Security-Aware Service Composition for End Users of Small Enterprises

Authors:
Khaled Khan;Qutaibah Malluhi
Affiliations:
Department of Computer Science and Engineering, Qatar University;Department of Computer Science and Engineering, Qatar University
Venue:
Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
Year:
2010

Citing 7
Cited 0

An Introduction to the Web Services Policy Language (WSPL)

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Security Conscious Web Service Composition

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Specifying Security Goals of Component Based Systems: An End-User Perspective

ICCBSS '08 Proceedings of the Seventh International Conference on Composition-Based Software Systems (ICCBSS 2008)
Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes

ICSC '08 Proceedings of the 2008 IEEE International Conference on Semantic Computing
Security Conscious Web Service Composition with Semantic Web Support

ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Quality of Security Service for Web Services within SOA

SERVICES '09 Proceedings of the 2009 Congress on Services - I

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper focuses on the service composition based on security properties of services from an end user perspective. End users are usually not expert in computer security, but expert users of computer software. They typically either own or work for small and medium enterprises (SMEs). The proposed framework attempts to demonstrate that end users of small enterprises can compose a service based application based on the security profiles of software services. The paper argues that the security concerns of various stakeholders of services should be specified differently. The paper envisions a framework with which end users could select services consistent with their preferred security features suitable for their businesses. With the same token, consumers of such applications can easily understand the security profile of services in order to make a B2B transaction. This will provide end users more power to force the service developer to offer better security-aware services. The main contribution of this paper is a framework on which further work could be initiated.