Model Based Security Risk Analysis for Web Applications
نویسندگان
چکیده
Security evaluation and security assurance are important aspects of trust in e-business. CORAS is a European project which is developing a tool-supported framework for precise, unambiguous, and efficient risk assessment of security critical systems. The framework is obtained through adapting, refining, extending, and combining methods for risk analysis of critical systems and semiformal modelling methods. In this paper we provide an overview of the CORAS framework for model-based risk assessment, emphasising its application on Webenabled B2C e-commerce services and the meta-data based deployment model underpinning the CORAS extensible platform for tool inclusion.
منابع مشابه
Security Analysis and Improvement Model for Web-based Applications
Security Analysis and Improvement Model for Web-based Applications. (December 2008) Yong Wang, B.S.; M.S., Anhui Agricultural University, China; M.S., Texas A&M University Co-Chairs of Advisory Committee: Dr. William M. Lively Dr. Dick B. Simmons Today the web has become a major conduit for information. As the World Wide Web’s popularity continues to increase, information security on the web ha...
متن کاملRecovering Role-Based Access Control Security Models from Dynamic Web Applications
Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic we...
متن کاملTowards a Pattern Language for Security Risk Analysis of Web Applications
This article introduces a pattern language for security risk analysis of web applications in an example driven manner. The example patterns presented include a composite pattern and three basic patterns, namely a security requirements pattern, a web application design pattern and a risk analysis model pattern. The pattern language is intended to be used as a guideline to capture the security ri...
متن کاملریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کامل