Skip to Main content Skip to Navigation
Theses

Gestion de la sécurité dans une infrastructure de services dynamique : Une approche par gestion des risques

Abstract : Changes in economic environment impose new organizational strategies to companies: refocusing business and creating collaboration strategies. These trends point to an exponential growth of service ecosystems accessible to both end users and partners. All foreshadows that these ecosystems rely heavily on service-oriented architectures that can build information systems having the required agility and supporting the interconnection of collaborative business processes by composing processes dynamically from distributed services. This type of architecture that ensures business and information systems alignment, makes it essential to take into account security constraints at the services’ and the composition’s levels. In a distributed and dynamic services’ environment, security should not be limited to providing technological solutions but to find a security strategy taking into account the business, organizational and technological dimensions. Besides, the security must be considered as an ongoing process that aims to optimize security investments and ensures the sustainability of implemented security measures. However, the models and reference architectures in the services’ domain have underestimated the definition of security requirements, assets to protect and the identification of risks to those assets. Therefore, we propose to address the security management issues by a risk management approach to identify the different types of risks and propose the most appropriate security measures to the context. Nevertheless, risk management is a real challenge in an open collaborative services’ environment. The methods of risk management developed in the context of information systems do not meet the security requirements in an open environment and are not suitable for dynamic environments. To overcome these limitations, we propose a methodological framework for security management covering the phases: preparation, design, execution and supervision of the services’ lifecycle. We propose a model of secure services to identify security patterns, an assets’ classification model and an ontology defining the concepts associated with those assets. Moreover, we develop a methodology for designing secure service oriented architectures, we address the development of secure business processes then we propose a security service for managing and supervising the infrastructure components’ vulnerabilities.
Document type :
Theses
Complete list of metadatas

Cited literature [106 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00828598
Contributor : Abes Star :  Contact
Submitted on : Friday, May 31, 2013 - 1:18:10 PM
Last modification on : Wednesday, July 8, 2020 - 12:42:07 PM
Long-term archiving on: : Sunday, September 1, 2013 - 5:20:52 AM

File

these.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-00828598, version 1

Citation

Pascal Bou Nassar. Gestion de la sécurité dans une infrastructure de services dynamique : Une approche par gestion des risques. Gestion et management. INSA de Lyon, 2012. Français. ⟨NNT : 2012ISAL0102⟩. ⟨tel-00828598⟩

Share

Metrics

Record views

1597

Files downloads

17506