Abstract
The recent and upcoming computing environment is characterized by distribution, integration, collaboration and ubiquity. The existing security technology alone can not successfully provide necessary security services for this environment. Therefore, it is necessary that the provision of security services reflects the characteristics of such an environment. In this paper, we analyze security requirements for existing and upcoming applications and services. We then survey deployed security services and identify the required information security services to satisfy the result of the security requirement analysis. Hence we suggest UASI (Unified Application Security Infrastructure) as a new security paradigm. UASI is a framework, which describes how a single security infrastructure can provide all the necessary security services for the ubiquitous computing environment in a seamless manner.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Geiger: Net My Services and .Net Passport User Authentication Overview. Microsoft white paper (September 2001)
Hodges, J.: Liberty Architecture Overview. Liberty Alliance Project documentation (July 2002)
Jones, R.: EAM Ain’t EASY. Information Security Magazine (January 2002), SAML 1.0 Specification Set, OASIS (May 2002)
Harold, E.R., Means, W.S.: XML in a Nutshell, 2nd edn. O’Reilly Inc., Sebastopol
Pinkston, J.: The Ins and Outs of Integration. eAI Journal, 7 (August 2001)
Olsen, G.: An Overview of B2B Integration. eAI Journal (May 2000)
Fremantle, P., Ferguson, D.F., Kreger, H., Weerawarana, S.: Understanding the Web Services Vision. Web Services Journal 02(07)
Zhang, L., Ahn, G.J., Chu, B.T.: A Role-Based Delegation Framework for Healthcare Information systems. In: SACMAT 2002, pp. 125–134 (June 2002)
Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese Wall Security Model for Decentralized Workflow Systems. In: CCS 2001, pp. 47–58 (November 2001)
Powell, D.: Enterprise Security Management (ESM): Centralizing Management of Your Security Policy. SANS Institute (December 2000)
Heffner, R.: Enterprise Application Security Integration. IT Trends 2002 (December 2001)
Lewis, J.: The Emerging Infrastructure for Identity and Access Management. Open Group In3 Conference (January 2002)
Clauβ, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37, 205–219 (2001)
Varadharajan, V., Crall, C., Pato, J.: Authorization in enterprise wide distributed tems: design and application. In: Proceedings of the 14th IEEE Computer Security Application Conference, Scottsdale, Arizona, December 7-11, pp. 178–189 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, S., Cho, S., Choi, D., Ryou, JC. (2003). New Security Paradigm for Application Security Infrastructure. In: Kahng, HK. (eds) Information Networking. ICOIN 2003. Lecture Notes in Computer Science, vol 2662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45235-5_78
Download citation
DOI: https://doi.org/10.1007/978-3-540-45235-5_78
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40827-7
Online ISBN: 978-3-540-45235-5
eBook Packages: Springer Book Archive