Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Second USENIX Workshop on Electronic Commerce

Organizing Electronic Services into Security Taxonomies

Sean Smith, IBM Research
Paul Pedersen, Los Alamos National Laboratory


With increasing numbers of commercial and government services being considered for electronic delivery, effective vulnerability analysis will become increasingly critical. Organizing sets of proposed electronic services into security taxonomies will be a key part of this work. However, brute force enumeration of services and risks is inefficient, and ad hoc methods require re-invention with each new set of services. Furthermore, both such approaches fail to communicate effectively the tradeoffs between vulnerabilities and features in a set of electronic services, and fail to scale to large sets of services. From our experience advising players considering electronic delivery, we have developed a general, systematic, and scalable methodology that addresses these concerns. In this paper, we present this methodology, and apply it to the example of electronic services offered via kiosks (since kiosk systems are representative of a wide range of security issues in electronic commerce).

View the full text of this paper in HTML and POSTSCRIPT (138,636 Bytes) form.

To Become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 15 April 2002 aw
Conference Index