Advances in software inspections
IEEE Transactions on Software Engineering
Designing Secure Integration Architectures
ICCBSS '03 Proceedings of the Second International Conference on COTS-Based Software Systems
A Process Framework for Characterising Security Properties of Component-Based Software Systems
ASWEC '04 Proceedings of the 2004 Australian Software Engineering Conference
Sound development of secure service-based systems
Proceedings of the 2nd international conference on Service oriented computing
Specification and querying of security constraints in the EFSOC framework
Proceedings of the 2nd international conference on Service oriented computing
Eliciting security requirements with misuse cases
Requirements Engineering
Trustworthy Web Services: Actions for Now
IT Professional
Model-Driven Security Based on a Web Services Security Architecture
SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01
Web services enterprise security architecture: a case study
Proceedings of the 2005 workshop on Secure web services
PWSSec: Process for Web Services Security
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Developing web services security systems: a case study
International Journal of Web Engineering and Technology
Patterns: service-oriented architecture and web services
Patterns: service-oriented architecture and web services
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Secure Systems Development with UML
Secure Systems Development with UML
Web service engineering – advancing a new software engineering discipline
ICWE'05 Proceedings of the 5th international conference on Web Engineering
Hi-index | 0.00 |
Web services (WS, hereafter) paradigm has attained such a relevance in both the academic and the industry world that the vision of the Internet has evolved from being considered as a mere repository of data to become the underlying infrastructure on which organizations' strategic business operations are being deployed [1]. Security is a key aspect if WS are to be generally accepted and adopted. In fact, over the past years, the most important consortiums of the Internet, like IETF, W3C or OASIS, have produced a huge number of WS-based security standards. Despite this spectacular growth, a development process that facilitates the systematic integration of security into all subprocesses of WS-based software development life-cycle does not exist. Eventually, this process should guide WS-based software developers in the specification of WS-based security requirements, the design of WS-based security architectures, and the deployment of the most suitable WS security standards. In this article, we will briefly present a process of this type, named PWSSec (Process for Web Services Security), and the artifacts used during the elicitation activity, which belongs to the subprocess WSSecReq aimed at producing a WS-based security requirement specification.