A Decision Support System for Selecting Secure Web Services

Web service is becoming an important area of business processing and research for enterprise systems. Various Web service providers currently offer diverse computing services ranging from entertainment, finance, and health care to real-time application. With the widespread proliferation of Web Services, not only delivering secure services has become a critical challenge for the service providers, but users face constant challenges in selecting the appropriate Web services for their enterprise application systems. Security has become an important issue for information systems (IS) managers for a secure integration of Web services with their enterprise systems. Security is one of the determining factors in selecting appropriate Web services. The need for run-time composition of enterprise systems with third-party Web services requires a careful selection process of Web services with security assurances consistent with the enterprise business goal. Selection of appropriate Web services with required security assurances is essentially a problem of choice among several alternative services available in the market. The IS managers have little control of the actual security behavior of the third-party Web services, however, they can control the selection of right services which could likely comply their security requirements. Selecting third-party Web services arbitrarily over the Internet is critical as well as risky. With increasing security challenges to the enterprise systems, there is a need for an automatic decision support system (DSS) for the selection of appropriate secure Web services. A DSS analyzes security profiles of candidate Web services and compares them with the security requirements of the enterprise system. The IS managers can make decisions from such systems more easily regarding which Web service is to be integrated with their applications. A DSS could make a comparative analysis of various security properties between a candidate Web service and the enclosing enterprise system including the consequences of different decision alternatives in selecting Web services. It could also project the likely additional security properties needed for the system if the candidate Web service lacked required properties. The complex nature of selecting secure Web services could not be easily managed without such a DSS support. With the rapidly evolving nature of security contexts in the field of enterprise systems, decision support systems for selecting secure Web services can play an increasingly important role. This article proposes an architecture of an easy-to-use security decision support system (SDSS) for selecting Web services with security assurances consistent with the enterprise business goal. The SDSS stores security profiles of candidate Web services, compares properties with the security requirements of the enterprise system, and generates alternatives with consequences. Supporting the choice making process involves the evaluation and comparison of alternative Web services in terms of their security properties. To minimize the risks of selecting the wrong Web services for the enterprise systems, the SDSS can provide managers with consistent and concise guidance for the development of security criteria. Our proposed SDSS has been developed to provide IS managers with information necessary to make informed decisions regarding the selection of Web services. The basic components of the SDSS include a knowledge base of various security properties and an inference mechanism which uses a set of rules. The architecture consists of three components: (i) Defining security criteria; (ii) Security profiling of Web services; and (iii) Generating alternatives.

[1]  Bhuvan Unhelkar,et al.  Extending Enterprise Application Integration (EAI) with Mobile and Web Services Technologies , 2009 .

[2]  Arlyn J. Melcher,et al.  Inventory productivity impacts of IT-enabled supply chain coordination in manufacturing environments , 2003 .

[3]  Linda K. Lau A Successful ERP Implementation Plan: Issues and Challenges , 2005 .

[4]  Gabriele Anderst-Kotsis,et al.  Semantics for Accurate Conflict Detection in SMoVer: Specification, Detection and Presentation by Example , 2010, Int. J. Enterp. Inf. Syst..

[5]  Daniela Wolff,et al.  Making the Business Process Execution Language (BPEL) Flexible , 2011 .

[7]  Maria Manuela Cruz-Cunha,et al.  Enterprise Information Systems Design, Implementation and Management: Organizational Applications , 2010 .

[8]  Namchul Shin Creating business value with information technology : challenges and solutions / [edited by] Namchul Shin. , 2003 .

[9]  Linda K. Lau Managing Business With Sap: Planning Implementation and Evaluation , 2004 .

[10]  Hamed Fazlollahtabar,et al.  A Knowledge-Based User Interface to Optimize Curriculum Utility in an E-Learning System , 2012, Int. J. Enterp. Inf. Syst..

[11]  Shuchih Ernest Chang,et al.  Monitoring Enterprise Applications and the future of Self-Healing Applications , 2008, Int. J. Enterp. Inf. Syst..

[12]  Eshaa M. Alkhalifa E-Strategies for Resource Management Systems: Planning and Implementation , 2010 .

[13]  Cosimo Spera,et al.  An Agent-Based Information Technology Architecture for Mass Customized Markets , 2007 .

[14]  Zachary B. Wheeler,et al.  A Fundamental SOA Approach to Rebuilding Enterprise Architecture for a Local Government after a Disaster , 2007 .

[15]  Madjid Tavana,et al.  Local Perturbation Analysis of Linear Programming with Functional Relation Among Parameters , 2011, Int. J. Oper. Res. Inf. Syst..

[16]  Mayumi Hori,et al.  Security Management Services Based on Authentication Roaming between Different Certificate Authorities , 2011 .

[17]  Thomas M. Schmidt,et al.  In Search of a Star Trek Affective State , 2012 .

[18]  Michael R. Middleton,et al.  Integrative Document and Content Management: Strategies for Exploiting Enterprise Knowledge , 2003 .

[19]  Guy Janssens,et al.  Sizing ERP Implementation Projects: An Activity-Based Approach , 2008, Int. J. Enterp. Inf. Syst..

[20]  Emmanuel Fragnière,et al.  Elements of Perception Regarding the Implementation of ERP Systems in Swiss SMEs , 2008, Int. J. Enterp. Inf. Syst..

[21]  Djamel Khadraoui,et al.  Advances in Enterprise Information Technology Security , 2007 .

[22]  Gerhard Friedrich,et al.  Mass Customization Information Systems in Business , 2007 .

[24]  S. Andriole The Business Conversation- Where We're Going , 2005 .

[25]  Patrick C. K. Hung,et al.  Services and Business Computing Solutions with XML - Applications for Quality Management and Best Processes , 2009 .