Risk management and security in service-based architectures

Pascal Bou Nassar; Youakim Badr; Kablan Barbar; Frédérique Biennier

doi:10.1109/ACTEA.2009.5227927

Risk management and security in service-based architectures

Pascal Bou Nassar, Youakim Badr, Kablan Barbar, Frédérique Biennier

Engineering Division (Great Valley)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Scopus citations

Abstract

Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

Original language	English (US)
Title of host publication	2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
Publisher	IEEE Computer Society
Pages	214-218
Number of pages	5
ISBN (Print)	9781424438341
DOIs	https://doi.org/10.1109/ACTEA.2009.5227927
State	Published - 2009
Event	2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 - Beirut, Lebanon Duration: Jul 15 2009 → Jul 17 2009

Publication series

Name	2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

Conference

Conference	2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
Country/Territory	Lebanon
City	Beirut
Period	7/15/09 → 7/17/09

All Science Journal Classification (ASJC) codes

Energy Engineering and Power Technology
Control and Systems Engineering
Electrical and Electronic Engineering

Access to Document

10.1109/ACTEA.2009.5227927

Cite this

Nassar, P. B., Badr, Y., Barbar, K., & Biennier, F. (2009). Risk management and security in service-based architectures. In 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 (pp. 214-218). Article 5227927 (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009). IEEE Computer Society. https://doi.org/10.1109/ACTEA.2009.5227927

Nassar, Pascal Bou ; Badr, Youakim ; Barbar, Kablan et al. / Risk management and security in service-based architectures. 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society, 2009. pp. 214-218 (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009).

@inproceedings{f6cdf4b4c76f4a359b5b9b6c411d71b7,

title = "Risk management and security in service-based architectures",

abstract = "Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.",

author = "Nassar, {Pascal Bou} and Youakim Badr and Kablan Barbar and Fr{\'e}d{\'e}rique Biennier",

year = "2009",

doi = "10.1109/ACTEA.2009.5227927",

language = "English (US)",

isbn = "9781424438341",

series = "2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009",

publisher = "IEEE Computer Society",

pages = "214--218",

booktitle = "2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009",

address = "United States",

note = "2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 ; Conference date: 15-07-2009 Through 17-07-2009",

}

Nassar, PB, Badr, Y, Barbar, K & Biennier, F 2009, Risk management and security in service-based architectures. in 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009., 5227927, 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009, IEEE Computer Society, pp. 214-218, 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009, Beirut, Lebanon, 7/15/09. https://doi.org/10.1109/ACTEA.2009.5227927

Risk management and security in service-based architectures. / Nassar, Pascal Bou; Badr, Youakim; Barbar, Kablan et al.
2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society, 2009. p. 214-218 5227927 (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Risk management and security in service-based architectures

AU - Nassar, Pascal Bou

AU - Badr, Youakim

AU - Barbar, Kablan

AU - Biennier, Frédérique

PY - 2009

Y1 - 2009

N2 - Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

AB - Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

UR - http://www.scopus.com/inward/record.url?scp=70350511805&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350511805&partnerID=8YFLogxK

U2 - 10.1109/ACTEA.2009.5227927

DO - 10.1109/ACTEA.2009.5227927

M3 - Conference contribution

AN - SCOPUS:70350511805

SN - 9781424438341

T3 - 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

SP - 214

EP - 218

BT - 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

PB - IEEE Computer Society

T2 - 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

Y2 - 15 July 2009 through 17 July 2009

ER -

Nassar PB, Badr Y, Barbar K, Biennier F. Risk management and security in service-based architectures. In 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society. 2009. p. 214-218. 5227927. (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009). doi: 10.1109/ACTEA.2009.5227927

Risk management and security in service-based architectures

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this