PWSSec: Process for Web services security

Proceedings - ICWS 2006: 2006 IEEE International Conference on Web Services

Volumn , Issue , 2006, Pages 213-220

  Gutierrez C ^a   Fernandez Medina E ^b   Piattini, M ^b  

^a STL   (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY OF DATA; STANDARDS;

LEARNING CURVE; SECURITY ARCHITECTURE; SECURITY STANDARDS;

WEB SERVICES;

EID: 38949162568     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICWS.2006.107     Document Type: Conference Paper

References (37)

1. C. Nott, Patterns: Using Business Service Choreography In Conjuction With An Enterprise Service Bus, 2004.
2. IDC, "Cautious Web Services Software Adoption Continues; IDC Expects Spending to Reach $11 Billion by 2008," 2004.
3. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Web Services Security: is the problem solved?," Information Systems Security, vol. 13, pp. 22-31, 2004.
4. M. Endrei, J. Ang, A. Arsanjani, S. Chua, P. Comte, P. Krogdahl, M. Luo, and T. Newling, Patterns: Service-Oriented Architecture and Web Services, 1st ed, 2004.
5. M. Endrei, J. Ang, A. Arsanjani, S. Chua, P. Comte, P. Krogdahl, M. Luo, and T. Newling, Patterns: Services Oriented Architectures and Web Services, 2004.
6. M. Deubler, J. Grünbauer, J. Jürjens, and G. Wimmel, "Sound Development of Secure Service-based Systems," presented at ICSOC04, New York, USA, 2004.
7. M. Deubler, J. Grünbauer, G. Popp, G. Wimmel, and C. Salzmann, "Towards a Model-Based and Incremental Development Process for Service-Based Systems," presented at International Conference on Software Engineering (IASTED SE 2004), Innsbruck, Austria, 2004.
8. M. P. Papazoglou and D. Georgakopoulo, "Service-Oriented Computing," Communications of the ACM, vol. 46, pp. 25-28, 2003.
9. D. G. Smith, "Common Concepts Underlying Safety, Security, and Survivability Engineering," SEI, Technical Note CMU/SEI-2003-TN-033, December 2003 2003.
10. L. Bass and R. Kazman, "Architecture Based Development," Carnegie Mellon. Software Engineering Institute. CMU/SEI-99-TR-007, April 1999 April 1999.
11. J. Jürjens, Secure Systems Development with UML: Springer, 2005.
12. H. Yu, X. He, Y. Deng, and L. Mo, "Integrating Security Administration into Software Architecture Design," presented at International Conference on Software Engineering and Knowledge Engineering 2004, Banff, Canada, 2004.
13. T. Grandison, M. Sloman, and I. College, "A Survey of Trust in Internet Applications," IEEE, Survey Fourth Quarter 2000 2000.
14. B. Schneier, "Attack Trees: Modeling Security Threats," Dr. Dobb's Journal, 1999.
15. WS-I, "Security Challenges, Threats and Countermeasures," 2005.
16. G. Sindre and A. L. Opdahl, "Eliciting Security Requirements with Misuse Cases," presented at TOOLS-37'00, Sydney, Australia, 2000.
17. I. Alexander, "Misuse Cases: Use Cases with Hostile Intent," IEEE Computer Software, vol. 20, pp. 58-66, 2003.
18. A. P. Moore, R. J. Ellison, and R. C. Linger, "Attack Modelling for Information Security and Survivability," Software Engineering Institute 2001.
19. OMG, "UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms," 2004.
20. D. G. Firesmith, "Security Use Cases," Journal of Object Technology, vol. 2, pp. 53- 64, 2003.
21. A. Toval, J. Nicolás, B. Moros, and F. García, "Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach," Requirements Engineering Journal, vol. 6, pp. 205-219, 2001.
22. I. C. Society, "Software Engineering Body of Knowledge," 2004.
23. P. Krutchen, "The 4+1 View Model of Software Architecture," IEEE Software, pp. 42-50, 1995.
24. L. Bass, P. Clements, and R. Kazman, Software Architecture in Practice, 2nd, ed: Addison-Wesley, 2003.
25. H. Skogsrud, B. Benatallah, and F. Casati, "Model-Driven Trust Negotiation for Web Services," IEEE Internet Computing, pp. 45- 51, 2003.
26. E. Ferrari and B. Thuraisingham, "Security and Privacy for Web Databases and Services," E. 2004 and L. 2992, Eds. Berlin Heidelberg 2004: Springer-Verlag, 2004, pp. 17-28.
27. C. J. Alberts, S. G. Behrens, R. D. Pethia, and W. R. Wilson, "OCTAVE Framework, Version 1.0," Carnegie Mellon. SEI. CMU/SEI-99-TR-017, September 1999 1999.
28. D. G. Firesmith, "Engineering Security Requirements," Journal of Object Technology, vol. 2, pp. 53-68, 2003.
29. L. Bass, F. Bachmann, R. J. Ellison, A. P. Moore, and M. Klein, "Security and Survivability Reasoning Frameworks and Architectural Design Tactics," SEI, Technical Note CMU/SEI-2004-TN-022, September 2004 2004.
30. M. R. Barbacci, R. Ellison, A. J. Lattanze, J. A. Stafford, C. B. Weinstock, and W. G. Wood, "Quality Attribute Workshops (QWAs). Third Edition.," Carnegie Mellon. Software Engineering Institute. CMU/SEI2003-TR-016, August 2003 2003.
31. "TOGAF (The Open Group Architecture Framework). Versión 8.1. "Enterprise Edition"," The Open Group 2003.
32. L. Liu, E. Yu, and J. Mylopoulus, "Security and Privacy Requirements Analysis within Social Setting," presented at 11th IEEE International Requirements Engineering Conference, Monterey Bay, CA, USA, 2003.
33. D. G. Firesmith, "Specifying Reusable Security Requirements," Journal of Object Technology, vol. 3, pp. 61-75, 2004.
34. K. M. Khan and J. Han, "A Process Framework for Characterising Security Properties of Component-Based Software Systems," presented at Australian Software Engineering Conference (ASWEC04), 2004.
35. G. Jonsdottir, L. Davis, and R. Gamble, "Designing Secure Integration Architectures," presented at ICCBSS 2003, 2003.
36. M. Aiello and P. Giorgini, "Applying the Tropos Methodology for Analysing Web Services Requirements and Reasoning about Qualities of Services," UPGRADE, vol. 5, pp. 20-26, 2004.
37. K. Leune and M. Papazaglou, "Specification and Querying of Security Constraints in the EFSOC Framework," presented at International Conference on Service Oriented Computing, New York City, USA, Willem-Jan van den Heuvel.