论文信息 - Security Risk Analysis in Web Services Systems

Security Risk Analysis in Web Services Systems

Nowadays, best practices dictate that security requirements of distributed software-intensive systems should be based on security risk assessments. Web services-based systems supporting network alliances among organizations through Internet are such type of systems. In this article we present how we’ve adopted the risk analysis and management methodology of the Spanish Public Administration, which conforms to ISO 15408 Common Criteria Framework (CCF), to the Process for Web Services Security (PWSSec) developed by the authors. In addition, a real case study where this adaptation was applied is shown.

Mario Piattini | Eduardo Fernández-Medina | Carlos Gutiérrez

[1] Mario Piattini,et al. Web Services-Based Security Requirement Elicitation , 2007, IEICE Trans. Inf. Syst..

[2] Donald Firesmith,et al. Engineering Security Requirements , 2003, J. Object Technol..

[3] Ian F. Alexander,et al. Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[4] Donald Firesmith,et al. Security Use Cases , 2003, J. Object Technol..

[5] Gary McGraw,et al. Risk Analysis in Software Design , 2004, IEEE Secur. Priv..

[6] Joaquín Nicolás,et al. Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach , 2002, Requirements Engineering.

[7] Mario Piattini,et al. PWSSec: Process for Web Services Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[8] Ramesh Nagappan,et al. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[9] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[10] Andreas L. Opdahl,et al. Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[11] Mario Piattini,et al. Security Requirements for Web Services based on SIREN , 2005 .

[12] Mario Piattini,et al. Web services enterprise security architecture: a case study , 2005, SWS '05.