Series 3 checkpoint pattern (check point)

Check Point

Checkpoint Mode

Vision Wang)

2009-02-13

Category

Information Security Behavior Model

Motivation, problems, and Influencing Factors

I don't know if you are the same as me.

Due to strict personnel access control, if I don't show my work permit and punch in, I won't be able to enter the office area. Taking the entrance as an example, the process is as follows:

Figure 03-01: entry process

From the above process, the above "guard" and "Access Control System" are designed to prevent unauthorized users from entering sensitive areas and effectively protect sensitive information systems and data. In the previous chapter, we introduced the single access point pattern. Its main task is to minimize the access contact surface, but it cannot control the user's "try to access" behavior.

For example, in the above example, the guard will always get off work and change jobs, and the access control system will be temporarily closed for some reasons. I believe you know a lot of movies you have seen, what will happen if the fire alarm is broken, so even if the above "layer-by-layer fortification", but if you cannot "cut" these "try to enter" as soon as possible to clean up, illegal users orProgramAs long as there is a "Perseverance" breakthrough, it is only a matter of time.

A more intuitive example is our Windows logon password, "1qaz2wsx "? -- No, "123456" -- not yet? But it doesn't matter. I just need to traverse the page and sharpen it into a needle.

To sum up, our goal is to block repeated break in behaviors and take appropriate actions to "Punish" the subjects who initiate break in behaviors. For most enterprises, these contents are included in the requirements of various security policies and security usage specifications. In terms of design, we follow the design pattern-engineering implementation and expansion based on C #, and design it into an independent mechanism.

In reality, there are some restrictions on implementing this control:

L this control requirement is most common in authentication and authorization. If the "penalty" measures are inappropriate, the user will be disgusted;

L are these behaviors illegal? Think about whether you remember your parents' birthday, though only two dates. Similarly, it is not easy for many of our users to remember so many passwords. It is also necessary to determine whether it is break in or unintentional for complicated systems;

L different "attempts" may require different feedback. For example, when you go to work, you may have to use different measures to hack the door or swipe your card over and over again;

Solution

In summary, we may have many requirements for these behaviors, but in abstraction, they are represented:

"Use an object/The subsystem encapsulates the security policy for the above 'attempted ".

How do we think about projects in reality? Take authentication as an example. We often see a logon interface that allows users to enter username and password. If the error exceeds 3 or 5 times, please wait for a while, if you always enter the address in the browser that is not supposed to execute the function, you may see a unfriendly interface, telling you that "your IP address/account has been locked, please contact the Administrator to unlock ".

In reality, projects have different definitions of "try", and how to define "try" fails is also different. For example:

L user name/password Mismatch

L authentication timeout

L the same account has logged on elsewhere and has not exited

L unauthorized access

L log on to the enterprise's information system at an inappropriate time

L... ...

Considering the great changes in this part, according to the gof23 processing method, we "cut" it to provide judgment for the objects/subsystems that manage "attempts ".AlgorithmThat is to say, the policy mode is used to abstract the actions taken to determine whether or not the "attempt" is successful and how many "attempts" fail into independent policies, allowing dynamic configuration by plug-ins.

In this way, we abstract the static structure of the checkpoint mode:

Figure 03-02: static structure of the checkpoint Mode

Note:

L ihandler: defines punitive measures that should be taken after multiple "illegal attempts" based on the command mode;

L istrategy: Use the policy model to define a judgment algorithm that determines whether the execution after the attempt is successful;

L idirectorstrategy: it is the main embodiment of the enterprise's security policy. He expressed the final implementation of the punitive measure algorithm;

L context: Used to indicate all the environments and USER Parameters of the algorithm;

L checkpoint: it is used to manage the entry for "trying to control scheduling and response mechanisms;

Although the aforementioned ctor strategy is unique in most cases, for large enterprises, information security policies often come from different departments, for this reason, refer to the introduction in gof23 of design patterns-engineering implementation and expansion based on C #. You can organize related policies into a unified ctor strategy by means of the combined patterns.

The execution sequence of the checkpoint mode is as follows:

Figure 03-03: execution sequence in checkpoint Mode

Among them, the decisive role is checkpoint and idirectorstrategy. As for ihandler's implementation, it is necessary to report back to the interface to inform the user, or directly take a small ledger in the background, or trigger an alarm, this has nothing to do with the checkpoint system, because the key objective of the checkpoint is the decision-making process in the early stage, and the subsequent measures are completely dependent on the abstract ihandler definition.

Example

The most common example is to check the number of website logins. Assume that the enterprise security policy is very loose:

L if the password is incorrect for five times, the login request is temporarily suspended for 20 s;

L simultaneous online access is prohibited for the same account;

Analysis

Here, we will first break down the responsibilities:

L add a logon counter for each account in the Active session for Director strategy;

L adds a 20 s control mechanism for pending requests;

Design

Based on the refined division of labor and the static structure of the previous checkpoint mode, we designed a timesdirectorstrategy:

Figure 03-04: Director strategy structure required by the example

The specific execution sequence is similar to the general processing, except timesdirectorstrategy needs to determine the number of "attempts" based on the source of the call request.

Related Mode

From the design perspective, because different enterprises have different identification policies for "illegal attempts", the policy mode becomes the first choice for encapsulating related algorithms.

In order to establish a comprehensive system for enterprises, we need to pass the relevant "attempt" error check work to a third-party mechanism outside the authentication logic. Therefore, it is necessary to adopt the observer mode, with the help of the characteristics of different development platforms from the side "holding" different "attempts" behavior.

Industry Cases

Similar checkpoint measures, such as Windows XP and Vista, are the most familiar ones. Every time we enter the wrong password several times in a row, the login interface will be suspended temporarily.

The "forgot password" of many websites is a natural reminder of the response after multiple failures.

Others

As shown in the preceding example, for a typical application of the checkpoint mode-Authorization and authentication, how to abstract the request subject (in many cases, you also need to distinguish the different behaviors of the same subject, even the behavior feature mode of the same behavior), the content is not the operation content of the checkpoint mode, the discussion needs to be in the authenticator pattern (also known as "authentication sub" and other names) and the authorizator pattern, also known as "Authorization Sub") section.

 

More attention:

Design Patterns-engineering implementation and expansion based on C # security design pattern Series 1 public key system and distributed environment requirements

 

Bookmarks on design patterns-engineering implementation and expansion based on C #

On the cover of design patterns-engineering implementation and expansion based on C #

E-books and examples on design patterns-engineering implementation and expansion based on C #CodePublishing, starting with Internet subscription

Pricing modification of design model-C #-based engineering implementation and expansion

"My first planning practices"

My first planning practice-the door to initial directory Analysis

Help you create flexible, scalable, and easy-to-maintain software entities

"Wang Xiang-Design Mode C # engineering implementation" online lecture material download

Expression Pattern of Design Pattern

For more information about "entrepreneurship and promotion", see "getting out of software Workshop".

For more information about "job search and interview", see the beauty of programming-Microsoft technical interview experience.