State-Based Security Policy
Enforcement in Component-Based E-Commerce
-
Universität Dortmund, FB Informatik, LS IV, D-44221 Dortmund
-
E-Mail: {Peter.Herrmann|
krumm}@cs.tu-dortmund.de,
lars-wiebusch@web.de
Abstract
Software component technology supports the cost-effective
development of e-commerce applications but also introduces special
security problems. In particular, a malicious component is a threat
to any application incorporating it. Therefore wrappers are of
interest which control the behavior of components at run-time and
enforce the application's security policies. The wrapper of a
component monitors the component behavior at its interfaces and
checks its compliance with the security behavior constraints of
the component's employment contract. We propose state-based
security policy definitions, report on their suitable design, and
clarify their employment by means of a component-structured
e-procurement application.
Key Words
Security policy enforcement, component security, security wrappers.
Published in
To appear in Proceedings of the 2nd IFIP Conference on
E-Commerce, E-Business, and E-Government
(I3E), Lisbon, October 2002. Kluwer Academic Publisher.
Obtaining the paper
Due to the copyright agreement between the publisher and the authors we are
not allowed to make the paper available online. If you have problems to
obtain it,
please call us.
Peter Herrmann, July 1, 2002
-- digital media copyright