|
Second USENIX Workshop on Electronic Commerce
Organizing Electronic Services into Security Taxonomies
Sean Smith, IBM Research
Paul Pedersen, Los Alamos National Laboratory
Abstract
With increasing numbers of commercial and government services being
considered for electronic delivery, effective vulnerability analysis
will become increasingly critical. Organizing sets of proposed
electronic services into security taxonomies will be a key part of
this work. However, brute force enumeration of services and risks is
inefficient, and ad hoc methods require re-invention with each new set
of services. Furthermore, both such approaches fail to communicate
effectively the tradeoffs between vulnerabilities and features in a
set of electronic services, and fail to scale to large sets of
services. From our experience advising players considering electronic
delivery, we have developed a general, systematic, and scalable
methodology that addresses these concerns. In this paper, we present
this methodology, and apply it to the example of electronic services
offered via kiosks (since kiosk systems are representative of a wide
range of security issues in electronic commerce).
View the full text of this paper in
HTML and
POSTSCRIPT (138,636 Bytes) form.
To Become a USENIX Member, please see our
Membership Information.
|
Need help? Use our Contacts page.
Conference Index