Location of Repository

A business-oriented framework for enhancing web services security for e-business

By Jason R. C. Nurse

Abstract

Security within the Web services technology field is a complex and very\ud topical issue. When considering using this technology suite to support interacting\ud e-businesses, literature has shown that the challenge of achieving security\ud becomes even more elusive. This is particularly true with regard to attaining a\ud level of security beyond just applying technologies, that is trusted, endorsed and\ud practiced by all parties involved. Attempting to address these problems, this research\ud proposes BOF4WSS, a Business-Oriented Framework for enhancing Web\ud Services Security in e-business. The novelty and importance of BOF4WSS is its\ud emphasis on a tool-supported development methodology, in which collaborating\ud e-businesses could achieve an enhanced and more comprehensive security and\ud trust solution for their services interactions.\ud This investigation began with an in-depth assessment of the literature in\ud Web services, e-business, and their security. The outstanding issues identified\ud paved the way for the creation of BOF4WSS. With appreciation of research limitations\ud and the added value of framework tool-support, emphasis was then shifted\ud to the provision of a novel solution model and tool to aid companies in the use and\ud application of BOF4WSS. This support was targeted at significantly easing the\ud difficulties incurred by businesses in transitioning between two crucial framework\ud phases.\ud To evaluate BOF4WSS and its supporting model and tool, a two-step\ud approach was adopted. First, the solution model and tool were tested for compatibility\ud with existing security approaches which they would need to work with\ud in real-world scenarios. Second, the framework and tool were evaluated using interviews\ud with industry-based security professionals who are experts in this field.\ud The results of both these evaluations indicated a noteworthy degree of evidence\ud to affirm the suitability and strength of the framework, model and tool. Additionally,\ud these results also act to cement this thesis' proposals as innovative and\ud significant contributions to the research field

Topics: QA76
OAI identifier: oai:wrap.warwick.ac.uk:34605

Suggested articles

Preview

Citations

  1. (2006). A model-based approach to trust, security and assurance. doi
  2. (1988). A spiral model of software development and enhancement. doi
  3. (2004). Aguilar-Sav en. Business process modelling: Review and framework.
  4. (2010). B2B PARTNERSHIPS SECURITY - How to Practice Safe B2B. http://www.cso.com.au/article/80707/how practise safe
  5. (2010). BPEL Open Source Engine -
  6. (2007). Challenges of testing web services and security in soa implementations. doi
  7. (2007). E-Business and E-Commerce Management: Strategy, Implementation and Practice. Financial Times
  8. (2007). Information security risk in the e-supply chain. doi
  9. (2005). Introduction to web services and their security. doi
  10. (2008). IT Governance: A Manager's Guide to Data Security and ISO 27001/ISO 27002. Kogan Page Limited, London, fourth edition, doi
  11. (2003). Managing Information Security Risks : The OCTAVE Approach. doi
  12. (2002). Multiple Criteria Decision Analysis: An Integrated Approach. doi
  13. (2005). Nedgty: Web services doi
  14. (2010). OCTAVE R information security risk evaluation. http://www.cert.org/octave/
  15. (1996). Prototyping: some new results. doi
  16. (2004). Qualitative research methods for the social sciences. doi
  17. (2006). RTUML for modeling real-time web services. doi
  18. (2007). Secure sessions for web services. doi
  19. (2003). Service engineering| methodical development of new service products. doi
  20. The waterfall that won't go away. doi
  21. (2005). Using aspects for security engineering of web service compositions. doi
  22. (2007). Using UML diagrams to model real-time web services. doi
  23. (2004). Web services and web services security. doi
  24. (2002). Web Services Essentials. O'Reilly,
  25. (2007). Web services federation language,
  26. (2004). Web Services: Concepts, Architectures and Applications. doi

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.