Web Service-Based Business Process Development, Threat Modeling and Security Assessment Tool

Summary form only given. A business process is a collection of related structures and activities, undertaken by organizations in order to achieve certain business goals. The Web services-based business processes with a new set of protocols bring a new set of security challenges. As security has become an essential component for all software, several security solutions for XML and Web services have been proposed. In general, a security threat model is an organized representation of relevant threats, attacks, and vulnerabilities to a system. In this context, security threat modeling is an engineering technique which can be used to shape the Web service-based business processes with security requirements. The topic of security threat modeling in business process is becoming increasingly important to industry. This tutorial strives to reflect recent trends in research and developments of business processes integration and management with security concerns. In addition this tutorial will cover the fundamental concepts of security threat modeling from the perspectives of Web service-based business process. This tutorial will also address the common practices and related tools/procedures for addressing the security vulnerabilities, especially in XML attacks. A research prototype of security assessment will also be presented and demonstrated in the tutorial.