TY - GEN
T1 - Performance analysis of unified enterprise application security framework
AU - Shaikh, Riaz A.
AU - Sharif, Kashif
AU - Ahmed, Ejaz
N1 - Funding Information:
This research has been supported by grants from the Italian Ministry of University and Scientific and Technological Research and from the INFM National Institute for the Physics of Matter.
PY - 2005
Y1 - 2005
N2 - Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSI/FBI computer crime survey report almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.
AB - Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSI/FBI computer crime survey report almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.
KW - Application
KW - Enterprise
KW - Security
KW - Unified
UR - http://www.scopus.com/inward/record.url?scp=51149083895&partnerID=8YFLogxK
U2 - 10.1109/SCONEST.2005.4382878
DO - 10.1109/SCONEST.2005.4382878
M3 - Conference contribution
AN - SCOPUS:51149083895
SN - 0780394429
SN - 9780780394421
T3 - 2005 Student Conference on Engineering Sciences and Technology, SCONEST
BT - 2005 Student Conference on Engineering Sciences and Technology, SCONEST
T2 - 2005 Student Conference on Engineering Sciences and Technology, SCONEST
Y2 - 27 August 2005 through 27 August 2005
ER -