Integrating security design into the software development process for e-commerce systems

Information Management and Computer Security

Volumn 9, Issue 2-3, 2001, Pages 112-122

  Chan, M T ^a   Kwok, L F ^a  

^a CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Computer security; Risk; Software development

Indexed keywords

COMPUTER SIMULATION; INFORMATION TECHNOLOGY; RISK ASSESSMENT; SECURITY OF DATA; SOFTWARE ENGINEERING; WORLD WIDE WEB;

SECURED SYSTEMS;

ELECTRONIC COMMERCE;

EID: 0035780486     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220110394758     Document Type: Review

References (18)

1. Ambler, S.W. (1997), "How the UML models fit together", Software Development Magazine.
2. Andrew, M. (1997), ASP: The Power Guide to Developing Server-based Web Applications, IDG Books Worldwide, Foster City, CA.
3. Barbacci M. et al. (1995), Quality Attributes, Technical Report, CMU/SEI-95-TR-021, ESC-95-TR-021.
4. Bruce, G. and Dempsey, R. (1997), Security in Distributed Computing, Prentice-Hall, Englewood Cliffs, NJ.
5. Carnegie Mellon University (1999), Systems Security Engineering Capability Maturity Model - Model Description Document, version 2.0, April.
6. Chan, M.T. (1998), "A framework for reengineering three-tier client server systems on the Web", International Journal of Applied Software Technology, Vol. 4 No. 4, pp. 123-48.
7. Conallen, J. (1999), "Modeling Web application architectures with UML", Communications of the ACM, Vol. 42 No. 10, October, pp. 63-71.
8. DoD (1985), Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, December.
9. Kobryn, C. (1999), "UML 2001: a standardization odyssey", Comm. of the ACM, Vol. 42 No. 10, October, pp. 29-37.
10. Kwok, L.F. (1997), "A hypertext information security model for organisations", Information Management and Computer Security, Vol. 5 No. 4, pp. 138-48.
11. Kwok, L.F. and Longley, D. (1996), "A security officers' workbench", Computers and Security, Vol. 15 No. 8, pp. 695-705.
12. Kwok, L.F. and Longley D. (1999), "Information security management and modelling", Information Management & Computer Security, Vol. 7 No. 1, pp. 30-9.
13. Larsen G. (1999), "Designing component-based frameworks using patterns in the UML", Communications of the ACM, Vol. 42 No. 10, October, pp. 38-45.
14. May P.R. (2000), The Business of E-commerce: From Corporate Strategy to Technology (Breakthroughs in Application Development), Cambridge University Press, Cambridge.
15. Microsoft (1999), DCOM Architecture, white paper, available at: http://www.microsoft.com/com/wpaper/default.asp#DCOMPapers (last updated 19 November, 1999).
16. OMG (1999), OMG Unified Modeling Language Specification, version 1.3, June.
17. Proceedings of the 20th National Information Systems Security Conference, "Panel: alternative assurances: implementation of better ways!", Baltimore, MD, October 1997, pp. 712-13.
18. World Wide Web Consortium (2001), World Wide Web Security FAQ, available at: http:// www.w3.org/security/faq/www-security-faq.html (last updated 24 March 2001).