Skip to main content
SpringerLink
Log in

Security of Electronic Business Applications: Structure and Quantification

  • Conference paper
  • First Online:
Book cover Electronic Commerce and Web Technologies (EC-Web 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1875))

Included in the following conference series:

Abstract

The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different systems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the locations, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze, design the application, and to compare it with other applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jo Bager, Holger Bleich, Patrick Brauch, and Axel Kossel. Natürliche Abwehrkräfte: Windows-und Internet-Software richtig konfigurieren, c’t, Feb. 2000, pp. 214–223.

    Google Scholar 

  2. A. Bhargava and B. Bhargava. Measurement and quality of services in electronic commerce software. In Proc. of the IEEE Symposium on Application-Specific Systems and Software Engineering and Technology, 1999.

    Google Scholar 

  3. S. Brocklehurst, B. Littlewod, T. Olovsson, and E. Jonsson. On measurement of operational security. In Proc. of the 9th Annual Conference on Computer Assurance, COMPASS’94, 1994.

    Google Scholar 

  4. British Standards Institute. BS7799: Code of Practice for Information Security Management (CoP), 1995.

    Google Scholar 

  5. Bundesamt für die Sicherheit in der Informationstechnik (BSI), Bonn. IT-Grundschutzhandbuch: Maßnahmenempfehlungen für den mittleren Schutzbedarf, 3 edition, Juli 1997.

    Google Scholar 

  6. Common Criteria for Information Technology and Security Evaluation: Part 1: Introduction and general model. International Standard ISO/IEC 15408, May 1998.

    Google Scholar 

  7. William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security — Repelling the Wily Hacker. Professional Computing Series. Addison Wesley, 1994.

    Google Scholar 

  8. Cheskin Research and Studio Archetype/Sapient. eCommerce Trust Study, January 1999.

    Google Scholar 

  9. D. Damm, Ph. Kirsch, Th. Schlienger, S. Teufel, H. Weider, and U. Zurfluh. Rapid Secure Development: Ein Verfahren zur Definition eines Internet-Sicherheitskonzeptes. Tech. Report, Inst, für Informatik, Uni. Zürich, 02/1999.

    Google Scholar 

  10. Lutz Donnerhacke and Steffen Peter. Vorsicht Falle! ActiveX als Füllhorn für Langfinger. iX, März1997.

    Google Scholar 

  11. Dan Farmer and Wietse Venema. Improving the Security of Your Site by Breaking Into it. http://wzv.tue.nl/satan/admin-guide-to-cracking.html, 1993.

  12. Thomas Gaugier. Interorganisatorische Informationssysteme (IOS): Ein Gestaltungsrahmen für das Informationsmanagment. PhD thesis, Institut für Informatik, Universität Zürich, 1999.

    Google Scholar 

  13. A.K. Ghosh. Securing E-Commerce: A Systematic Approach. Journal of Internet Banking and Commerce, 1997.

    Google Scholar 

  14. Internet Security Systems. Network and Host-based Vulnerability Assessment, 1999. http://www.iss.net.

  15. Andrun Jøsang. A subjective metric of authentication. In Proc. of the 5th European Symposium on Reserach in Computer Security, LNCS 1485, pages 329–344, Belgium, Sep. 1998.

    Google Scholar 

  16. D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2109, February 1997.

    Google Scholar 

  17. John Markoff. Security Flaw Discovered at Online Bank. The New York Times, January 2000.

    Google Scholar 

  18. Ueli Maurer. Modelling a public-key infrastructure. In Proc. of the 5th European Symposium on Reserach in Computer Security, pages 325–350, Italy, Sep. 1996.

    Google Scholar 

  19. V. Mc Carthy. Web-Security: How Much Is Enough? Datamation, January 1997.

    Google Scholar 

  20. Günter Müller and Detlef Schoder. Potentiale und Hürden des Electronic Commerce — Eine Momentaufnahme. Informatik Spektrum, August 1999.

    Google Scholar 

  21. Adam R. Nabil and Yelena Yesha, editors. Electronic Commerce: Current Research Issues and Applications. LNCS 1028, Springer, 1996.

    Google Scholar 

  22. Rolf Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM, 40(5), May 1997.

    Google Scholar 

  23. Arndt Schönberg and Wilfried Thoben. Ein unscharfes Bewertungskonzept für die Bedrohungs-und Risikoanalyse Workflow-basierter Anwendungen. In Sicherheit und Electronic Commerce — Konzepte, Modelle und technische Möglichkeiten (WS SEC’98), pp. 47–62, Vieweg-Verlag, 1998.

    Google Scholar 

  24. T. C. Ting. How secure is secure: Some thoughts on security metrics. In Proc. of the 9th annual IFIP WG 11.3 Working Conference on Database Security, pp. 3–7, Lake Tahoe, CA, Aug. 1995.

    Google Scholar 

  25. P.R. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.

    Google Scholar 

  26. V. Zwass. Electronic Commerce: Structures and Issues. International Journal of Electronic Commerce, 1(l):3–23, 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Zurich, Switzerland

    Konstantin Knorr

  2. SWISSiT Informationstechnik AG, Zurich, Switzerland

    Susanne Röhrig

Authors
  1. Konstantin Knorr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Susanne Röhrig
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IFI, University of Zürich, Winterthurer Str. 190, 8057, Zürich, Switzerland

    Kurt Bauknecht

  2. Department of Computer Science, Purdue University, West Lafayette, IN, 47907, USA

    Sanjay Kumar Madria

  3. Department of Information Systems, University of Essen, Universitätsstr. 9, 45141, Essen, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Knorr, K., Röhrig, S. (2000). Security of Electronic Business Applications: Structure and Quantification. In: Bauknecht, K., Madria, S.K., Pernul, G. (eds) Electronic Commerce and Web Technologies. EC-Web 2000. Lecture Notes in Computer Science, vol 1875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44463-7_3

Download citation

  • DOI: https://doi.org/10.1007/3-540-44463-7_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67981-3

  • Online ISBN: 978-3-540-44463-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation