International Journal of Computer Applications |
Foundation of Computer Science (FCS), NY, USA |
Volume 22 - Number 2 |
Year of Publication: 2011 |
Authors: M.Thirumaran, P.Dhavachelvan, S.Abarna |
10.5120/2559-3513 |
M.Thirumaran, P.Dhavachelvan, S.Abarna . Security Model to Incorporate Add-On Security for Business Services. International Journal of Computer Applications. 22, 2 ( May 2011), 1-10. DOI=10.5120/2559-3513
Nowadays, the services offered by the Service Providers are subjected to many risks in terms of privacy agreements and hence they are treated as untrustworthy. Security risk analysis is fundamental to the security of any business and it is considered to be very essential in ensuring that controls and expenditure are fully commensurate with the risks to which the business is exposed. Hence, the Customer requires a set of security services and the model driven security specifications in terms of security policies such as authentication, authorization, confidentiality, integrity and audit in order to overcome such situations. The Customer security requirements should match with the security specifications that are recommended or delivered by the Service Provider and these contracts can be done through Service Level Agreements. In our paper we propose an Add-on security model which provides interoperable security services for the business services according to the security requirements of the business. We also establish the model as schema driven security model which facilitate dynamic integration of security services with the associated business services and finally to provide security assessment and verification mechanism for the Add-on security services along with the business requirements. The security assessment and verification is done automatically using Add-on security service assessment model. This issue plays a main role in verifying where the security model matches with the business requirements and also whether the security agreements are well maintained by both consumer and the service provider. We convert source code to first order logic in reasoning engine to evaluate the policy rules that influence the subject, resource and environment to determine the Access point in the security services and also finally evaluating the QOS like cost, response time, execution time and uptime for business services along with Add-on security features.