对电子政务服务的安全需求方法论方法开发一个共同PKIbased安全策略.pdfVIP

Computer Communications 26 (2003) 1873–1883 /locate/comcom Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy a,* a b ¨ b Costas Lambrinoudakis , Stefanos Gritzalis , Fredj Dridi , Gunther Pernul aDepartment of Information and Communication Systems Engineering, University of the Aegean, Samos GR 832 00, Greece b ¨ Department of Information Systems, University of Essen, Universitatsstr. 9, 45141 Essen, Germany Abstract The concept of one-stop on-line government is not science fiction any more. On the contrary, the high reliability and performance of communication links, combined with architectural models that facilitate transparent access to distributed computational and storage resources, propel the development of integrated e-government platforms that support increased citizen mobility. The price we have to pay is the complexity introduced in the design of the security mechanisms required for protecting several heterogeneous information systems— each one supporting some of the services offered through the e-government integrated environment—and ensuring user privacy. This paper demonstrates that the security services offered by Public Key Infrastructure (PKI) can be employed for fulfilling most of the identified security requirements for an integrated e-government platform. The list of security requirements has been compiled by adopting an organisational framework that facilitat