Formalization of Web Security Patterns

Detalhes bibliográficos
Autor(a) principal: Dwivedi, Ashish Kumar
Data de Publicação: 2015
Outros Autores: Rath, Santanu Kumar
Tipo de documento: Artigo
Idioma: eng
Título da fonte: INFOCOMP: Jornal de Ciência da Computação
Texto Completo: https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493
Resumo: Security issues in software industries become more and more challenging due to malicious attacks and as a result, it leads to exploration of various security holes in software system. In order to secure the information assets associated with any software system, organizations plan to design the system based on a number of security patterns, useful to build and test new security mechanisms. These patterns are nothing but certain design guidelines. But they have certain limitations in terms of consistency and usability. Hence, these security patterns may sometimes act as insecure. In this study, an attempt has been made to compose security patterns for the web-based application. Subsequently, a formal modeling approach for the composition of security patterns is presented. In order to maximize comprehensibility, Unified Modeling Language (UML) notations are used to represent structural and behavioral aspects of a web-based system. A formal modeling language i.e., Alloy has been taken into consideration for analyzing web-based security pattens. For the demonstration of this approach, a case study i.e., an online banking system is considered. A qualitative evaluation is performed for the identified security patterns against the critical security properties. In this study a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.
id UFLA-5_6fd3a7a5bb97d2378cfc8a37864716b3
oai_identifier_str oai:infocomp.dcc.ufla.br:article/493
network_acronym_str UFLA-5
network_name_str INFOCOMP: Jornal de Ciência da Computação
repository_id_str
spelling Formalization of Web Security PatternsAlloyFormal ModelingOnline Banking SystemSecurity Patterns.Security issues in software industries become more and more challenging due to malicious attacks and as a result, it leads to exploration of various security holes in software system. In order to secure the information assets associated with any software system, organizations plan to design the system based on a number of security patterns, useful to build and test new security mechanisms. These patterns are nothing but certain design guidelines. But they have certain limitations in terms of consistency and usability. Hence, these security patterns may sometimes act as insecure. In this study, an attempt has been made to compose security patterns for the web-based application. Subsequently, a formal modeling approach for the composition of security patterns is presented. In order to maximize comprehensibility, Unified Modeling Language (UML) notations are used to represent structural and behavioral aspects of a web-based system. A formal modeling language i.e., Alloy has been taken into consideration for analyzing web-based security pattens. For the demonstration of this approach, a case study i.e., an online banking system is considered. A qualitative evaluation is performed for the identified security patterns against the critical security properties. In this study a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.Editora da UFLA2015-06-01info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493INFOCOMP Journal of Computer Science; Vol. 14 No. 1 (2015): June, 2015; 14-251982-33631807-4545reponame:INFOCOMP: Jornal de Ciência da Computaçãoinstname:Universidade Federal de Lavras (UFLA)instacron:UFLAenghttps://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493/468Copyright (c) 2016 INFOCOMP Journal of Computer Scienceinfo:eu-repo/semantics/openAccessDwivedi, Ashish KumarRath, Santanu Kumar2015-08-06T13:12:36Zoai:infocomp.dcc.ufla.br:article/493Revistahttps://infocomp.dcc.ufla.br/index.php/infocompPUBhttps://infocomp.dcc.ufla.br/index.php/infocomp/oaiinfocomp@dcc.ufla.br||apfreire@dcc.ufla.br1982-33631807-4545opendoar:2024-05-21T19:54:41.498720INFOCOMP: Jornal de Ciência da Computação - Universidade Federal de Lavras (UFLA)true
dc.title.none.fl_str_mv Formalization of Web Security Patterns
title Formalization of Web Security Patterns
spellingShingle Formalization of Web Security Patterns
Dwivedi, Ashish Kumar
Alloy
Formal Modeling
Online Banking System
Security Patterns.
title_short Formalization of Web Security Patterns
title_full Formalization of Web Security Patterns
title_fullStr Formalization of Web Security Patterns
title_full_unstemmed Formalization of Web Security Patterns
title_sort Formalization of Web Security Patterns
author Dwivedi, Ashish Kumar
author_facet Dwivedi, Ashish Kumar
Rath, Santanu Kumar
author_role author
author2 Rath, Santanu Kumar
author2_role author
dc.contributor.author.fl_str_mv Dwivedi, Ashish Kumar
Rath, Santanu Kumar
dc.subject.por.fl_str_mv Alloy
Formal Modeling
Online Banking System
Security Patterns.
topic Alloy
Formal Modeling
Online Banking System
Security Patterns.
description Security issues in software industries become more and more challenging due to malicious attacks and as a result, it leads to exploration of various security holes in software system. In order to secure the information assets associated with any software system, organizations plan to design the system based on a number of security patterns, useful to build and test new security mechanisms. These patterns are nothing but certain design guidelines. But they have certain limitations in terms of consistency and usability. Hence, these security patterns may sometimes act as insecure. In this study, an attempt has been made to compose security patterns for the web-based application. Subsequently, a formal modeling approach for the composition of security patterns is presented. In order to maximize comprehensibility, Unified Modeling Language (UML) notations are used to represent structural and behavioral aspects of a web-based system. A formal modeling language i.e., Alloy has been taken into consideration for analyzing web-based security pattens. For the demonstration of this approach, a case study i.e., an online banking system is considered. A qualitative evaluation is performed for the identified security patterns against the critical security properties. In this study a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.
publishDate 2015
dc.date.none.fl_str_mv 2015-06-01
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493
url https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/493/468
dc.rights.driver.fl_str_mv Copyright (c) 2016 INFOCOMP Journal of Computer Science
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Copyright (c) 2016 INFOCOMP Journal of Computer Science
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Editora da UFLA
publisher.none.fl_str_mv Editora da UFLA
dc.source.none.fl_str_mv INFOCOMP Journal of Computer Science; Vol. 14 No. 1 (2015): June, 2015; 14-25
1982-3363
1807-4545
reponame:INFOCOMP: Jornal de Ciência da Computação
instname:Universidade Federal de Lavras (UFLA)
instacron:UFLA
instname_str Universidade Federal de Lavras (UFLA)
instacron_str UFLA
institution UFLA
reponame_str INFOCOMP: Jornal de Ciência da Computação
collection INFOCOMP: Jornal de Ciência da Computação
repository.name.fl_str_mv INFOCOMP: Jornal de Ciência da Computação - Universidade Federal de Lavras (UFLA)
repository.mail.fl_str_mv infocomp@dcc.ufla.br||apfreire@dcc.ufla.br
_version_ 1799874742138699776

Registros relacionados