Security risk analysis in web services systems

SECRYPT 2006 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2006, Pages 425-430

  Gutiérrez, Carlos ^a   Fernández Medina, Eduardo ^a   Piattini, Mario ^a  

^a UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Security engineering; Security risk analysis and management; Software security development process; Web services security

Indexed keywords

BEST PRACTICE; COMMON CRITERIA; DEVELOPMENT PROCESS; DISTRIBUTED SOFTWARE; ISO 15408; PUBLIC ADMINISTRATION; RISK ANALYSIS AND MANAGEMENT METHODOLOGY; SECURITY ENGINEERING; SECURITY REQUIREMENTS; SECURITY RISK ANALYSIS; SECURITY RISK ASSESSMENTS; WEB SERVICES SECURITY;

COMPUTER SOFTWARE; CRYPTOGRAPHY; RISK ASSESSMENT; RISK MANAGEMENT; SAFETY FACTOR; SECURITY OF DATA; SECURITY SYSTEMS; SOFTWARE DESIGN; WEB SERVICES;

RISK ANALYSIS;

EID: 68249154018     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. Alexander, I. (2003). "Misuse Cases: Use Cases with Hostile Intent." IEEE Computer Software 20(1): 58-66.
2. Butler, S. A. and P. Fischbeck (2005). Multi-Attribute Risk Assessment. SREIS'05 in conjuntction with RE'05, Paris, France.
3. Christopher Steel, R. N., Ray Lai (2005). Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management, Prentice Hall PTR / Sun Microsystems.
4. Crespo, F. L., M. Á. A. Gómez, et al. (2005). MAGERIT - Versión 2. Metodologías de Análisis y Gestión de Riesgos de los Sistemas de Información. III - Guía de Técnicas. Madrid, Ministerio de Administraciones Públicas: 154.
5. Endrei, M., J. Ang, et al. (2004). Patterns: Service-Oriented Architecture and Web Services: 345.
6. Firesmith, D. G. (2003). "Engineering Security Requirements." Journal of Object Technology 2(1): 53-68.
7. Firesmith, D. G. (2003). "Security Use Cases." Journal of Object Technology 2(3): 53-64.
8. Gutiérrez, C., E. Fernández-Medina, et al. (2005). PWSSec: Process for Web Services Security. IEEE International Conference on Web Services 2005, Orlando, Florida, USA.
9. Gutiérrez, C., E. Fernández-Medina, et al. (2005). Security Requirements for Web Services based on SIREN. Symposium on Requirements Engineering for Information Security, Paris, France.
10. Gutiérrez, C., E. Fernández-Medina, et al. (2005). Web Services Enterprise Security Architecture: a Case Study. ACM Workshop on Security on Web Services, Fairfax, Virginia, USA, ACM Press.
11. Gutiérrez, C., E. Fernández-Medina, et al. (2005). Web Services-based Security Requirement Elicitation. 1st International Workshop on Service-Oriented Computing: Consequences for Engineering Requirements (SOCCER'05) in conjunction with IEEE RE'05, Paris, France.
12. Moore, A. P., R. J. Ellison, et al. (2001). Attack Modelling for Information Security and Survivability. Survivable Systems, Software Engineering Institute.
13. OMG (2004). UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms.
14. Schneier, B. (1999). "Attack Trees: Modeling Security Threats." Dr. Dobb's Journal.
15. Sindre, G. and A. L. Opdahl (2005). "Eliciting Security Requirements with Misuse Cases." Requirements Engineering Journal 10(1): 34-44.
16. Toval, A., J. Nicolás, et al. (2001). "Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach." Requirements Engineering Journal 6(4): 205-219.
17. Verdon, D. and G. McGraw (2004). Risk Analysis in Software Design. IEEE Security & Privacy. 2: 79-84.
18. WS-I (2005). Security Challenges, Threats and Countermeasures Versión 1.0, WS-I. 2005.