Security of Electronic Business Applications - Structure and Quantification

The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different systems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the locations, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze, design the application, and to compare it with other applications.

[1]  Dan Farmer,et al.  Improving the Security of Your Site by Breaking Into it , 2000 .

[2]  Vladimir Zwass,et al.  Electronic Commerce: Structures and Issues , 1996, Int. J. Electron. Commer..

[3]  T. Olovsson,et al.  On measurement of operational security , 1994, IEEE Aerospace and Electronic Systems Magazine.

[4]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[5]  Anup K. Ghosh Securing E-Commerce: A Systematic Approach , 1997 .

[6]  B. Bhargava,et al.  Measurements and quality of service issues in electronic commerce software , 1999, Proceedings 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology. ASSET'99 (Cat. No.PR00122).

[7]  Valerie N. McCarthy Web-Security: How Much Is Enough , 1997 .

[8]  Network and Host-based Vulnerability Assessment , 1998 .

[9]  T. C. Ting How Secure is Secure: Some Thoughts on Security Metrics , 1995, DBSec.

[10]  N. Adam,et al.  Electronic Commerce: Current Research Issues and Applications , 1996 .

[11]  Arndt Schönberg,et al.  Ein unscharfes Bewertungskonzept für die Bedrohungs- und Risikoanalyse Workflow-basierter Anwendungen , 1999 .

[12]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[13]  Detlef Schoder,et al.  Potentiale und Hürden des Electronic Commerce Eine Momentaufnahme , 1999, Informatik-Spektrum.

[14]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[15]  H. Weidner,et al.  Rapid Secure Development. Ein Verfahren zur Definition einesInternet-Sicherheitskonzeptes , 1999 .

[16]  Audun Jøsang,et al.  A Subjective Metric of Authentication , 1998, ESORICS.

[17]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[18]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.