Professional Documents
Culture Documents
• 架構師要了解技術的細節,才能確保抽象
化的計畫可以被實行。
2
Principles for Designing OO System
• Abstraction 抽象化
• Encapsulation 封裝
• Modularity 模組化
• Hierarchy 階層組織
3
Business Object Model
• What's wrong?
4
Business Object Model (Cont.)
5
Analysis Patterns
6
Requirements
7
Use Case Specification (from IBM Rational)
1.Abstract
2.Basic Flow
3.Alternative Flows
4.Subflows
5.Key Scenarios
6.Pre-Condition
7.Post-Condition
8.Extension Points
9.Special Requirements 8
Rational Pattern
• Business Model
+Behavior, Attributes, Relationship
• Analysis Model
+Platform
• Design Model
+Implementation
• Source Code
9
Software Localizability Guidelines
10
Mitigation Techniques
• Spoofing 假冒 • Information
– Authentication Disclosure 資訊洩露
(authn) – Authz., encryption
– Good credential • Denial of Service 阻
storage 斷服務
• Tampering 竄改 – Filtering, Authn.,
– Authorization Authz.
(authz), MAC, – Queuing
signing
• Elevation of Privilege
• Repudiation 否認
特權
– Authn., Authz.,
signing, logging,
– Don't run with
trusted third party elevated privileges 11
A Security Framework - SD3
• Microsoft's defense in depth strategy
– Security by Design
• Developers follow secure coding best practices
and implement security features in their
applications to overcome vulnerabilities.
– Security by Default
• End users install applications without altering the
default settings and therefore requires these
users specifically select features that might not
be used or that might reduce security.
– Security in Deployment
• The applications can be maintained securely after
deployment by updating with security patches, 12
monitoring for attacks, and by auditing for
malicious users and content.
Input Data
• 不要相信所有輸入
– 檢查
– 淨化
– 正規化
• 注意 Buffer Overrun
13
架構設計步驟
• Business Modeling
– Identify Business Goal
– Identify Business Process
– Business Object Model
– Analysis Pattern
14
架構設計步驟 (Cont.)
• Analysis Modeling (Platform Independent)
– Functional Requirements
• Use Case
• Use Case Specification
• Glossary
• Find analysis classes
• Identify analysis mechanisms
– Non-functional Requirements
• Define candidate architecture
• Identify non-functional requirements
• Select solution mechanisms
15
架構設計步驟 (Cont.)
16
Summary
• 架構師的重要產出
– 軟體架構
– 介面
– Pattern
17