Title of article
The practical application of a process for eliciting and designing security in web service systems
Author/Authors
Gutiérrez، نويسنده , , Carlos and Rosado، نويسنده , , David G. and Fernلndez-Medina، نويسنده , , Eduardo، نويسنده ,
Issue Information
ماهنامه با شماره پیاپی سال 2009
Pages
27
From page
1712
To page
1738
Abstract
Best practices currently state that the security requirements and security architectures of distributed software-intensive systems should be based on security risk assessments, which have been designed from security patterns, are implemented in security standards and are tool-supported throughout their development life-cycle. Web service-based information systems uphold inter-enterprise relations through the Internet, and this technology has been revealed as the reference solution with which to implement Service-Oriented Architectures. In this paper, we present the application of the Process for Web Service Security (PWSSec), developed by the authors, to a real web service-based case study. The manner in which security in inter-organizational information systems can be analyzed, designed and implemented by applying PWSSec, which combines a risk analysis and management, along with a security architecture and a standard-based approach, is also shown. We additionally present a tool built to provide support to the PWSSec process.
Keywords
Application information security , Software process , Design Methodology , Web Services Security
Journal title
Information and Software Technology
Serial Year
2009
Journal title
Information and Software Technology
Record number
2374552
Link To Document