SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS

Carlos Gutiérrez; Eduardo Fernández-Medina; Mario Piattini

doi:10.5220/0002105004250430

SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS

Carlos Gutiérrez, Eduardo Fernández-Medina, Mario Piattini

2006

Abstract

Nowadays, best practices dictate that security requirements of distributed software-intensive systems should be based on security risk assessments. Web services-based systems supporting network alliances among organizations through Internet are such type of systems. In this article we present how we’ve adopted the risk analysis and management methodology of the Spanish Public Administration, which conforms to ISO 15408 Common Criteria Framework (CCF), to the Process for Web Services Security (PWSSec) developed by the authors. In addition, a real case study where this adaptation was applied is shown.

Download

Paper Citation

in Harvard Style

Gutiérrez C., Fernández-Medina E. and Piattini M. (2006). SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 425-430. DOI: 10.5220/0002105004250430

in Bibtex Style

@conference{secrypt06,
author={Carlos Gutiérrez and Eduardo Fernández-Medina and Mario Piattini},
title={SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={425-430},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002105004250430},
isbn={978-972-8865-63-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - SECURITY RISK ANALYSIS IN WEB SERVICES SYSTEMS
SN - 978-972-8865-63-4
AU - Gutiérrez C.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2006
SP - 425
EP - 430
DO - 10.5220/0002105004250430