Risk management and security in service-based architectures

Pascal Bou Nassar, Youakim Badr, Kablan Barbar, Frédérique Biennier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

Original languageEnglish (US)
Title of host publication2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
PublisherIEEE Computer Society
Pages214-218
Number of pages5
ISBN (Print)9781424438341
DOIs
StatePublished - Jan 1 2009
Event2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 - Beirut, Lebanon
Duration: Jul 15 2009Jul 17 2009

Publication series

Name2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

Conference

Conference2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009
CountryLebanon
CityBeirut
Period7/15/097/17/09

Fingerprint

Risk management
Information systems
Industry
Security of data
Risk assessment

All Science Journal Classification (ASJC) codes

  • Energy Engineering and Power Technology
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Nassar, P. B., Badr, Y., Barbar, K., & Biennier, F. (2009). Risk management and security in service-based architectures. In 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009 (pp. 214-218). [5227927] (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009). IEEE Computer Society. https://doi.org/10.1109/ACTEA.2009.5227927
Nassar, Pascal Bou ; Badr, Youakim ; Barbar, Kablan ; Biennier, Frédérique. / Risk management and security in service-based architectures. 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society, 2009. pp. 214-218 (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009).
@inproceedings{f6cdf4b4c76f4a359b5b9b6c411d71b7,
title = "Risk management and security in service-based architectures",
abstract = "Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.",
author = "Nassar, {Pascal Bou} and Youakim Badr and Kablan Barbar and Fr{\'e}d{\'e}rique Biennier",
year = "2009",
month = "1",
day = "1",
doi = "10.1109/ACTEA.2009.5227927",
language = "English (US)",
isbn = "9781424438341",
series = "2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009",
publisher = "IEEE Computer Society",
pages = "214--218",
booktitle = "2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009",
address = "United States",

}

Nassar, PB, Badr, Y, Barbar, K & Biennier, F 2009, Risk management and security in service-based architectures. in 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009., 5227927, 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009, IEEE Computer Society, pp. 214-218, 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009, Beirut, Lebanon, 7/15/09. https://doi.org/10.1109/ACTEA.2009.5227927

Risk management and security in service-based architectures. / Nassar, Pascal Bou; Badr, Youakim; Barbar, Kablan; Biennier, Frédérique.

2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society, 2009. p. 214-218 5227927 (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Risk management and security in service-based architectures

AU - Nassar, Pascal Bou

AU - Badr, Youakim

AU - Barbar, Kablan

AU - Biennier, Frédérique

PY - 2009/1/1

Y1 - 2009/1/1

N2 - Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

AB - Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

UR - http://www.scopus.com/inward/record.url?scp=70350511805&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350511805&partnerID=8YFLogxK

U2 - 10.1109/ACTEA.2009.5227927

DO - 10.1109/ACTEA.2009.5227927

M3 - Conference contribution

AN - SCOPUS:70350511805

SN - 9781424438341

T3 - 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

SP - 214

EP - 218

BT - 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009

PB - IEEE Computer Society

ER -

Nassar PB, Badr Y, Barbar K, Biennier F. Risk management and security in service-based architectures. In 2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009. IEEE Computer Society. 2009. p. 214-218. 5227927. (2009 International Conference on Advances in Computational Tools for Engineering Applications, ACTEA 2009). https://doi.org/10.1109/ACTEA.2009.5227927