New Security Paradigm for Application Security Infrastructure

  • Seunghun Jin
  • Sangrae Cho
  • Daeseon Choi
  • Jae-Cheol Ryou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2662)


The recent and upcoming computing environment is characterized by distribution, integration, collaboration and ubiquity. The existing security technology alone can not successfully provide necessary security services for this environment. Therefore, it is necessary that the provision of security services reflects the characteristics of such an environment. In this paper, we analyze security requirements for existing and upcoming applications and services. We then survey deployed security services and identify the required information security services to satisfy the result of the security requirement analysis. Hence we suggest UASI (Unified Application Security Infrastructure) as a new security paradigm. UASI is a framework, which describes how a single security infrastructure can provide all the necessary security services for the ubiquitous computing environment in a seamless manner.


Information Security Security Requirement Security Service Security Solution Application Integration 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Geiger: Net My Services and .Net Passport User Authentication Overview. Microsoft white paper (September 2001)Google Scholar
  2. 2.
    Hodges, J.: Liberty Architecture Overview. Liberty Alliance Project documentation (July 2002)Google Scholar
  3. 3.
    Jones, R.: EAM Ain’t EASY. Information Security Magazine (January 2002), SAML 1.0 Specification Set, OASIS (May 2002)Google Scholar
  4. 4.
    Harold, E.R., Means, W.S.: XML in a Nutshell, 2nd edn. O’Reilly Inc., SebastopolGoogle Scholar
  5. 5.
    Pinkston, J.: The Ins and Outs of Integration. eAI Journal, 7 (August 2001)Google Scholar
  6. 6.
    Olsen, G.: An Overview of B2B Integration. eAI Journal (May 2000)Google Scholar
  7. 7.
    Fremantle, P., Ferguson, D.F., Kreger, H., Weerawarana, S.: Understanding the Web Services Vision. Web Services Journal 02(07)Google Scholar
  8. 8.
    Zhang, L., Ahn, G.J., Chu, B.T.: A Role-Based Delegation Framework for Healthcare Information systems. In: SACMAT 2002, pp. 125–134 (June 2002)Google Scholar
  9. 9.
    Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese Wall Security Model for Decentralized Workflow Systems. In: CCS 2001, pp. 47–58 (November 2001)Google Scholar
  10. 10.
    Powell, D.: Enterprise Security Management (ESM): Centralizing Management of Your Security Policy. SANS Institute (December 2000)Google Scholar
  11. 11.
    Heffner, R.: Enterprise Application Security Integration. IT Trends 2002 (December 2001)Google Scholar
  12. 12.
    Lewis, J.: The Emerging Infrastructure for Identity and Access Management. Open Group In3 Conference (January 2002)Google Scholar
  13. 13.
    Clauβ, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37, 205–219 (2001)CrossRefGoogle Scholar
  14. 14.
    Varadharajan, V., Crall, C., Pato, J.: Authorization in enterprise wide distributed tems: design and application. In: Proceedings of the 14th IEEE Computer Security Application Conference, Scottsdale, Arizona, December 7-11, pp. 178–189 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Seunghun Jin
    • 1
  • Sangrae Cho
    • 1
  • Daeseon Choi
    • 1
  • Jae-Cheol Ryou
    • 2
  1. 1.Electronics and Telecommunications Research Institute161 Gajeong-dong, Yuseong-guDaejeonKorea
  2. 2.Department of Computer ScienceChungnam National UniversityDaejeonKorea

Personalised recommendations