A Study of Security Requirements Negotiation

In service computing, a system is integrated by using the services of many service providers. The security of the services that constitutes the system affects the security of the integrated system. This paper studied the issues relating to security requirements of an integrated system using a game theoretical approach. It modeled a class of service computing applications as a security game. Using the game, the service providers and the system owners can analyse the security level and the security investment of the system. Using the results of the analysis, the system owners and the service providers can be more objective in their service level agreement negotiation.