State-Based Security Policy Enforcement in Component-Based E-Commerce

Peter Herrmann, Lars Wiebusch, Heiko Krumm

Universität Dortmund, FB Informatik, LS IV, D-44221 Dortmund
E-Mail: {Peter.Herrmann| krumm},


Software component technology supports the cost-effective development of e-commerce applications but also introduces special security problems. In particular, a malicious component is a threat to any application incorporating it. Therefore wrappers are of interest which control the behavior of components at run-time and enforce the application's security policies. The wrapper of a component monitors the component behavior at its interfaces and checks its compliance with the security behavior constraints of the component's employment contract. We propose state-based security policy definitions, report on their suitable design, and clarify their employment by means of a component-structured e-procurement application.

Key Words

Security policy enforcement, component security, security wrappers.

Published in

To appear in Proceedings of the 2nd IFIP Conference on E-Commerce, E-Business, and E-Government (I3E), Lisbon, October 2002. Kluwer Academic Publisher.

Obtaining the paper

Due to the copyright agreement between the publisher and the authors we are not allowed to make the paper available online. If you have problems to obtain it, please call us.

Peter Herrmann, July 1, 2002 -- digital media copyright