Service-oriented Assurance - Comprehensive Security by Explicit Assurances
نویسندگان
چکیده
Flexibility to adapt to changing business needs is a core requirement of today’s enterprises. This is addressed by decomposing business processes into services that can be provided by scalable service-oriented architectures. Serviceoriented architectures enable requesters to dynamically discover and use subservices. Today, service selection does not consider security. In this paper, we introduce the concept of Service-Oriented Assurance (SOAS), in which services articulate their offered security assurances as well as assess the security of their sub-services. Products and services with well-specified and verifiable assurances provide guarantees about their security properties. Consequently, SOAS enables discovery of sub-services with the “right” level of security. Applied to business installations, it enables enterprises to perform a well-founded security/price tradeoff for the services used in their business processes.
منابع مشابه
A Trustworthy Assurance-as-a-Service Architecture
Increasing complexity and inter-dependency of information systems (IS), and the lack of transparency regarding system components and policies, have rendered traditional security mechanisms (applied at different OSI levels) inadequate to provide convincing confidentiality-integrity-availability (CIA) assurances regarding any IS. We present an architecture for a generic, trustworthy assurance-as-...
متن کاملAssurance: the power behind PCASSO security
The need for security protection in Internet-based healthcare applications is generally acknowledged. Most healthcare applications that use the Internet have at least implemented some kind of encryption. Most applications also enforce user authentication and access control policies, and many audit user actions. However, most fall short on providing strong assurances that the security mechanisms...
متن کاملDoes Pain Result in Gain? Assessing Cloud Service Certifications' Effectiveness
Cloud service certifications (CSCs) gain increasing attention in practice as a measure against the prevailing uncertainties of cloud computing, but demand efforts for passing audit requirements. However, research findings on certifications’ effectiveness are inconclusive. This research-in-progress paper develops a research model to evaluate CSCs’ effects on two certification outcomes suggested ...
متن کاملDemand for Data Assurances in Electronic Commerce: An Experimental Examination of a Web-Based Data Exchange Using XML
The emergence of electronic commerce exchanges in the organizational supply chain has created a demand for increased accountability and control among transacting parties. The provision of assurance services has the potential to satisfy this demand, as a compensatory service for exchange partners who would otherwise not have the capability to exercise control over a specific exchange they are in...
متن کاملCloud Service Certifications: Measuring Consumers' Preferences For Assurances
Cloud computing by now has gained wide recognition in business and is becoming increasingly important for consumers. However, consumers experience uncertainties, such as security, privacy, and vendor lock-in. Certifications provide assurances and may mitigate uncertainties, making cloud service certifications a core focus of the European Union’s cloud strategy and various certification programs...
متن کامل