A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions

Thomas Zefferer; Bernd Prünster; Christian Paul Kollmann; Andreea Ancuta Corici; Lukas Alber; Roland Czerny; Blaz Podgorelec

doi:10.1145/3598469.3598529

A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions

Thomas Zefferer, Bernd Prünster, Christian Paul Kollmann, Andreea Ancuta Corici, Lukas Alber, Roland Czerny, Blaz Podgorelec

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Security evaluation is crucial for any security-critical system. In this context, a system can mean technical systems, organizations, or any other entity with certain security requirements. The major challenge in doing risk analysis is the trade-off between completeness and complexity. When done on a more abstract level, certain risks are potentially overlooked. When done on a very detailed level, risk analyses quickly become complex and exceed available resources. To tackle this challenge, various norms and standards propose different security evaluation methodologies. These methodologies vary depending on their target scope. Also, these standards typically remain on a rather abstract level to ensure broad applicability to different systems. In practice, this often complicates the application of these standards to concrete technical systems. In this paper, we tackle this issue by proposing a customized security-evaluation framework tailored to the special characteristics of cross-border e-government services. The proposed framework does not re-invent the wheel but combines aspects and approaches of established norms and standards to cherry-pick from each standard those aspects most beneficial for the given context. We evaluated the proposed framework by applying it to a set of software building blocks, which have been developed in the Horizon-2020 project mGov4EU and leverage mobile cross-border e-government services in Europe. The conducted evaluation shows that the proposed framework facilitates the practical application of security evaluations in the targeted domain and supports evaluators in handling the trade-off between completeness and complexity.

Originalsprache	englisch
Titel	DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research
Redakteure/-innen	David Duenas Cid
Herausgeber (Verlag)	Association of Computing Machinery
Seiten	536–543
Seitenumfang	8
ISBN (elektronisch)	979-8-4007-0837-4
DOIs	https://doi.org/10.1145/3598469.3598529
Publikationsstatus	Veröffentlicht - 2023
Veranstaltung	24th Annual International Conference on Digital Government Research: dg.o 2023 - Gdansk, Polen Dauer: 11 Juli 2023 → 14 Juli 2023

Publikationsreihe

Name	ACM International Conference Proceeding Series

Konferenz

Konferenz	24th Annual International Conference on Digital Government Research
Kurztitel	dg.o 2023
Land/Gebiet	Polen
Ort	Gdansk
Zeitraum	11/07/23 → 14/07/23

ASJC Scopus subject areas

Software
Human-computer interaction
Maschinelles Sehen und Mustererkennung
Computernetzwerke und -kommunikation

Zugriff auf Dokument

10.1145/3598469.3598529

dgo2023_security_evaluation_submitted_manuscriptEingereichtes Manuskript, 548 KB

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

EU - mGov4EU - Mobile grenzüberschreitende Regierungsdienste für Europa
Tauber, A.
1/01/21 → 31/12/23
Projekt: Forschungsprojekt

Dieses zitieren

Zefferer, T., Prünster, B., Kollmann, C. P., Corici, A. A., Alber, L., Czerny, R., & Podgorelec, B. (2023). A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions. in D. D. Cid (Hrsg.), DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research (S. 536–543). (ACM International Conference Proceeding Series). Association of Computing Machinery. https://doi.org/10.1145/3598469.3598529

A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions. / Zefferer, Thomas; Prünster, Bernd; Kollmann, Christian Paul et al.
DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research. Hrsg. / David Duenas Cid. Association of Computing Machinery, 2023. S. 536–543 (ACM International Conference Proceeding Series).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Zefferer, T, Prünster, B, Kollmann, CP, Corici, AA, Alber, L, Czerny, R & Podgorelec, B 2023, A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions. in DD Cid (Hrsg.), DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research. ACM International Conference Proceeding Series, Association of Computing Machinery, S. 536–543, 24th Annual International Conference on Digital Government Research, Gdansk, Polen, 11/07/23. https://doi.org/10.1145/3598469.3598529

Zefferer T, Prünster B, Kollmann CP, Corici AA, Alber L, Czerny R et al. A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions. in Cid DD, Hrsg., DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research. Association of Computing Machinery. 2023. S. 536–543. (ACM International Conference Proceeding Series). doi: 10.1145/3598469.3598529

Zefferer, Thomas ; Prünster, Bernd ; Kollmann, Christian Paul et al. / A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions. DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research. Hrsg. / David Duenas Cid. Association of Computing Machinery, 2023. S. 536–543 (ACM International Conference Proceeding Series).

@inproceedings{73e2cf1564d34b38a5860af3b3c6a2d1,

title = "A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions",

abstract = "Security evaluation is crucial for any security-critical system. In this context, a system can mean technical systems, organizations, or any other entity with certain security requirements. The major challenge in doing risk analysis is the trade-off between completeness and complexity. When done on a more abstract level, certain risks are potentially overlooked. When done on a very detailed level, risk analyses quickly become complex and exceed available resources. To tackle this challenge, various norms and standards propose different security evaluation methodologies. These methodologies vary depending on their target scope. Also, these standards typically remain on a rather abstract level to ensure broad applicability to different systems. In practice, this often complicates the application of these standards to concrete technical systems. In this paper, we tackle this issue by proposing a customized security-evaluation framework tailored to the special characteristics of cross-border e-government services. The proposed framework does not re-invent the wheel but combines aspects and approaches of established norms and standards to cherry-pick from each standard those aspects most beneficial for the given context. We evaluated the proposed framework by applying it to a set of software building blocks, which have been developed in the Horizon-2020 project mGov4EU and leverage mobile cross-border e-government services in Europe. The conducted evaluation shows that the proposed framework facilitates the practical application of security evaluations in the targeted domain and supports evaluators in handling the trade-off between completeness and complexity.",

keywords = "Security evaluation, Risk analysis, Risk evaluation, Security, E-government, e-Government",

author = "Thomas Zefferer and Bernd Pr{\"u}nster and Kollmann, {Christian Paul} and Corici, {Andreea Ancuta} and Lukas Alber and Roland Czerny and Blaz Podgorelec",

year = "2023",

doi = "10.1145/3598469.3598529",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association of Computing Machinery",

pages = "536–543",

editor = "Cid, {David Duenas}",

booktitle = "DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research",

address = "United States",

note = "24th Annual International Conference on Digital Government Research : dg.o 2023, dg.o 2023 ; Conference date: 11-07-2023 Through 14-07-2023",

}

TY - GEN

T1 - A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions

AU - Zefferer, Thomas

AU - Prünster, Bernd

AU - Kollmann, Christian Paul

AU - Corici, Andreea Ancuta

AU - Alber, Lukas

AU - Czerny, Roland

AU - Podgorelec, Blaz

PY - 2023

Y1 - 2023

N2 - Security evaluation is crucial for any security-critical system. In this context, a system can mean technical systems, organizations, or any other entity with certain security requirements. The major challenge in doing risk analysis is the trade-off between completeness and complexity. When done on a more abstract level, certain risks are potentially overlooked. When done on a very detailed level, risk analyses quickly become complex and exceed available resources. To tackle this challenge, various norms and standards propose different security evaluation methodologies. These methodologies vary depending on their target scope. Also, these standards typically remain on a rather abstract level to ensure broad applicability to different systems. In practice, this often complicates the application of these standards to concrete technical systems. In this paper, we tackle this issue by proposing a customized security-evaluation framework tailored to the special characteristics of cross-border e-government services. The proposed framework does not re-invent the wheel but combines aspects and approaches of established norms and standards to cherry-pick from each standard those aspects most beneficial for the given context. We evaluated the proposed framework by applying it to a set of software building blocks, which have been developed in the Horizon-2020 project mGov4EU and leverage mobile cross-border e-government services in Europe. The conducted evaluation shows that the proposed framework facilitates the practical application of security evaluations in the targeted domain and supports evaluators in handling the trade-off between completeness and complexity.

AB - Security evaluation is crucial for any security-critical system. In this context, a system can mean technical systems, organizations, or any other entity with certain security requirements. The major challenge in doing risk analysis is the trade-off between completeness and complexity. When done on a more abstract level, certain risks are potentially overlooked. When done on a very detailed level, risk analyses quickly become complex and exceed available resources. To tackle this challenge, various norms and standards propose different security evaluation methodologies. These methodologies vary depending on their target scope. Also, these standards typically remain on a rather abstract level to ensure broad applicability to different systems. In practice, this often complicates the application of these standards to concrete technical systems. In this paper, we tackle this issue by proposing a customized security-evaluation framework tailored to the special characteristics of cross-border e-government services. The proposed framework does not re-invent the wheel but combines aspects and approaches of established norms and standards to cherry-pick from each standard those aspects most beneficial for the given context. We evaluated the proposed framework by applying it to a set of software building blocks, which have been developed in the Horizon-2020 project mGov4EU and leverage mobile cross-border e-government services in Europe. The conducted evaluation shows that the proposed framework facilitates the practical application of security evaluations in the targeted domain and supports evaluators in handling the trade-off between completeness and complexity.

KW - Security evaluation

KW - Risk analysis

KW - Risk evaluation

KW - Security

KW - E-government

KW - e-Government

UR - http://www.scopus.com/inward/record.url?scp=85167866966&partnerID=8YFLogxK

U2 - 10.1145/3598469.3598529

DO - 10.1145/3598469.3598529

M3 - Conference paper

T3 - ACM International Conference Proceeding Series

SP - 536

EP - 543

BT - DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research

A2 - Cid, David Duenas

PB - Association of Computing Machinery

T2 - 24th Annual International Conference on Digital Government Research

Y2 - 11 July 2023 through 14 July 2023

ER -

A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

EU - mGov4EU - Mobile grenzüberschreitende Regierungsdienste für Europa

Dieses zitieren