Abstract
The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different systems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the locations, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze, design the application, and to compare it with other applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jo Bager, Holger Bleich, Patrick Brauch, and Axel Kossel. Natürliche Abwehrkräfte: Windows-und Internet-Software richtig konfigurieren, c’t, Feb. 2000, pp. 214–223.
A. Bhargava and B. Bhargava. Measurement and quality of services in electronic commerce software. In Proc. of the IEEE Symposium on Application-Specific Systems and Software Engineering and Technology, 1999.
S. Brocklehurst, B. Littlewod, T. Olovsson, and E. Jonsson. On measurement of operational security. In Proc. of the 9th Annual Conference on Computer Assurance, COMPASS’94, 1994.
British Standards Institute. BS7799: Code of Practice for Information Security Management (CoP), 1995.
Bundesamt für die Sicherheit in der Informationstechnik (BSI), Bonn. IT-Grundschutzhandbuch: Maßnahmenempfehlungen für den mittleren Schutzbedarf, 3 edition, Juli 1997.
Common Criteria for Information Technology and Security Evaluation: Part 1: Introduction and general model. International Standard ISO/IEC 15408, May 1998.
William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security — Repelling the Wily Hacker. Professional Computing Series. Addison Wesley, 1994.
Cheskin Research and Studio Archetype/Sapient. eCommerce Trust Study, January 1999.
D. Damm, Ph. Kirsch, Th. Schlienger, S. Teufel, H. Weider, and U. Zurfluh. Rapid Secure Development: Ein Verfahren zur Definition eines Internet-Sicherheitskonzeptes. Tech. Report, Inst, für Informatik, Uni. Zürich, 02/1999.
Lutz Donnerhacke and Steffen Peter. Vorsicht Falle! ActiveX als Füllhorn für Langfinger. iX, März1997.
Dan Farmer and Wietse Venema. Improving the Security of Your Site by Breaking Into it. http://wzv.tue.nl/satan/admin-guide-to-cracking.html, 1993.
Thomas Gaugier. Interorganisatorische Informationssysteme (IOS): Ein Gestaltungsrahmen für das Informationsmanagment. PhD thesis, Institut für Informatik, Universität Zürich, 1999.
A.K. Ghosh. Securing E-Commerce: A Systematic Approach. Journal of Internet Banking and Commerce, 1997.
Internet Security Systems. Network and Host-based Vulnerability Assessment, 1999. http://www.iss.net.
Andrun Jøsang. A subjective metric of authentication. In Proc. of the 5th European Symposium on Reserach in Computer Security, LNCS 1485, pages 329–344, Belgium, Sep. 1998.
D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2109, February 1997.
John Markoff. Security Flaw Discovered at Online Bank. The New York Times, January 2000.
Ueli Maurer. Modelling a public-key infrastructure. In Proc. of the 5th European Symposium on Reserach in Computer Security, pages 325–350, Italy, Sep. 1996.
V. Mc Carthy. Web-Security: How Much Is Enough? Datamation, January 1997.
Günter Müller and Detlef Schoder. Potentiale und Hürden des Electronic Commerce — Eine Momentaufnahme. Informatik Spektrum, August 1999.
Adam R. Nabil and Yelena Yesha, editors. Electronic Commerce: Current Research Issues and Applications. LNCS 1028, Springer, 1996.
Rolf Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM, 40(5), May 1997.
Arndt Schönberg and Wilfried Thoben. Ein unscharfes Bewertungskonzept für die Bedrohungs-und Risikoanalyse Workflow-basierter Anwendungen. In Sicherheit und Electronic Commerce — Konzepte, Modelle und technische Möglichkeiten (WS SEC’98), pp. 47–62, Vieweg-Verlag, 1998.
T. C. Ting. How secure is secure: Some thoughts on security metrics. In Proc. of the 9th annual IFIP WG 11.3 Working Conference on Database Security, pp. 3–7, Lake Tahoe, CA, Aug. 1995.
P.R. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.
V. Zwass. Electronic Commerce: Structures and Issues. International Journal of Electronic Commerce, 1(l):3–23, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knorr, K., Röhrig, S. (2000). Security of Electronic Business Applications: Structure and Quantification. In: Bauknecht, K., Madria, S.K., Pernul, G. (eds) Electronic Commerce and Web Technologies. EC-Web 2000. Lecture Notes in Computer Science, vol 1875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44463-7_3
Download citation
DOI: https://doi.org/10.1007/3-540-44463-7_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67981-3
Online ISBN: 978-3-540-44463-3
eBook Packages: Springer Book Archive