CSAP - An Adaptable Security Module for the E-Government System Webocrat

In this paper we present a generic and adaptable security module called CSAP (Communication, Security, Authentication, and Privacy) which may be used in order to make e-government and e-commerce systems secure and trustworthy. CSAP is service-oriented and offers programming interfaces to core security services such as user identification, authentication, access control, auditing, and security management. We discuss the conceptual architecture, the layered design, and the object-oriented implementation of CSAP. The layered design of CSAP allows the application developer to exchange or enhance security mechanisms via a plug-in concept based on abstract classes and appropriate design patterns. As a consequence, CSAP becomes maintainable and adaptable.

[1]  Marian Mach,et al.  A System to Support e-Democracy , 2002 .

[2]  Kurt M. Gutzmann Access Control and Session Management in the HTTP Environment , 2001, IEEE Internet Comput..

[3]  L. Janczewski Internet and Intranet Security Management: Risks and Solutions , 1999 .

[4]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[5]  Costas Lambrinoudakis,et al.  Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy , 2003, Comput. Commun..

[6]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[7]  Walid G. Aref,et al.  Digital government security infrastructure design challenges , 2001 .

[8]  Gustaf Neumann,et al.  Managing Security in the World Wide Web: Architecture, Services and Techniques , 2000 .

[9]  Vipin Samar,et al.  Making login services independent from authentication technologies , 1995 .

[10]  Günther Pernul,et al.  The Webocracy Project: Overview and Security Aspects , 2001 .

[11]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[12]  Bart De Decker,et al.  A Security Architecture for Electronic Commerce Applications , 2000, SEC.

[13]  Ján Paralic,et al.  Implementation of e-government using knowledge-based system , 2001, 12th International Workshop on Database and Expert Systems Applications.

[14]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[15]  Luigi Giuri Role-based access control on the Web using Java , 1999, RBAC '99.

[16]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .