Using Model Driven Security Approaches in Web Application Development
نویسندگان
چکیده
With the rise of Model Driven Engineering (MDE) as a software development methodology, which increases productivity and, supported by powerful code generation tools, allows a less error-prone implementation process, the idea of modeling security aspects during the design phase of the software development process was first suggested by the research community almost a decade ago. While various approaches for Model Driven Security (MDS) have been proposed during the years, it is still unclear, how these concepts compare to each other and whether they can improve the security of software projects. In this paper, we provide an evaluation of current MDS approaches based on a simple web application scenario and discuss the strengths and limitations of the various techniques, as well as the practicability of MDS for web application security in general.
منابع مشابه
Genie in a Model? Why Model Driven Security will not secure your Web Application
More often a new software development methodology called Model Driven Engineering (MDE) is used to increase productivity by supporting powerful code generation tools, which allows a less errorprone implementation process. However the idea of modeling system aspects during the design phase so called Model Driven Security (MDS) was proposed by the scientific community decades ago and yet it is st...
متن کاملTowards Modeling Role-Based Pageflow Definitions within Web Applications
Model-Driven Software Development (MDSD) can be used to enhance developing and maintaining web applications. Furthermore, security plays a crucial role in the area of web applications. A seamless integration of access control and modeling web applications becomes important. This work introduces model-driven integration of security concerns into the development life cycle of web applications. In...
متن کاملSystematic Review of Web Application Security Vulnerabilities Detection Methods
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key facto...
متن کاملModel-Driven Role-Based Access Control for Oracle Database
With the constant march towards a paperless business environment, database systems are increasingly being used to hold more and more sensitive information. This means they present an increasingly valuable target for attackers. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. However the implementation of ...
متن کاملModel-Driven Engineering of Composite Service Oriented Applications
Composite applications integrate web services with other business applications and components to implement business processes. Model-driven approaches tackle the complexity of composite applications caused by domain and technology heterogeneity and integration requirements. The method and framework described in this paper generate all artefacts (workflow, data, user interfaces, etc.), required ...
متن کامل