BestHub
Sign in
Tagged articles
45 articles
Page 1 of 1
James' Growth Diary
James' Growth Diary
Apr 29, 2026 · Information Security

Claude Code’s Five‑Layer Permission System: How It Stops Unauthorized Tool Calls

The article dissects Claude Code’s built‑in five‑layer permission architecture, explaining why a single check is insufficient, how each layer (Hooks, Deny Rules, Permission Mode, Allow Rules, canUseTool) works, the engineering trade‑offs, performance concerns, and practical recommendations for secure AI agent deployments.

Claude CodeDeny RulesFive‑Layer Defense
0 likes · 18 min read
Claude Code’s Five‑Layer Permission System: How It Stops Unauthorized Tool Calls
Machine Learning Algorithms & Natural Language Processing
Machine Learning Algorithms & Natural Language Processing
Apr 14, 2026 · Artificial Intelligence

Balancing Usability, Fun, and Safety: How Fudan’s Post‑00 Team Built XSafeClaw for Controllable AI Agents

Amid soaring hype for autonomous agents, a Meta incident exposed how hidden execution steps can cause real‑world damage, prompting Fudan’s XSafeClaw project to deliver a visual, layer‑by‑layer security framework that makes agent behavior observable, auditable, and safely interceptable.

Agent safetyHuman-in-the-LoopRuntime monitoring
0 likes · 10 min read
Balancing Usability, Fun, and Safety: How Fudan’s Post‑00 Team Built XSafeClaw for Controllable AI Agents
Programmer's Advance
Programmer's Advance
Jan 14, 2026 · Artificial Intelligence

How Claude Cowork Turns AI from Chat to Actionable Agent – A Deep Dive

Claude Cowork, announced by Anthropic in January 2026, showcases a three‑layer security architecture, a task‑decomposition workflow, and a suite of six office‑automation modules, while positioning itself against Claude Code, GitHub Copilot and Cursor AI and highlighting both its industry impact and remaining limitations.

AI AgentClaude CoworkProduct Review
0 likes · 13 min read
How Claude Cowork Turns AI from Chat to Actionable Agent – A Deep Dive
Java Architect Handbook
Java Architect Handbook
Dec 26, 2025 · Information Security

Mastering Permission Management: From Basic RBAC to Advanced Role‑Inheritance Models

This article explains why fine‑grained permission management is essential for data security, walks through classic RBAC, role‑inheritance (RBAC1), constrained RBAC (RBAC2), user groups, organization‑based and position‑based roles, and presents both standard and ideal database schemas for implementing these models.

Constraint ModelingRBACRole Inheritance
0 likes · 18 min read
Mastering Permission Management: From Basic RBAC to Advanced Role‑Inheritance Models
Ops Development & AI Practice
Ops Development & AI Practice
Sep 6, 2025 · Information Security

Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model

The article redefines security by introducing the concept of endogenous security, explaining its origins, biological analogy, core characteristics, and how it synergizes with DevSecOps to embed self‑protecting, adaptive immunity directly into software and infrastructure rather than relying on external defenses.

DevSecOpsEndogenous SecurityInformation Security
0 likes · 8 min read
Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model
Ops Development & AI Practice
Ops Development & AI Practice
Jun 14, 2025 · Information Security

Designing a Resilient Zero‑Trust Security Architecture on AWS for Small Ops Teams

This article outlines a comprehensive, financial‑grade security blueprint for a three‑person operations team using AWS services such as IAM, Secrets Manager, Session Manager, GuardDuty, and WAF, emphasizing Zero Trust, Least Privilege, and Defense‑in‑Depth to protect against external attacks, internal risks, and to enable clear audit trails for incident investigation.

AWSIAMOperations
0 likes · 13 min read
Designing a Resilient Zero‑Trust Security Architecture on AWS for Small Ops Teams
Alibaba Cloud Developer
Alibaba Cloud Developer
Mar 17, 2025 · Information Security

How Alibaba Cloud Designs Secure DevSecOps Architecture: Lessons for Enterprises

This article details Alibaba Cloud’s practical experience in designing secure DevSecOps architectures, outlining the challenges of balancing development speed with security, the roles and processes for security architecture design, layered defense strategies, and zero‑trust implementations to help enterprises strengthen product security from the outset.

Alibaba CloudDevSecOpsSecurity Architecture
0 likes · 14 min read
How Alibaba Cloud Designs Secure DevSecOps Architecture: Lessons for Enterprises
DataFunSummit
DataFunSummit
Feb 13, 2025 · Information Security

Building and Optimizing a Comprehensive Security System: Practices, Innovations, and Future Outlook

This article presents a detailed walkthrough of constructing a robust security architecture, covering single‑person security team strategies, risk perception and quantification, rapid incident response, automated detection, precise strike mechanisms, deterrence tactics, and forward‑looking plans for intelligent, data‑driven risk management.

Security Architectureautomationfraud detection
0 likes · 21 min read
Building and Optimizing a Comprehensive Security System: Practices, Innovations, and Future Outlook
macrozheng
macrozheng
Jul 4, 2024 · Information Security

Mastering Access Control: 5 Core Permission Models and Practical RBAC Design

This article explains the fundamentals of access control by reviewing five major permission models—ACL, DAC, MAC, ABAC, and RBAC—then dives into RBAC extensions and practical guidelines for designing user, role, and permission management in real‑world systems, covering menu, operation, and data-level controls.

AuthorizationRBACSecurity Architecture
0 likes · 15 min read
Mastering Access Control: 5 Core Permission Models and Practical RBAC Design
Architects Research Society
Architects Research Society
May 12, 2024 · Information Security

CISSP‑ISSAP Certification Overview, Exam Details, and Preparation Resources

The article outlines the CISSP‑ISSAP certification for security architects, detailing exam format, passing score, target audience, prerequisites, and a range of preparation resources including official guides, online courses, books, community forums, and practice tests to help candidates succeed.

CISSP-ISSAPExam PreparationInformation Security
0 likes · 7 min read
CISSP‑ISSAP Certification Overview, Exam Details, and Preparation Resources
Architect
Architect
Jan 16, 2024 · Information Security

Designing Scalable Permission Models: From Basic RBAC to Advanced Role Inheritance

The article explains why strict permission management is essential, walks through classic RBAC, role inheritance, constraint handling, user groups, organization and position mapping, and presents both standard and ideal database schemas for building maintainable access‑control systems in complex enterprises.

Database designRBACRole Inheritance
0 likes · 19 min read
Designing Scalable Permission Models: From Basic RBAC to Advanced Role Inheritance
Xiaohongshu Tech REDtech
Xiaohongshu Tech REDtech
Dec 13, 2023 · Information Security

XiaoHongShu’s Zero Trust SASE Office Security Solution: Architecture, Challenges, and Implementation

XiaoHongShu’s award‑winning Zero‑Trust SASE Office Security Solution integrates all‑in‑one DLP, anti‑virus, identity‑bound access and distributed POPs to replace fragmented agents, delivering real‑time risk control, data‑non‑landing protection, multi‑level disaster recovery, and achieving 100% device coverage, an 80% reduction in data leakage and a 70% internal NPS after one year.

Office SecuritySASESecurity Architecture
0 likes · 14 min read
XiaoHongShu’s Zero Trust SASE Office Security Solution: Architecture, Challenges, and Implementation
Architects Research Society
Architects Research Society
Nov 1, 2023 · Information Security

Roles and Responsibilities of a Security Architecture Team

The article outlines the composition and responsibilities of a security architecture team, detailing the roles of Security Architect, Information Security Architect, CISO, and Security Analyst, their required business and technical skills, risk management, threat modeling, and how they integrate with enterprise architecture.

CISOInformation SecuritySecurity Architecture
0 likes · 11 min read
Roles and Responsibilities of a Security Architecture Team
High Availability Architecture
High Availability Architecture
Aug 28, 2023 · Information Security

Design and Implementation of a Unified Permission Management Service (MPS)

This article presents a comprehensive design and development of Baidu's Unified Permission Management Service (MPS), detailing its requirement analysis, technical selection, hybrid RBAC/ACL/DAC model, functional modules, implementation specifics, and operational results that demonstrate its effectiveness in consolidating enterprise-wide access control.

ACLDACRBAC
0 likes · 16 min read
Design and Implementation of a Unified Permission Management Service (MPS)
AntTech
AntTech
Jul 19, 2023 · Information Security

IEEE 2952-2023 Standard for Secure Computing Based on Trusted Execution Environment – Technical Overview

The IEEE 2952-2023 standard, jointly released by Ant Group and multiple partners, defines a comprehensive technical framework for secure computing using Trusted Execution Environments, covering isolation, confidentiality, compatibility, performance, availability, and security, and outlines reference implementations, cluster management, and remote attestation mechanisms.

Confidential ComputingSecure ComputingSecurity Architecture
0 likes · 7 min read
IEEE 2952-2023 Standard for Secure Computing Based on Trusted Execution Environment – Technical Overview
Architects Research Society
Architects Research Society
Jun 10, 2023 · Information Security

Roles and Responsibilities of a Security Architecture Team

The article outlines the composition of a security architecture team, detailing the roles of security architect, information security architect, chief information security officer, and security analyst, along with their business and technical skills, organizational relationships, and key responsibilities in managing enterprise security.

CISOInformation SecuritySecurity Analyst
0 likes · 13 min read
Roles and Responsibilities of a Security Architecture Team
Huolala Tech
Huolala Tech
Jun 9, 2023 · Information Security

How to Implement Enterprise-Scale Data Encryption: Lessons from Huolala

This article outlines a comprehensive approach to large‑scale data encryption, covering background regulations, data discovery, solution selection, key management, algorithm choices, implementation techniques, incremental controls, and metrics to ensure secure and efficient encryption across thousands of services and billions of records.

Security Architectureapplication-layer encryptiondata encryption
0 likes · 12 min read
How to Implement Enterprise-Scale Data Encryption: Lessons from Huolala
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
Jun 9, 2023 · Information Security

How Huolala Built a Robust Big Data Security Framework: Lessons & Practices

This article presents a detailed case study of Huolala's big data security architecture, covering background challenges, lifecycle‑wide protection standards, data classification, encryption, disaster recovery, governance processes, and future improvement plans to enhance data asset protection and compliance.

Data GovernanceHuolalaSecurity Architecture
0 likes · 10 min read
How Huolala Built a Robust Big Data Security Framework: Lessons & Practices
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
May 24, 2023 · Information Security

How to Scale Data Encryption Across Millions of Services: A Practical Roadmap

This article details a comprehensive, multi‑stage approach to implementing data encryption at scale—covering data discovery, solution selection, application‑layer and proxy‑layer encryption, key management, algorithm choices, incremental migration, and measurable metrics—to help enterprises protect sensitive data while balancing performance and cost.

Security Architectureapplication-layer encryptiondata encryption
0 likes · 13 min read
How to Scale Data Encryption Across Millions of Services: A Practical Roadmap
StarRing Big Data Open Lab
StarRing Big Data Open Lab
Apr 14, 2023 · Information Security

How to Build a Secure Enterprise Data Platform: End‑to‑End Architecture and Controls

This article explains the security risks of enterprise data platforms, analyzes gaps in traditional protection methods, and presents a comprehensive three‑layer security architecture—asset, capability, and control layers—along with pre‑, during‑, and post‑process measures to ensure data safety throughout its lifecycle.

Data GovernanceEnterprise Data PlatformSecurity Architecture
0 likes · 19 min read
How to Build a Secure Enterprise Data Platform: End‑to‑End Architecture and Controls
Architecture Digest
Architecture Digest
Nov 25, 2022 · Information Security

Design of a Standardized Token‑Based Authentication System Using OAuth2 and JWT

The article explains why enterprises need a unified account management system, defines key authentication terms, outlines the advantages of token‑based security, describes a complete OAuth2 password‑grant flow with JWT, and presents the technical choices and interface designs for implementing a robust, cross‑service authentication solution.

Identity ManagementJWTOAuth2
0 likes · 10 min read
Design of a Standardized Token‑Based Authentication System Using OAuth2 and JWT
Meituan Technology Team
Meituan Technology Team
Sep 22, 2022 · Information Security

Tokenization for Data Security: Design, Implementation, and Engineering Practices

The article explains how tokenization transforms data security into a built‑in attribute that automatically scales with data growth, detailing its design principles, generation methods, architectural layers, security safeguards, and practical engineering experiences to address exposure risks in modern digital businesses.

Data GovernancePIISecurity Architecture
0 likes · 24 min read
Tokenization for Data Security: Design, Implementation, and Engineering Practices
Java High-Performance Architecture
Java High-Performance Architecture
Aug 30, 2022 · Information Security

Why Permission Management Is Critical and How to Build Scalable RBAC Models

This article explains why strict permission management is essential for data security, illustrates various permission models—from basic data-view and edit rights to role‑based access control (RBAC), role inheritance, constraints, user groups, organizations, and positions—and provides practical database table designs for implementing scalable, ideal RBAC systems.

RBACRole InheritanceSecurity Architecture
0 likes · 16 min read
Why Permission Management Is Critical and How to Build Scalable RBAC Models
AntTech
AntTech
Jun 21, 2022 · Information Security

Zero Trust Security Model and Technical Architecture for Ant Financial Office

This article examines the evolution from traditional perimeter‑based security to zero‑trust models, compares their advantages, presents industry case studies, and details Ant Financial’s integrated zero‑trust architecture—including SDP, IAM, and micro‑segmentation—along with implementation practices and future outlook.

IAMMicro SegmentationSDP
0 likes · 17 min read
Zero Trust Security Model and Technical Architecture for Ant Financial Office
Top Architect
Top Architect
May 23, 2022 · Information Security

Designing a Unified Token‑Based Authentication System Using OAuth2 and JWT

The article explains how to design a unified, token‑based authentication system for enterprise applications, covering OAuth2 password grant, JWT usage, token issuance, validation, renewal processes, and interface design, while highlighting the benefits of stateless security and cross‑service single sign‑on.

JWTOAuth2Security Architecture
0 likes · 10 min read
Designing a Unified Token‑Based Authentication System Using OAuth2 and JWT
Weimob Technology Center
Weimob Technology Center
May 12, 2022 · Information Security

Securing Enterprise Data: Inside WKMS’s Scalable Key Management and Encryption Architecture

This article explains how WKMS addresses rising data‑protection regulations by offering a hierarchical key‑management service, masking SDK, AES‑based encryption, robust disaster‑recovery, and high‑throughput performance testing, illustrating a secure yet scalable solution for modern enterprises.

Cloud NativeInformation SecurityPerformance Testing
0 likes · 10 min read
Securing Enterprise Data: Inside WKMS’s Scalable Key Management and Encryption Architecture
DevOps
DevOps
Apr 14, 2022 · Information Security

Threat Modeling: Skills, Methodology, and Long-Term Challenges for Security Architects

The article explains threat modeling as a security‑by‑design practice, outlines the scarce talent pool for senior architects, describes a DFD‑based methodology with STRIDE analysis, and discusses the balance between experiential and methodological approaches to building robust, long‑term security models.

DFDSTRIDESecurity Architecture
0 likes · 9 min read
Threat Modeling: Skills, Methodology, and Long-Term Challenges for Security Architects
Architects' Tech Alliance
Architects' Tech Alliance
May 9, 2021 · Industry Insights

What Are the Key Standards and Challenges Shaping China’s Desktop Cloud Landscape?

This white‑paper‑style analysis examines the rapid growth of desktop cloud in China, outlines its definitions, deployment models, core technologies, protocol choices, GPU virtualization options, security architecture, and proposes standardization needs and policy recommendations to guide the industry forward.

Desktop CloudGPU virtualizationSecurity Architecture
0 likes · 14 min read
What Are the Key Standards and Challenges Shaping China’s Desktop Cloud Landscape?
Meituan Technology Team
Meituan Technology Team
Apr 8, 2021 · Information Security

Threat Modeling: Practices, Challenges, and Implementation Guide

Threat modeling is a systematic, cross‑functional practice that identifies design‑level security flaws early, prioritizes mitigations using methods like ASTRIDE, and integrates risk assessment into DevSecOps, despite tool scarcity and process integration challenges, to reduce costs, meet compliance, and improve overall security maturity.

DevSecOpsSecurity ArchitectureSoftware Security
0 likes · 31 min read
Threat Modeling: Practices, Challenges, and Implementation Guide
Architects Research Society
Architects Research Society
Feb 24, 2021 · Information Security

Security Architecture Team: Roles, Skills, and Responsibilities

The security architecture team consists of security architects, information security architects, chief information security officers, and security analysts, each with distinct business and technical responsibilities, risk‑management and threat‑modeling skills, and a collaborative relationship with enterprise architecture to ensure secure, compliant solutions.

CISOInformation SecuritySecurity Architecture
0 likes · 11 min read
Security Architecture Team: Roles, Skills, and Responsibilities
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Sep 23, 2020 · Information Security

Mastering Security Architecture Reviews: Principles, Models, and Practical Steps

This article explains how to conduct comprehensive security architecture reviews by covering fundamental design principles, the three pillars of security controls, a practical review model, and detailed guidance on threat modeling, asset identification, and mitigation strategies for modern applications.

Defense in DepthSecurity ArchitectureSecurity Review
0 likes · 24 min read
Mastering Security Architecture Reviews: Principles, Models, and Practical Steps
Architects Research Society
Architects Research Society
Jun 20, 2020 · Information Security

Security Requirements Vision and Strategic Security Architecture Principles

The article outlines the importance of defining security requirements within business context, presents the Security Requirements Vision (SRV) components, describes strategic security architecture principles, differentiates security governance, management and operations, and details formalizing security processes with ownership, documentation, integration, roles, and automation opportunities.

Process FormalizationSecurity Architecturegovernance
0 likes · 8 min read
Security Requirements Vision and Strategic Security Architecture Principles
Programmer DD
Programmer DD
Dec 17, 2019 · Information Security

Understanding RBAC: Role‑Based Access Control Models for Secure Spring Applications

This article explains why Role‑Based Access Control (RBAC) is essential for modern applications, outlines the four RBAC model variants (RBAC0‑RBAC3), clarifies core concepts such as users, roles, sessions and permissions, and shows how RBAC improves scalability and security in Spring Security projects.

RBACRole-Based Access ControlSecurity Architecture
0 likes · 9 min read
Understanding RBAC: Role‑Based Access Control Models for Secure Spring Applications
Java Captain
Java Captain
Jun 3, 2019 · Information Security

Designing Role-Based Access Control and Permission Data Model

This article explains the fundamentals of role‑based access control, how roles and permissions are structured, the use of user groups to simplify large‑scale authorizations, and presents a comprehensive database schema—including tables for users, roles, permissions, resources, and logs—to support flexible and extensible permission management.

Database designPermission modelingRBAC
0 likes · 6 min read
Designing Role-Based Access Control and Permission Data Model
Big Data and Microservices
Big Data and Microservices
Jul 23, 2018 · Information Security

Understanding Apache Shiro: Core Concepts and Architecture Explained

This article introduces Apache Shiro, a lightweight Java security framework, and explains its three core concepts—Subject, SecurityManager, and Realms—while detailing the full system architecture including authenticators, authorizers, session management, caching, and cryptography components.

Apache ShiroAuthenticationAuthorization
0 likes · 5 min read
Understanding Apache Shiro: Core Concepts and Architecture Explained
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Apr 19, 2018 · Information Security

How Suning Built a Comprehensive Information Security Architecture

This article outlines Suning's evolution from a basic network operations unit to a sophisticated, multi‑layered security architecture that integrates organizational structure, protection platforms, risk management, big‑data threat perception, and continuous improvement to safeguard e‑commerce operations.

Big DataInformation SecuritySecurity Architecture
0 likes · 10 min read
How Suning Built a Comprehensive Information Security Architecture
Suning Technology
Suning Technology
Jan 17, 2018 · Information Security

How Suning Built a Robust Security Architecture for E‑Commerce

This article examines Suning's evolution from a basic network‑operations unit to a comprehensive security ecosystem, detailing its organizational structure, protection platforms, integrated risk‑control mechanisms, big‑data threat perception system, and management processes that together safeguard its e‑commerce operations.

Information SecuritySecurity ArchitectureThreat Detection
0 likes · 12 min read
How Suning Built a Robust Security Architecture for E‑Commerce
Meituan Technology Team
Meituan Technology Team
Apr 7, 2017 · Information Security

Insights on Google Infrastructure Security Design

Google’s new security white paper reveals how its deeply integrated, principle‑driven architecture—spanning physical data‑center safeguards, mutual‑authenticated multi‑tenant services, pervasive encryption, and a comprehensive DevSecOps process—enables massive‑scale protection, but replicating this model demands substantial custom hardware, unified tooling, and large‑scale engineering expertise.

Data ProtectionGoogleInfrastructure
0 likes · 22 min read
Insights on Google Infrastructure Security Design
21CTO
21CTO
Sep 10, 2015 · Information Security

6 Critical Architecture Design Mistakes That Undermine System Security

This article examines six common security pitfalls in system architecture—compatibility, cost‑cutting, data‑code mingling, closed design, blacklist defenses, and neglecting security as a design goal—offering concrete examples and practical recommendations to build more robust, resilient software systems.

Cost OptimizationDesign PitfallsSecurity Architecture
0 likes · 14 min read
6 Critical Architecture Design Mistakes That Undermine System Security