Abstract
This paper presents a systematic approach for the automated assessment of security and business risks of web-based systems at the early design stage. The approach combines risk concepts in reliability engineering with heuristics using characteristics of software and hardware deployment design to estimate security and business risks of the system to be developed. It provides a mechanism that can help locate high-risk software components. We discuss limitations of the approach and give an illustration in an industrial engineering and business-to-business domain using a case study of a web-based material requirements planning system for a manufacturing enterprise.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bugtraq (October 2006), www.securityfocus.com/archive/1
Nessus Vulnerability Scanner (October 2006), www.nessus.org
Barna, P., Frasincar, F., Houben, G.-J.: A workflow-driven design of web information systems. In: ICWE 2006: Proceedings of the 6th international conference on Web engineering, pp. 321–328. ACM, New York (2006)
Bleistein, S.J., Cox, K., Verner, J.: Requirements engineering for e-business systems: Integrating jackson problem diagrams with goal modeling and bpm. In: 11th Asia Pacific Software Engineering Conference, Busan, Korea (2004)
Cortellessa, V., Appukkutty, K., Guedem, A.R., Elnaggar, R.: Model-based performance risk analysis. IEEE Trans. Softw. Eng. 31(1), 3–20 (2005); Senior Member-Katerina Goseva-Popstojanova and Student Member-Ahmed Hassan and Student Member-Walid Abdelmoez and Member-Hany H. Ammar
Csertan, G., Pataricza, A., Harang, P., Doban, O., Biros, G., Dancsecz, A., Friedler, F.: BPM based robust E-Business application development (2002)
Ginige, A., Murugesan, S.: Web engineering: An introduction. Multimedia 8, 14–18 (2001)
Haimes, Y.Y.: Risk Modeling, Assessment, and Management. Wiley-IEEE (2004)
ISO. Risk Management - Vocabulary - Guidelines for Use in Standards. ISO Copyright Office, Geneva (2002)
Landoll, D.J.: The Security Risk Assessment Handbook: A Complete Guide for Performing. CRC Press, Boca Raton (2006)
Pearl, J.: Graphical models for probabilistic and causal reasoning. In: Handbook of Defeasible Reasoning and Uncertainty Management Systems, vol. 1, pp. 367–389 (1998)
Qiang, L., Khong, T.C., San, W.Y., Jianguo, W., Choy, C.: A web-based material requirements planning integrated application. In: EDOC 2001: Proceedings of the 5th IEEE International Conference on Enterprise Distributed Object Computing, Washington, DC, USA, p. 14. IEEE Computer Society Press, Los Alamitos (2001)
Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Wohed, P.: On the suitability of uml 2.0 activity diagrams for business process modelling, pp. 95–104. Australian Computer Society, Inc., Hobart (2006)
Shahrokhi, M., Bernard, A.: Risk assessment/prevention in industrial design processes. In: 2004 IEEE International Conference on Systems, Man and Cybernetics, vol. 3, pp. 2592–2598 (2004)
Singh, I., Stearns, B., Johnson, M.: Designing enterprise applications with the J2EE platform, p. 417. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (2002)
Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publication, pp. 800–830 (2002)
van der Walt, C.: Assessing Internet Security Risk, Part 4: Custom Web Applications, securityfocus.com (October 2002)
Verdon, D., McGraw, G.: Risk analysis in software design. Security & Privacy Magazine 2, 79–84 (2004)
Yacoub, S.M., Cukic, B., Ammar, H.H.: Scenario-based reliability analysis of component-based software. In: ISSRE 1999: Proceedings of the 10th International Symposium on Software Reliability Engineering, Washington, DC, USA, p. 22. IEEE Computer Society Press, Los Alamitos (1999)
Zhang, Y., Zhu, H., Greenwood, S., Huo, Q.: Quality modelling for web-based information systems. In: FTDCS 2001: Proceedings of the 8th IEEE Workshop on Future Trends of Distributed Computing Systems, Washington, DC, USA, p. 41. IEEE Computer Society, Los Alamitos (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hewett, R. (2008). Security and Business Risks from Early Design of Web-Based Systems. In: Filipe, J., Cordeiro, J. (eds) Web Information Systems and Technologies. WEBIST 2007. Lecture Notes in Business Information Processing, vol 8. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68262-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-68262-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68257-8
Online ISBN: 978-3-540-68262-2
eBook Packages: Computer ScienceComputer Science (R0)