Web services enterprise aecurity architecture: A case study

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2005, Pages 10-19

  Gutierrez, Carlos ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a STL   (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Security; Software architecture; Software development process; Web services

Indexed keywords

CRITICAL TASKS; INTEGRATING SECURITY; SECURITY ARCHITECTURE; SECURITY FACTORS; SECURITY REQUIREMENTS; SECURITY SOFTWARE; SECURITY STANDARDS; SOFTWARE DEVELOPMENT PROCESS; THREE STAGES; WEB SERVICES SECURITY; WEB SERVICES SECURITY TECHNOLOGIES;

COMPUTER SOFTWARE; INTEGRATION; SOFTWARE ARCHITECTURE; SOFTWARE DESIGN;

WEB SERVICES;

EID: 77954341505     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1103022.1103025     Document Type: Conference Paper

References (33)

1. C. J. Alberts, S. G. Behrens, R. D. Pethia, and W. R. Wilson, "OCTAVE Framework, Version 1.0", Carnegie Mellon. SEI. CMU/SEI-99-TR-017, September 1999.
2. I. Alexander, "Misuse Cases: Use Cases with Hostile Intent", IEEE Computer Software, vol.20, pp. 58-66, 2003.
3. R. Bhatti, E. Bertino, A. Ghafoor, and J. B. D. Joshi, "XML-Based Specification for Web Services Document Security", IEEE Computer, vol.37, pp. 41-49, 2004.
4. R. Breu, K. Burger, M. Hafner, J. Jürjens, G. Popp, V. Lotz, and G. Wimmel, "Key Issues of a Formally Based Process Model for Security Engineering", Proc. 16th International Conference on Software and Systems Engineering and their Applications (ICSSEA'03), 2003.
5. E. Damiani, S. D. C. d. Vimercati, S. Paraboschi, and P. Samarati., "A fine-grained access control system for XML documents", ACM Transactions on Information and System Security (TISSEC), pp. 169-202, 2002.
6. M. Endrei, J. Ang, A. Arsanjani, S. Chua, P. Comte, P. Krogdahl, M. Luo, and T. Newling, "Patterns: Service-Oriented Architecture and Web Services", IBM Redbook, 1st ed, 2004, pp. 345.
7. E. B. Fernandez, "Two patterns for web services security", Proc. International Symposium on Web Services and Applications (ISWS'04), Las Vegas, NV, 2004.
8. D. G. Firesmith, "Security Use Cases", Journal of Object Technology, vol.2, pp. 53-64, 2003.
9. D. G. Firesmith, "Engineering Security Requirements", Journal of Object Technology, vol.2, pp. 53-68, 2003.
10. D. G. Firesmith, "Common Concepts Underlying Safety, Security, and Survivability Engineering", SEI, Technical Note CMU/SEI-2003-TN-033, December 2003.
11. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Web Services Security: is the problem solved?" Information Systems Security, vol.13, pp. 22-31, 2004. (Pubitemid 39101929)
12. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "PWSSec: Process for Web Services Security", Proc. IEEE International Conference on Web Services 2005, Orlando, Florida, USA, 2005.
13. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Towards a Process for Web Services Security", Proc. WOSIS'05 en ICEIS'05, Miami, Florida, USA, 2005.
14. IDC, 2005. See: http://www.idc.com/getdoc.jsp?containerId=prUS00190705].
15. S. Indrakanti, V. Varadharajan, and M. Hitchens, "Authorization Service for Web Services and its Implementation", Proc. ICWS'04, San Diego, California, USA, 2004.
16. H. Koshutanski and F. Massacci, "An Access Control Framework for Business Processes for Web Services", Proc. ACM Workshop on XML Security, 2003.
17. P. Kruchten, The Rational Unified Process: An Introduction, 2nd. ed: Addison-Wesley Pub Co., 2000.
18. A. v. Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-Models", Proc. 26th International Conference on Software Engineering, Edinburgh, 2004.
19. J. D. Moffet and B. A. Nuseibeh, "A Framework for Security Requirements Engineering", Department of Computer Science, University of York, UK, Report YCS 368, August 2003.
20. A. P. Moore, R. J. Ellison, and R. C. Linger, "Attack Modelling for Information Security and Survivability", Software Engineering Institute 2001.
21. C. Nott, Patterns: Using Business Service Choreography In Conjuction With An Enterprise Service Bus, 2004.
22. OASIS, "Web Services Security (WS-Security) - Specification 6 April 2004", 2004.
23. OASIS, "extensible Access Control Markup Language (XACML) Version 2.0", 2005.
24. OMG, "UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms", 2004.
25. B. Schneier, "Attack Trees: Modeling Security Threats", Dr. Dobb's Journal, 1999.
26. G. Sindre and A. L. Opdahl, "Eliciting Security Requirements with Misuse Cases", Proc. TOOLS-37'00, Sydney, Australia, 2000.
27. IEEE Computer Society, "Software Engineering Body of Knowledge", 2004.
28. M. Tatsubori, T. Imamura, and Y. Nakamura, "Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging", Proc. 4th International Conference on Web Services (ICWS'04), San Diego, California, USA, 2004.
29. A. Toval, J. Nicolás, B. Moros, and F. García, "Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach", Requirements Engineering Journal, vol.6, pp. 205-219, 2001.
30. D. Verdon and G. McGraw, "Risk Analysis in Software Design", in IEEE Security & Privacy, vol.2, 2004, pp. 79-84.
31. VeriSign, Microsoft, SonicSoftware, IBM, BEA, and SAP, "Web Services Policy Framework (WS-Policy)", 2004.
32. R. Wonohoesodo and Z. Tari, "A Role based Access Control for Web Services", Proc. ICWS'04, San Diego, California, USA, 2004.
33. WS-I, "Security Challenges, Threats and Countermeasures Versión 1.0", vol.2005: WS-I, 2005.