Towards a risk management perspective on AAIs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4083 LNCS, Issue , 2006, Pages 41-50

  Schläger, Christian ^a   Nowey, Thomas ^a  

^a UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET; RISK ASSESSMENT; SECURITY OF DATA; SOFTWARE ENGINEERING;

RISK ASSESSMENT METHOD; SECURITY SERVICES;

RISK MANAGEMENT;

EID: 33750036384     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11824633_5     Document Type: Conference Paper

References (17)

1. Castro-Rojo, R., Lopez, D. R.: The PAPI system: point of access to providers of information. In: Computer Networks: The International Journal of Computer and Telecommunications Networking, Volume 37. Elsevier, Amsterdam (2001) 703-710
2. Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. In: Communications of the ACM, Volume 47. ACM Press, New York (2004) 87-92
3. Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT '02). ACM Press, New York (2002) 135-140
4. Cremonini, M., Martini, P.: Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA). In: Proceedings of the Fourth Workshop on the Economics of Information Security. Harvard (2005)
5. Jøsang, A., Pope, S.: User Centric Identity Management. In: Clark, A., Kerr, K., Mohay, G. (eds.): Proceedings of AusCERT Asia Pacific Information Technology Security Conference 2005. Gold Coast (2005) 77-89
6. Katsikas, S. K., Lopez, J., Pernul, G.: Trust, Privacy and Security in E-business: Requirements and Solutions. In: Proc. of the 10th Panhellenic Conference on Informatics (PCI'2005). Lecture Notes in Computer Science. Springer-Verlag, Berlin Heidelberg New York (2005) 548-558
7. Kormann, P., Rubin, A.: Risks of the Passport single sign-on protocol. In: Computer Networks: The International Journal of Computer and Telecommunications Networking, Volume 33. Elsevier, Amsterdam (2000) 51-58
8. Liberty ID-FF Bindings and Profiles Specification, Liberty Alliance Project, 2003. Accessible at http://www.projectliberty.org/specs/liberty-idff- bindings-profiles-v1.2.pdf
9. Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIs): a comparative survey. In: Computers & Security, Volume 23. Elsevier, Amsterdam (2004) 578-590
10. Microsoft Passport Review Guide. Accessible at http://download.microsoft. com/download/a/f/4/af49b391-086e-4aa2-a84b-ef6d916b2f08/ passport_reviewguide. doc
11. Nowey, T., Federrath, H., Klein, C., Plössl, K.: Ansätze zur Evaluierung von Sicherheitsinvestitionen. In: Proc. 2. Jahrestagung des GI-Fachbereichs Sicherheit, Lecture Notes in Informatics, P-62, Köllen-Verlag, Bonn (2005) 15-26
12. Pfleeger, S.L.: Risky Business: what we have yet to learn about risk management. Journal of Systems and Software, Volume 53. Elsevier, New York (2000) 265-273
13. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. 3rd edn. Prentice Hall, New Jersey (2002)
14. Schlaeger, C., Nowey, T., Montenegro, J.A.: A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce. In: Proc. of the First International Conference on Availability, Reliability and Security (ARES '06). IEEE Computer Society, Los Alamitos (2006) 709-716
15. Schlaeger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.): Proc. of the Sixth International Conference on Electronic Commerce and Web Technologies - EC-Web '05. Lecture Notes in Computer Science, Vol. 3590. Springer Verlag, Berlin Heidelberg New York (2005) 306-315
16. Tanenbaum, A.S., van Stehen, M.: Verteilte Systeme. Grundlagen und Paradigmen. Prentice Hall, München (2003)
17. Vidalis, S.: A Critical Discussion of Risk and Threat Analysis Methods and Methodologies. School of Computing Technical Report CS-04-03, University of Glamorgan (2004)