A business-oriented framework for enhancing web services security for e-business

Doctoral thesis English OPEN
Nurse, Jason R. C.
  • Subject: QA76

Security within the Web services technology field is a complex and very\ud topical issue. When considering using this technology suite to support interacting\ud e-businesses, literature has shown that the challenge of achieving security\ud becomes even more elusive. This is particularly true with regard to attaining a\ud level of security beyond just applying technologies, that is trusted, endorsed and\ud practiced by all parties involved. Attempting to address these problems, this research\ud proposes BOF4WSS, a Business-Oriented Framework for enhancing Web\ud Services Security in e-business. The novelty and importance of BOF4WSS is its\ud emphasis on a tool-supported development methodology, in which collaborating\ud e-businesses could achieve an enhanced and more comprehensive security and\ud trust solution for their services interactions.\ud This investigation began with an in-depth assessment of the literature in\ud Web services, e-business, and their security. The outstanding issues identified\ud paved the way for the creation of BOF4WSS. With appreciation of research limitations\ud and the added value of framework tool-support, emphasis was then shifted\ud to the provision of a novel solution model and tool to aid companies in the use and\ud application of BOF4WSS. This support was targeted at significantly easing the\ud difficulties incurred by businesses in transitioning between two crucial framework\ud phases.\ud To evaluate BOF4WSS and its supporting model and tool, a two-step\ud approach was adopted. First, the solution model and tool were tested for compatibility\ud with existing security approaches which they would need to work with\ud in real-world scenarios. Second, the framework and tool were evaluated using interviews\ud with industry-based security professionals who are experts in this field.\ud The results of both these evaluations indicated a noteworthy degree of evidence\ud to affirm the suitability and strength of the framework, model and tool. Additionally,\ud these results also act to cement this thesis' proposals as innovative and\ud significant contributions to the research field.
  • References (97)
    97 references, page 1 of 10

    [63] H. Foster. WS-Engineer 2008: A service architecture, behaviour and deployment veri cation platform. In A. Bouguettaya, I. Krueger, and T. Margaria, editors, Service-Oriented Computing ICSOC 2008, volume 5364 of Lecture Notes in Computer Science, pages 728{729. Springer, Heidelberg, 2008. (Cited on page 64.)

    [64] Y.-P. Fu, K.-J. Farn, and C.-H. Yang. CORAS for the research of ISAC. In International Conference on Convergence and Hybrid Information Technology, pages 250{256, 2008. (Cited on page 207.)

    [65] D. Z. Garcia and M. B. Felgar de Toledo. A policy-based web service infrastructure for autonomic service integration. In First Latin American Autonomic Computing Symposium (LAACS), Campo Grande, MS, 2006. (Cited on page 72.)

    [66] D. Z. Garcia and M. B. Felgar de Toledo. A policy approach supporting web service-based business processes. In First Brazilian Workshop on Business Process Management (WBPM 2007), Gramado, RS, Brazil, 2007. (Cited on pages 66 and 113.)

    [67] M. Gerber and R. von Solms. From risk analysis to security requirements. Computers & Security, 20(7):577{584, 2001. (Cited on pages 143, 145 and 147.)

    [68] C. Geuer-Pollmann and J. Claessens. Web services and web service security standards. Information Security Technical Report, 10(1):15{24, 2005. (Cited on page 28.)

    [69] G. M. Giaglis. A taxonomy of business process modeling and information systems modeling techniques. International Journal of Flexible Manufacturing Systems, 13(2):209{228, 2001. (Cited on pages 55 and 56.)

    [70] Global Grid Forum. The Open Grid Services Architecture, Version 1.0, 2005. http://www.gridforum.org/documents/GWD-I-E/GFDI.030.pdf (Accessed 21 August 2010). (Cited on page 14.)

    [71] F. Goethals, J. Vandenbulcke, W. Lemahieu, and M. Snoeck. Di erent types of business-to-business integration: Extended enterprise integration vs. market B2B integration. In I. Lee, editor, E-Business Innovation and Process Management, pages 1{17. CyberTech Publishing, Hershey, PA, 2007. (Cited on pages 12, 17 and 234.)

    [72] B. A. Gran, R. Fredriksen, and A. P.-J. Thunem. An approach for modelbased risk assessment. In M. Heisel, P. Liggesmeyer, and S. Wittmann, editors, Computer Safety, Reliability, and Security (Proceedings of 23rd International Conference, SAFECOMP 2004, Potsdam, Germany, September 21-24, 2004), volume 3219 of Lecture Notes in Computer Science, pages 311{324. Springer Berlin, Heidelberg, 2004. (Cited on pages 152 and 199.)

  • Metrics
    0
    views in OpenAIRE
    0
    views in local repository
    112
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    Warwick Research Archives Portal Repository - IRUS-UK 0 112
Share - Bookmark