|
Papers
|
www.cs.dartmouth.edu/~sws/abstracts/sp96.shtml
Last modified: 08/27/03 11:56:53 AM
|
S.W. Smith, P. Pedersen.
``Organizing Electronic Services into Security Taxonomies.''
2nd USENIX Workshop on Electronic Commerce.
1996.
Abstract
With increasing numbers of commercial and government services being
considered for electronic delivery, effective vulnerability analysis
will become increasingly critical. Organizing sets of proposed
electronic services into security taxonomies will be a key part of
this work. However, brute force enumeration of services and risks is
inefficient, and ad hoc methods require re-invention with each new
set of services. Furthermore, both such approaches fail to
communicate effectively the tradeoffs between vulnerabilities and
features in a set of electronic services, and fail to scale to large
sets of services. From our experience advising players considering
electronic delivery, we have developed a general, systematic,
and scalable methodology that addresses these concerns. In this
paper, we present this methodology, and apply it to the example of
electronic services offered via kiosks (since kiosk systems are
representative of a wide range of security issues in electronic
commerce).
Download
PDF
