The Library

An evaluation of BOF4WSS and the security negotiations model and tool used to support it

Tools

Nurse, Jason R. C. and Sinclair, Jane. (2010) An evaluation of BOF4WSS and the security negotiations model and tool used to support it. International Journal on Advances in Security, Volume 3 (Number 3-4). pp. 184-201. ISSN 1942-2636

Preview

PDF
WRAP_Sincalir_security2010_nurse_sinclair.pdf - Published Version - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (421Kb) | Preview

Official URL: http://www.iariajournals.org/security/tocv3n34.htm...

Abstract

As online collaboration between businesses increases, securing these interactions becomes of utmost importance. Not only must entities protect themselves and their electronic collaborations, but they must also ensure compliance to a plethora of security-related laws and industry standards. Our research has focused in detail on the cross-enterprise security problems faced by collaborating businesses. Apart from our most recent work which investigates a novel model and tool to support e-businesses’ security negotiations, we previously defined a comprehensive development methodology to aid companies in creating secure and trusted interactions. This paper aims to advance those proposals by presenting and discussing a key stage of their evaluation. This stage uses interviews with industry-based security professionals from the field, to gather critical, objective feedback on the use and suitability of the proposals in fulfilling their aims.

Item Type:

Journal Article

Subjects:

Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software

Divisions:

Faculty of Science > Computer Science

Library of Congress Subject Headings (LCSH):

Business enterprises -- Computer networks -- Security measures, Electronic commerce -- Security measures

Journal or Publication Title:

International Journal on Advances in Security

Publisher:

IARIA

ISSN:

1942-2636

Official Date:

2010

Dates:

Date	Date Type
2010	Published

Volume:

Volume 3

Number:

Number 3-4

Page Range:

pp. 184-201

Status:

Peer Reviewed

Publication Status:

Published

Access rights to Published version:

Restricted or Subscription Access

References:

[1] J. R. Nurse and J. E. Sinclair, “A Solution Model and Tool
for Supporting the Negotiation of Security Decisions in E-
Business Collaborations,” in 5th International Conference on
Internet and Web Applications and Services (ICIW). IEEE
Computer Society, 2010, pp. 13–18.
[2] ——, “BOF4WSS: A Business-Oriented Framework for Enhancing
Web Services Security for e-Business,” in 4th International
Conference on Internet and Web Applications and
Services (ICIW). IEEE Computer Society, 2009, pp. 286–
291.
[3] ——, “Securing e-Businesses that use Web Services — A
Guided Tour Through BOF4WSS,” International Journal On
Advances in Internet Technology, vol. 2, no. 4, pp. 253–276,
2009.
[4] ——, “Evaluating the Compatibility of a Tool to Support
E-Businesses’ Security Negotiations,” in The International
Conference of Information Security and Internet Engineering
(ICISIE), under World Congress on Engineering (WCE) 2010,
vol. 1. Newswood Limited, International Association of
Engineers, 2010, pp. 438–443.
[5] B. Hartman, D. J. Flinn, K. Beznosov, and S. Kawamoto,
Mastering Web Services Security. Indianapolis: Wiley, 2003.
[6] O. Demir¨ ors, C¸ . Gencel, and A. Tarhan, “Utilizing business
process models for requirements elicitation,” in The 29th
Conference on EUROMICRO. IEEE, 2003, pp. 409–412.
[7] J. S. Tiller, The Ethical Hack: A Framework for Business
Value Penetration Testing. Boca Raton, FL: Auerbach Publ.,
2005.
[8] M. P. Papazoglou, Web Services: Principles and Technology.
Harlow, Essex: Prentice Hall, 2007.
[9] C. Guti´ errez, E. Fern´ andez-Medina, and M. Piattini,
“PWSSec: Process for web services security,” in The IEEE International
Conference on Web Services (ICWS’06), Chicago,
IL, September 2006, pp. 213–222.
[10] W. D. Yu, D. Aravind, and P. Supthaweesuk, “Software
vulnerability analysis for web services software systems,” in
IEEE Symposium on Computers and Communications. IEEE
Computer Society, 2006, pp. 740–748.
[11] S. Dynes, L. M. Kolbe, and R. Schierholz, “Information
security in the extended enterprise: A research agenda,” in
AMCIS 2007 Proceedings, 2007.
[12] J. R. Nurse and J. E. Sinclair, “Supporting the Comparison
of Business-Level Security Requirements within Cross-
Enterprise Service Development,” in Business Information
Systems, ser. Lecture Notes in Business Information Processing,
W. Abramowicz, Ed. Heidelberg: Springer, 2009,
vol. 21, pp. 61–72.
[13] S. S. Yau and Z. Chen, “A framework for specifying and
managing security requirements in collaborative systems,” in
Autonomic and Trusted Computing, ser. Lecture Notes in
Computer Science, L. T. Yang, H. Jin, J. Ma, and T. Ungerer,
Eds. Heidelberg: Springer, 2006, vol. 4158, pp. 500–510.
[14] J. Roy, M. Barik, and C. Mazumdar, “ESRML: a markup
language for enterprise security requirement specification,”
in IEEE INDICON, Kharagpur, 2004, pp. 509–512.
[15] M. D. Myers, Qualitative research in business and management.
London: SAGE, 2009.
[16] B. L. Berg, Qualitative research methods for the social
sciences, 5th ed. London: Pearson International Education,
2004.
[17] C. Teddlie and F. Yu, “Mixed methods sampling: A typology
with examples,” Journal of Mixed Methods Research, vol. 1,
no. 1, pp. 77–100, 2007.
[18] M. Todd, E. Zibert, and T. Midwinter, “Security risk management
in the BT HP alliance,” BT Technology Journal, vol. 24,
no. 4, pp. 47–52, 2006.
[19] W. H. Baker, G. E. Smith, and K. J. Watson, “Information
security risk in the e-supply chain,” in E-Supply Chain
Technologies and Management, Q. Zhang, Ed. Hershey, PA:
Idea Group Inc., 2007, pp. 142–161.
[20] A. Baldwin, Y. Beres, S. Shiu, and P. Kearney, “A modelbased
approach to trust, security and assurance,” BT Technology
Journal, vol. 24, no. 4, pp. 53–68, 2006.
[21] F. Goethals, J. Vandenbulcke, W. Lemahieu, and M. Snoeck,
“Different types of business-to-business integration: Extended
enterprise integration vs. market B2B integration,” in E-
Business Innovation and Process Management, I. Lee, Ed.
Hershey, PA: CyberTech Publishing, 2007, pp. 1–17.
[22] A. Singhal, T. Winograd, and K. Scarfone, “Guide to secure
web services (NIST Special Publication 800-95),” National
Institute of Standards and Technology (NIST), Tech. Rep.,
2007.
[23] F. Satoh, Y. Nakamura, N. K. Mukhi, M. Tatsubori, and
K. Ono, “Methodology and tools for end-to-end SOA security
configurations,” in IEEE Congress on Services - Part I. IEEE
Computer Society, 2008, pp. 307–314.
[24] M. Tatsubori, T. Imamura, and Y. Nakamura, “Best-practice
patterns and tool support for configuring secure web services
messaging,” in IEEE International Conference on Web Services.
Athens, Greece: IEEE Computer Society, 2004, pp.
244–251.
[25] C. Van Slyke and F. B´ elanger, E-Business Technologies:
Supporting the Net-Enhanced Organization. New York:
Wiley, 2003.
[26] PricewaterhouseCoopers LLP and Infosecurity
Europe, “Information Security Breaches
Survey 2010: Executive Summary,” 2010,
http://www.pwc.co.uk/pdf/isbs survey 2010 executive
summary.pdf (Accessed 7 May 2010).
[27] E. W. Davis and R. E. Spekman, The Extended Enterprise:
Gaining Competitive Advantage through Collaborative Supply
Chains. Upper Saddle River, NJ: FT Prentice Hall, 2004.
[28] B. S. Sahay, “Understanding trust in supply chain relationships,”
Industrial Management & Data Systems, vol. 103,
no. 8, pp. 553–563, 2003.