论文信息 - Security Requirements for Web Services based on SIREN

Security Requirements for Web Services based on SIREN

Security in web services-based systems is a critical aspect since their operative infrastructure is based on Internet, which is a public medium and so intrinsically insecure. At present, there is an outstanding movement in industry towards the standardization of the security mechanisms to be used in web services-based systems. Given that the number of these security standards and mechanisms is high, the problem is that it is quite complex to know which mechanisms are the most suitable and therefore which standards should be used in practice. This task would be greatly simplified if developers would have a catalogue of security templates for web services that they could reuse. These templates could encompass the set of all possible security factors to be considered when designing systems based on this paradigm. Once the security requirements have been determined the step for identifying the mechanisms and standards to be used would be much more simple and straightforward. This paper presents a catalogue of security requirements template for web services based on the requirements engineering method called SIREN that try to fill the gap in the development life cycle of the web servicesbased systems.

[1] Jeff Tian. Quality-evaluation models and measurements , 2004, IEEE Software.

[2] Fabio Massacci,et al. An access control framework for business processes for web services , 2003, XMLSEC '03.

[3] Bruce Schneier,et al. Attack Trends: 2004 and 2005 , 2005, ACM Queue.

[4] Joaquín Nicolás,et al. Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach , 2002, Requirements Engineering.

[5] Elisa Bertino,et al. Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[6] Mario Piattini,et al. Legal requirements reuse: a critical success factor for requirements quality and personal data protection , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[7] Mario Piattini,et al. PWSSec: Process for Web Services Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[8] Paul Ashley,et al. E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[9] Mario Piattini,et al. Web Services Security: Is the Problem Solved? , 2004, Inf. Secur. J. A Glob. Perspect..

[10] Marc Langheinrich,et al. The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[11] Donald Firesmith,et al. Specifying Reusable Security Requirements , 2004, J. Object Technol..