Genie in a Model? Why Model Driven Security will not secure your Web Application
نویسندگان
چکیده
More often a new software development methodology called Model Driven Engineering (MDE) is used to increase productivity by supporting powerful code generation tools, which allows a less errorprone implementation process. However the idea of modeling system aspects during the design phase so called Model Driven Security (MDS) was proposed by the scientific community decades ago and yet it is still unclear whether MDS can improve the security of a software project. In this paper we provide a comprehensive evaluation of current MDS approaches based on a web application scenario in regards to the most common web security attacks. We discuss their strengths and limitations as well as the practicability of MDS for modern web application security in general.
منابع مشابه
Security Issues for Web-based Applications: Issues and solutions for the safe transfer of Clinical Trials data over the Internet
When building any web-based application, the issue of security is always a concern. When the application is designed to allow the sharing of clinical trials data across the Internet, security becomes one of the major topics. This paper describes what approach iBiomatics, a SAS company, has taken in the construction of their iBiomatics Portal. The paper presents a basic overview of security for ...
متن کاملModel-Driven Development of a Secure eHealth Application
We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently ...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملObject Oriented Secure Modeling using SELinux Trusted Operating System
Dr. Nitish Pathak 1 * 1 Bharati Vidyapeeth's Institute of Computers Applications and Management (BVICAM), Guru Gobind Singh Indraprastha University (GGSIPU), New Delhi, India Email: [email protected] Neelam Sharma 2 MAIT, Guru Gobind Singh Indraprastha University (GGSIPU), New Delhi, India -------------------------------------------------------------------ABSTRACT--------------------------...
متن کاملSecure Web Development Teaching Modules
Web application security has been an emerging topic while an increasing number of information systems are designed based on Extensible Makeup Language (XML) and using Hypertext Transfer Protocol (HTTP) for communications. For example, in recent years, social networking software has been used intensively, especially among college students, and integrated with various marketing or gaming software...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- JoWUA
دوره 5 شماره
صفحات -
تاریخ انتشار 2014