Web Services-Based Security Requirement Elicitation

Gutiérrez, Carlos; Fernández‐Medina, Eduardo; Piattini, Mario

doi:10.1093/ietisy/e90-d.9.1374

Cited by 3 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such security attributes are essential for securing WS messages: confidentiality, integrity, and freshness; and interactions: audit, authentication, authorization and non-repudiation. To identify business security objectives, the analyst can use security requirement elicitation techniques [6] or the Unified Compliance Framework (www.unifiedcompliance.org).…”

Section: A Identifying Business-level Security Objectivesmentioning

confidence: 99%

SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

Phan

Han

Mueller

et al. 2009

2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA)

View full text Add to dashboard Cite

A critical issue in developing Web Service-based business applications is the realization of business-level security requirements with system-level security mechanisms using the WS-* standards. Current practice has primarily relied on the engineer's experience and lacks consistency and methodological support. This paper introduces an approach to Web Services security engineering called SOABSE, which systematically models, designs and implements security for a WS-based application from a given set of business-oriented security requirements. It includes 1) a stepwise process that systematically transforms business-level security requirements into system-level WS-* security policies, and relies on 2) a security realization model that maps business-level security objectives to WS-* security realization mechanisms and 3) a security deployment model that sets out the security-oriented Web Service deployment information. A prototype tool supporting the approach is also introduced.

show abstract

Section: A Identifying Business-level Security Objectivesmentioning

confidence: 99%

SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

Phan

Han

Mueller

et al. 2009

2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA)

View full text Add to dashboard Cite

show abstract

“…We can find in the literature much research in the area of web services security, both regarding security requirements analysis (Firesmith, 2003;Firesmith, 2004;Gutiérrez et al, 2005b;OASIS, 2005;W3C, 2004;WS-I, 2005;Yagüe et al, 2005;Yagüe and Troya, 2002) and concerning the definition of security patterns (Alexander et al, 1977;Buschmann, 1999;Buschmann et al, 1996;Fernandez, 2002;Fernandez and Pan, 2001;Fernandez et al, 2003;Lehtoren and Pärssinen, 2002;Ramachandran, 2002;Rosado et al, 2006;Steel et al, 2005;Yoder and Barcalow, 1997). However, there are no approaches connecting security requirements with security patterns, so there are no traceability mechanisms allowing choosing the most appropriate security pattern depending on a specific security requirement.…”

Section: Introductionmentioning

confidence: 99%

Security patterns and requirements for internet‐based applications

et al. 2006

View full text Add to dashboard Cite

Purpose -The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet-based application that have been elicited are fulfilled. Additionally, the security patterns are linked with the most appropriate standards for their implementation. Design/methodology/approach -To develop secure WS-based applications, one must know the main security requirements specified that applications have to fulfil and find appropriate security patterns that assure, through combination or relationships between them, the fulfilment of the implicated security requirements. That is why a possible link or connection between requirements and patterns will have to be found, attempting to select for a determined security requirement the best security patterns that solve this requirement, thus guaranteeing the security properties for internet-based applications. Findings -Using security patterns, that drive and guide one towards a secure development as well as towards security software architecture, one can be sure that this design based on these patterns fulfils and guarantees the most important security requirements of the internet-based applications through the design and implementation of security solutions that provide reliable security services. Practical implications -Security architecture for internet-based applications and web services can be designed considering the security requirement types that it must fulfil and using the most appropriate security patterns. Originality/value -This paper proposes a relationship between security requirements that can be specified for internet-based applications and the possible security patterns that can be used in the design and implementation of the secure system based on the internet, guaranteeing that these security requirements are fulfilled.

show abstract

A maturity metric based approach for eliciting SOA security requirements

Kassou

Kjiri

2012

2012 National Days of Network Security and Systems

View full text Add to dashboard Cite

Web Services-Based Security Requirement Elicitation

Cited by 3 publications

References 24 publications

SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

Security patterns and requirements for internet‐based applications

A maturity metric based approach for eliciting SOA security requirements

Contact Info

Product

Resources

About