BOF4WSS: A Business-Oriented Framework for Enhancing Web Services Security for e-Business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become.

[1]  Sutap Chatterjee,et al.  The waterfall that won't go away , 2010, ACM SIGSOFT Softw. Eng. Notes.

[2]  M. Papazoglou Web Services: Principles and Technology , 2007 .

[3]  Karen A. Scarfone,et al.  Guide to Secure Web Services | NIST , 2007 .

[4]  Karen A. Scarfone,et al.  Guide to Secure Web Services , 2007 .

[5]  Karen A. Scarfone,et al.  SP 800-95. Guide to Secure Web Services , 2007 .

[6]  Valentín Valero,et al.  Using UML Diagrams to Model Real-Time Web Services , 2007, Second International Conference on Internet and Web Applications and Services (ICIW'07).

[7]  Andrew D. Gordon,et al.  Secure sessions for web services , 2007, SWS '04.

[8]  Chi-Chun Lo,et al.  A fuzzy outranking approach in risk analysis of web service security , 2007, Cluster Computing.

[9]  Paul Kearney,et al.  A model-based approach to trust, security and assurance , 2006 .

[10]  Mario Piattini,et al.  PWSSec: Process for Web Services Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[11]  Weider D. Yu,et al.  Software Vulnerability Analysis for Web Services Software Systems , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[12]  Minder Chen,et al.  An analysis of the driving forces for Web services adoption , 2005, Inf. Syst. E Bus. Manag..

[13]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[14]  Mike P. Papazoglou,et al.  EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services , 2005, Distributed and Parallel Databases.

[15]  Mira Mezini,et al.  Using aspects for security engineering of Web service compositions , 2005, IEEE International Conference on Web Services (ICWS'05).

[16]  James S. Tiller,et al.  The Ethical Hack: A Framework for Business Value Penetration Testing , 2004 .

[17]  Ruth Sara Aguilar-Savén,et al.  Business process modelling: Review and framework , 2004 .

[18]  Sandeep Chatterjee,et al.  Developing Enterprise Web Services: An Architect's Guide , 2003 .

[19]  T. Meiren,et al.  Service engineering—methodical development of new service products , 2003 .

[20]  Edward W. Davis,et al.  Extended enterprise, the: gaining competitive advantage through collaborative supply chains , 2003 .

[21]  Onur Demirörs,et al.  Utilizing business process models for requirements elicitation , 2003, 2003 Proceedings 29th Euromicro Conference.

[22]  Bret Hartman,et al.  Mastering Web Services Security , 2003 .

[23]  Christopher J. Alberts,et al.  Managing Information Security Risks: The OCTAVE Approach , 2002 .

[24]  Theodor J. Stewart,et al.  Multiple Criteria Decision Analysis , 2001 .

[25]  D. Chaffey E-Business and E-Commerce Management: Strategy, Implementation and Practice , 2001 .

[26]  Barry W. Boehm,et al.  A spiral model of software development and enhancement , 1986, Computer.

[27]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[28]  Christian Werner,et al.  Towards Service-Oriented Architectures , 2007 .

[29]  W. Baker,et al.  Information Security Risk in the E-Supply Chain , 2007 .

[30]  Elisa Bertino,et al.  Challenges of Testing Web Services and Security in SOA Implementations , 2007, Test and Analysis of Web Services.

[31]  R. Kohli,et al.  Communications of the Association for Information Systems , 2007 .

[32]  Jia Zhang,et al.  Trustworthy Web services: actions for now , 2005, IT Professional.

[33]  Konstantin Beznosov,et al.  Introduction to Web services and their security , 2005, Inf. Secur. Tech. Rep..

[34]  Konstantin Knorr,et al.  Security Analysis of Electronic Business Processes , 2004, Electron. Commer. Res..

[35]  Robert Boncella,et al.  Web Services and Web Services Security , 2004, AMCIS.

[36]  Ethan Cerami,et al.  Web Services Essentials , 2002 .

[37]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[38]  June M. Verner,et al.  Prototyping: some new results , 1996, Inf. Softw. Technol..

[39]  B. Berg Qualitative Research Methods for the Social Sciences , 1989 .

[40]  and as an in , 2022 .