Risk management and security in service-based architectures

Pascal Bou Nassar, Youakim Badr, Kablan Barbar, Frédérique Biennier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

Original languageEnglish (US)
Title of host publication2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
PublisherIEEE Computer Society
Pages214-218
Number of pages5
ISBN (Print)9781424438341
DOIs
StatePublished - Jan 1 2009
Event2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 - Beirut, Lebanon
Duration: Jul 15 2009Jul 17 2009

Publication series

Name2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

Conference

Conference2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
CountryLebanon
CityBeirut
Period7/15/097/17/09

All Science Journal Classification (ASJC) codes

  • Energy Engineering and Power Technology
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Risk management and security in service-based architectures'. Together they form a unique fingerprint.

Cite this