Engineering Secure Future Internet Services and Systems

This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.

Selection of papers representing examples of NESSoS (Network of Excellence on Engineering Secure Future Internet Software Services and Systems) research State-of-the-art results Provides an overview of the current research in the field of security engineering

Inhalt
A Structured Comparison of Security Standards.- Empirical Assessment of Security Requirements and Architecture: Lessons Learned.- STS-Tool: Security Requirements Engineering for Socio-Technical Systems.- Model-Driven Development of a Secure eHealth Application.- Modeling Security Features of Web Applications.- On the Synthesis of Secure Services Composition.- Privacy and Access Control in Federated Social Networks.- Engineering Trust-Awareness and Self-adaptability in Services and Systems.- Validation of Access Control Systems.- Evaluation of Engineering Approaches in the Secure Software Development Life Cycle.- A Toolchain for Designing and Testing Access Control Policies.- Verification of Authorization Policies Modified by Delegation.- ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System.- Divide and Conquer Towards a Notion of Risk Model Encapsulation.- Preserving Data Privacy in e-Health.