• Title of article

    The practical application of a process for eliciting and designing security in web service systems

  • Author/Authors

    Gutiérrez، نويسنده , , Carlos and Rosado، نويسنده , , David G. and Fernلndez-Medina، نويسنده , , Eduardo، نويسنده ,

  • Issue Information
    ماهنامه با شماره پیاپی سال 2009
  • Pages
    27
  • From page
    1712
  • To page
    1738
  • Abstract
    Best practices currently state that the security requirements and security architectures of distributed software-intensive systems should be based on security risk assessments, which have been designed from security patterns, are implemented in security standards and are tool-supported throughout their development life-cycle. Web service-based information systems uphold inter-enterprise relations through the Internet, and this technology has been revealed as the reference solution with which to implement Service-Oriented Architectures. In this paper, we present the application of the Process for Web Service Security (PWSSec), developed by the authors, to a real web service-based case study. The manner in which security in inter-organizational information systems can be analyzed, designed and implemented by applying PWSSec, which combines a risk analysis and management, along with a security architecture and a standard-based approach, is also shown. We additionally present a tool built to provide support to the PWSSec process.
  • Keywords
    Application information security , Software process , Design Methodology , Web Services Security
  • Journal title
    Information and Software Technology
  • Serial Year
    2009
  • Journal title
    Information and Software Technology
  • Record number

    2374552