The week's pick
Reseach Article
Security Model to Incorporate Add-On Security for Business Services
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 22 - Number 2 |
| Year of Publication: 2011 |
| Authors: M.Thirumaran, P.Dhavachelvan, S.Abarna |
10.5120/2559-3513
|
M.Thirumaran, P.Dhavachelvan, S.Abarna . Security Model to Incorporate Add-On Security for Business Services. International Journal of Computer Applications. 22, 2 ( May 2011), 1-10. DOI=10.5120/2559-3513
Abstract
Nowadays, the services offered by the Service Providers are subjected to many risks in terms of privacy agreements and hence they are treated as untrustworthy. Security risk analysis is fundamental to the security of any business and it is considered to be very essential in ensuring that controls and expenditure are fully commensurate with the risks to which the business is exposed. Hence, the Customer requires a set of security services and the model driven security specifications in terms of security policies such as authentication, authorization, confidentiality, integrity and audit in order to overcome such situations. The Customer security requirements should match with the security specifications that are recommended or delivered by the Service Provider and these contracts can be done through Service Level Agreements. In our paper we propose an Add-on security model which provides interoperable security services for the business services according to the security requirements of the business. We also establish the model as schema driven security model which facilitate dynamic integration of security services with the associated business services and finally to provide security assessment and verification mechanism for the Add-on security services along with the business requirements. The security assessment and verification is done automatically using Add-on security service assessment model. This issue plays a main role in verifying where the security model matches with the business requirements and also whether the security agreements are well maintained by both consumer and the service provider. We convert source code to first order logic in reasoning engine to evaluate the policy rules that influence the subject, resource and environment to determine the Access point in the security services and also finally evaluating the QOS like cost, response time, execution time and uptime for business services along with Add-on security features.
References
- Christian Wolter, Michael Menzel, Andreas Schaad, Philip Miseldine and ChristophMeinel, “Model-driven business process security requirement specification”, (ELSEVIER) Journal of Systems Architecture 55, 2009.
- Alessandro Armando, Roberto Carbone, Luca Compagna, Keqin Li and Giancarlo Pellegrino, “Model-checking Driven Security Testing of Web-based Applications” Third International Conference on Software Testing, Verification, and Validation Workshops, (ICSTW )2010.
- Muhammad Qaiser Saleem1, Jafreezal Jaafar2, Mohd Fadzil Hassan3, “Model Driven Security Frameworks for Addressing Security Problems of Service Oriented Architecture, IEEE 2010.
- Thirumaran., Dhavachelvan.P, Asha.T and Lakshmi.P, ”Framework for managing Business logic of web services through Schema generation and Property evaluation ”, International Journal of Computer Applications,2010.
- Wei She, I-Ling Yen, and Bhavani Thuraisingham, “Enhancing Security Modeling for Web Services using Delegation and Pass-on”, IEEE International Conference on Web Services, 2008.
- Li Jiang, Hao Chen, Fei Deng, “A Security Evaluation Method Based on STRIDE Model for Web Service”, IEEE 2010.
- Michael Menzel, Robert Warschofsky and Christoph Meinel, “A Pattern-driven Generation of Security Policies for Service-oriented Architectures”, IEEE International Conference on Web Services, 2010.
- Juan P. Silva Gallino, Miguel A. de Miguel, Javier Fernández Briones, and Alejandro Alonso, ”Model-Driven Development of a Web Service-Oriented Architecture and Security Policies”, 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, 2010.
- L. Boaro, E. Glorio, F. Pagliarecci and L. Spalazzi, “Semantic Model Checking Security Requirements forWeb Services”, IEEE 2010.
- Qi Li, Xinwen Zhang, MingweiXu and Jianping Wu,“Towards secure dynamic collaborations with group-based RBAC model”, Computers & Security 28, 2009.
- Jian Cao,JinjunChen, HaiyanZhao and MingluLi, “A policy-based authorization model for workflow-enabled dynamic process management”, 32nd Journal of Network and Computer Applications, 2009.
- Ke Ma and Chang-xin Song, “Research on a Web Security Service System Structure Model”, International Conference on Advanced Computer Theory and Engineering, 2008.
- Meiko Jensen and Sven Feja, “A Security Modeling Approach forWeb-Service-based Business Processes”, 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, 2009.
Index Terms
Keywords