Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A Domain Specific Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

Web service architecture for scholarly publication

The main objective of Higher Education Institutions (HEIs) in Malaysia is to become the world class university. An academic staff in a university will be assessed according to their performance metrics that consists of based on teaching performance, research performance and supervision performance. It is important for academic staff to publish as much as possible in scholarly publication activities. But, not all researchers are capable to produce scholarly publication within university target. Scholarly publication is a competitive and critical phase for researchers. The aim of this study is to assemble the incorporation of web service concept in term of architecture, development methodology and the reuse of web service itself in term of integrating them with the established information provider company. The use of Service Oriented Modelling and Architecture (SOMA) is viewed as a widely used architecture in industry that focusing on the reusing of services and provides flexibility to use legacy applications. An interview was organized to investigate the scenario and elicit the challenges in achieving the publication target of scholarly publication among academicians. The preliminary results show that identifying a suitable journal to be published on is a tiresome task. Besides, it is intricate to distinguish the journal’s quartile and its impact factor (IF). This scenario affect academician’s performance metrics target for particular year. The web service architecture was extracted from six prior literature reviews of web service based architectures and four services oriented modelling techniques. The proposed web service architecture was integrated with Elsevier Scopus APIs, Elsevier ScienceDirect APIs, SCImago XML web service and Web of Science OpenURL Resolver web service. The research proposed a solution in the form of a prototype, which would serves as web service architecture in monitoring scholarly publication performance. Validation of the usability of prototype is conducted using User Acceptance Testing (UAT) among academicians in Faculty of Computing, Universiti Teknologi Malaysia

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

A business-oriented framework for enhancing web services security for e-business

Security within the Web services technology field is a complex and very topical issue. When considering using this technology suite to support interacting e-businesses, literature has shown that the challenge of achieving security becomes even more elusive. This is particularly true with regard to attaining a level of security beyond just applying technologies, that is trusted, endorsed and practiced by all parties involved. Attempting to address these problems, this research proposes BOF4WSS, a Business-Oriented Framework for enhancing Web Services Security in e-business. The novelty and importance of BOF4WSS is its emphasis on a tool-supported development methodology, in which collaborating e-businesses could achieve an enhanced and more comprehensive security and trust solution for their services interactions. This investigation began with an in-depth assessment of the literature in Web services, e-business, and their security. The outstanding issues identified paved the way for the creation of BOF4WSS. With appreciation of research limitations and the added value of framework tool-support, emphasis was then shifted to the provision of a novel solution model and tool to aid companies in the use and application of BOF4WSS. This support was targeted at significantly easing the difficulties incurred by businesses in transitioning between two crucial framework phases. To evaluate BOF4WSS and its supporting model and tool, a two-step approach was adopted. First, the solution model and tool were tested for compatibility with existing security approaches which they would need to work with in real-world scenarios. Second, the framework and tool were evaluated using interviews with industry-based security professionals who are experts in this field. The results of both these evaluations indicated a noteworthy degree of evidence to affirm the suitability and strength of the framework, model and tool. Additionally, these results also act to cement this thesis' proposals as innovative and significant contributions to the research field

Network e-Volution

Modern society is a network society permeated by information technology (IT). As a result of innovations in IT, enormous amounts of information can be communicated to a larger number of recipients faster than ever before. The evolution of networks is heavily influenced by the extensive use of IT, which has enabled co-evolving advanced quantitative and qualitative forms of networking. Although several networks have been formed with the aim to reduce or deal with uncertainty through faster and broader access to information, it is in fact IT that has created new kinds of uncertainty. For instance, although digital information integration in supply chains has made production planning more robust, it has at the same time intensified mutual dependencies, thereby actually increasing the level of uncertainty. The aim of this working paper is to investigate the aspects of evolving networks and uncertainty in networks at the cutting edges of different types of networks and from the perspective of different layers defining these networks

Service-oriented design of environmental information systems

Service-orientation has an increasing impact upon the design process and the architecture of environmental information systems. This thesis specifies the SERVUS design methodology for geospatial applications based upon standards of the Open Geospatial Consortium. SERVUS guides the system architect to rephrase use case requirements as a network of semantically-annotated requested resources and to iteratively match them with offered resources that mirror the capabilities of existing services