Sicherheit von E-Business-Anwendungen — Struktur und Quantifizierung

The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different sys tems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the loca tions, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze and design the application, and to compare it with other applications.

[1]  Konstantin Knorr,et al.  Security of Electronic Business Applications - Structure and Quantification , 2000, EC-Web.

[2]  T. C. Ting How Secure is Secure: Some Thoughts on Security Metrics , 1995, DBSec.

[3]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[4]  Detlef Schoder,et al.  Potentiale und Hürden des Electronic Commerce Eine Momentaufnahme , 1999, Informatik-Spektrum.

[5]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[6]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[7]  Dan Farmer,et al.  Improving the Security of Your Site by Breaking Into it , 2000 .

[8]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[9]  Vladimir Zwass,et al.  Electronic Commerce: Structures and Issues , 1996, Int. J. Electron. Commer..

[10]  N. Adam,et al.  Electronic Commerce: Current Research Issues and Applications , 1996 .

[11]  Anup K. Ghosh Securing E-Commerce: A Systematic Approach , 1997 .

[12]  Audun Jøsang,et al.  A Subjective Metric of Authentication , 1998, ESORICS.

[13]  Hansrudi Noser,et al.  Dynamic 3D visualization of database-defined tree structures on the WWW by using rewriting systems , 2000, Proceedings Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2000.

[14]  Littlewood,et al.  [IEEE COMPASS\'94 - 1994 IEEE 9th Annual Conference on Computer Assurance - Gaithersburg, MD, USA (27 June-1 July 1994)] Proceedings of COMPASS\'94 - 1994 IEEE 9th Annual Conference on Computer Assurance - On measurement of operational security [software reliability] , 1994 .

[15]  Birgit Pfitzmann,et al.  SEMPER - Secure Electronic Marketplace for Europe , 2000, Lecture Notes in Computer Science.

[16]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[17]  T. Olovsson,et al.  On measurement of operational security , 1994, IEEE Aerospace and Electronic Systems Magazine.

[18]  Sarah Brocklehurst,et al.  New Ways to Get Accurate Reliability Measures , 1992, IEEE Softw..

[19]  Arndt Schönberg,et al.  Ein unscharfes Bewertungskonzept für die Bedrohungs- und Risikoanalyse Workflow-basierter Anwendungen , 1999 .