Home > Table of Contents


Proceedings of 2009 International Symposium on Computer Science and Computational Technology (ISCSCT 2009)

Huangshan, China, December 26-28, 2009

Editors: Fei Yu, Guangxue Yue, Jian Shu, Yun Liu

AP Catalog Number: AP-PROC-CS-09CN005

ISBN: 978-952-5726-07-7 (Print), 978-952-5726-08-4 (CD-ROM)

Page(s): 88-93

Model Based Security Policy Assessment for E-Business Environment

Wang Chu and Yanli Feng

Full text: PDF


The key to profitability for e-business is ensuring data integrity, service availability, and user information confidentiality along the entire e-services chain. Both staffs and IT system components need to compare secure policy with performance in an e-business environment. Currently, most efforts set focus on e-business process analysis and value-chain analysis, little attention is put on the secure policy compliance assessment. This paper presens a model based security policy assessment approach that integrates fault tree analysis technology and top-down architecture driven system analysis method. The assessment process includes security attribute scenarios generation, e-business security model construction, fault tree based threat model construction, and security policy evaluation. It can be used to analyze the security policy for the e-business environment from two different perspectives: 1) Compliance analysis between security policy and e-business security model, intended to elicit all possible discrepancies; 2) Adequacy analysis of security policy for identified threats, aiming at verifying and demonstrating whether the security policy are appropriate for the emerging secure risks.

Index Terms

E-business, Security policy assessment, Architecture driven system analysis, Fault tree analysis

Copyright @ 2009 ACADEMY PUBLISHER All rights reserved