Web Service-Based Business Process Development, Threat Modeling and Security Assessment Tool

A business process is a collection of related structures and activities, undertaken by organizations in order to achieve certain business goals. The Web services-based business processes with a new set of protocols bring a new set of security challenges. As security has become an essential component...

Full description

Saved in:
Bibliographic Details
Published in:2008 IEEE Congress on Services Part II (services-2 2008) pp. 16 - 17
Main Authors: Jianxin Li, Sommestad, T., Hung, P.C.K., Xiang Li
Format: Conference Proceeding
Language:English
Published: IEEE 01-09-2008
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A business process is a collection of related structures and activities, undertaken by organizations in order to achieve certain business goals. The Web services-based business processes with a new set of protocols bring a new set of security challenges. As security has become an essential component for all software, several security solutions for XML and Web services have been proposed. In general, a security threat model is an organized representation of relevant threats, attacks, and vulnerabilities to a system. In this context, security threat modeling is an engineering technique which can be used to shape the Web service-based business processes with security requirements. The topic of security threat modeling in business process is becoming increasingly important to industry. This tutorial strives to reflect recent trends in research and developments of business processes integration and management with security concerns. In addition this tutorial will cover the fundamental concepts of security threat modeling from the perspectives of Web service-based business process. This tutorial will also address the common practices and related tools/procedures for addressing the security vulnerabilities, especially in XML attacks. A research prototype of security assessment will also be presented and demonstrated in the tutorial.
DOI:10.1109/SERVICES-2.2008.56