Towards designing of SPF based secure web application using UML 2.0

Original Article
First Online:
Received:
Revised:

Abstract

This paper describes UML-based foundations for model driven architecture and forward engineering of UML static models. In this paper, we propose an integrated environment for designing object-oriented enterprise models. In this projected process for Fast Prototyping, we design object models like use case diagram, sequence diagram, class diagram, etc. We use object-oriented conceptual modeling techniques to design and develop various applications like E-commerce, Banking, Comparison shopping, Ticketing, Online insurance policy management, product purchase system, etc. This paper suggests forward engineering to generate source code from object models through IBM Rational Rose software. This object oriented source code help software development team from analysis to maintenance phase as well as for round trip engineering. Due to high security concern, we have to use highly secure operating systems as a platform to run these web applications. In this regard, a number of trusted operating systems like Argus, Trusted Solaris, and Virtual Vault have been developed by various companies to handle the increasing need of security. The novel integration of security engineering with model-driven software expansion approach has various advantages. As we observe that all security checks in a Trusted Operating System is not necessary. Some non-essential security checks can be skipped by administrator to increase system performance. These non essential security checks can be easily identified at the time of requirement analysis. For example, the majority of web servers deal with pure public information. The majority of data on a web server is publicly readable and available to all users, but these users should not be capable to change the data on the web server. In this application, the need for security checks during reads from disk seems like a waste of CPU cycles. The real security need for web servers seems to be the security of write accesses, not read accesses. In this paper, we propose code generation, Class identification and Modeling for web applications through UML 2.0. Further we propose Security Performance flexibility model for the same to maintain the balance between security and performance for web applications.

Keywords

UML Fast prototyping Object oriented (OO) Model driven software development TOS -Trusted operating system Class identification and modeling 
This is a preview of subscription content, log in to check access.

References

  1. Ahrendt W, Baar T, Beckert B, Giese M, Hähnle R, Menzel W, Mostowski W, Schmitt P (2002) The key system: integrating object-oriented design and formal methods, proceedings of FASE 2002 ETAPS 02, Grenoble, France. Available at http://i12www.ira.uka.de/~projekt/index.html
  2. Baresi L, Garzotto F, Paolini P (2000) From web sites to web applications: new issues for conceptual modeling. ER’2000 Workshop on Conceptual Modeling and the Web, LNCS 1921. pp. 89–100. Springer-VerlagGoogle Scholar
  3. Becker LB, Pereira CE, Dias OP, Teixeira IM, Teixeira JP (2000) MOSYS: a methodology for automatic object identification from system specification. In: 3rd IEEE international symposium on object-oriented real-time distributed computing (ISORC 2000), IEEE CS Press, pp. 198–201Google Scholar
  4. Booch G, Jacobson I, Rumbaugh J (1999) The UML language users guide. Addison-Wesley, ACM Press, Redwood CityGoogle Scholar
  5. Breu R, Grosu R, Huber F, Rumpe B, Schwerin W (1997) Towards a precise semantics for object-oriented modeling techniques. In: Proceedings of the ECOOP’97, lecture notes in computer science 1241, pp. 314–364, Springer-VerlagGoogle Scholar
  6. Chaudron MRV, Werner H, Nugroho A (2012) How effective is UML modeling? An empirical perspective on costs and benefits. Softw Syst Model 11:571–580. doi: 10.1007/s10270-012-0278-4 CrossRefGoogle Scholar
  7. De Pauw W, Helm R, Kimelman D, Vlissides J (1993) Visualizing the behavior of object-oriented systems. In Proceedings OOPSLA’93, pp. 326–337. ACM PressGoogle Scholar
  8. Epstein P, Sandhu R (1999) Towards a UML based approach to role engineering In: Proceedings of the 4th ACM Workshop on Role-based access control, pp. 135–143. ACM PressGoogle Scholar
  9. Favre L, Martínez L, Pereira C (2000) Transforming UML static models into object-oriented code. Technology of object oriented languages and systems, Henderson-Sellers B, Meyer B (eds.) TOOLS 37 IEEE Computer Press, Australia, pp. 170–181Google Scholar
  10. Fernandes JM, Machado RJ (2001) From use cases to objects: an industrial information systems case study analysis. In: 7th international conference on object-oriented information systems (OOIS’01). Springer, Berlin, pp. 319–328Google Scholar
  11. Machado RJ. Fernandes, Monteiro JM, Rodrigues P (2005) Transformation of UML models for service-oriented software architectures In: Proceedings of 12th IEEE international conference on the engineering of computer based systems (ECBS 2005), pp. 173–82Google Scholar
  12. Gogolla M, Henderson-Sellers B (2002) Formal analysis of UML stereotypes within the UML metamodel. In: Proceedings of ≪UML≫ 2002, 5th international conference unified modeling language. Cook S, Hussmann H, Jezequel JM (eds.) Lecture notes in computer science, Springer-VerlagGoogle Scholar
  13. Gómez J, Cachero C, Pastor O (2000) Extending a conceptual modeling approach to web application design. In proceedings conference on advanced information systems engineering (CAiSE), LNCS 1789, pp. 79–93, Springer- VerlagGoogle Scholar
  17. Jacobson I, Magnus C, Patrik J, Övergaard G (2004) Object-oriented software engineering: a use case driven approach. In: Ferraiolo D and Kuhn R (eds.) Role-based access control. Proceedings of the 15th national computer security conference, Addison-Wesley, Wokingham, England, 1992Google Scholar
  18. Joshi JBD, Aref WG, Ghafoor A and Spafford EH (2001) Security models for web-based applicationsGoogle Scholar
  19. Jürjens J (2001) Towards development of secure systems using UMLsec. In Hussmann H (ed) Fundamental approaches to software engineering, 4th international conference proceedings, LNCS, Spriger, pp. 187–200Google Scholar
  20. Kosiuczenko P (2007) Redesign of UML class diagrams: a formal approach. Softw Syst Model 2009(8):165–183. doi: 10.1007/s10270-007-0068-6 Google Scholar
  21. Koskimies K, M¨annist¨o T, Syst¨a T, Tuomi J (1998) Automated support for modeling OO software, IEEE Software, 15, 1, January/February, pp. 87–94Google Scholar
  22. Marcus A, Ferenc R, Poshyvanyk D (2008) Using the conceptual cohesion of classes for fault prediction in object-oriented systems. IEEE Transact Softw Eng, 34(2), March/AprilGoogle Scholar
  23. Pathak N, Sharma G, Singh BM (2014) Forward engineering based implementation of TOS in social networking. Int J Comput App, 102(11), pp. 33–38, ISSN: 0975–8887Google Scholar
  24. Petriu DC, Shen H, Sabetta A (2007) Performance analysis of aspect-oriented UML models. Softw Syst Model 6:453–471. doi: 10.1007/s10270-007-0053-0 CrossRefGoogle Scholar
  25. Philippow I, Streitferdt D, Riebisch M, Naumann S, Naumann S (2005) An approach for reverse engineering of design patterns. Softw Syst Model 4:55–70. doi: 10.1007/s10270-004-0059-9 CrossRefGoogle Scholar
  26. Power JF & Malloy BA (2000) An approach for modeling the name lookup problem in the C++ programming language. In: ACM symposium on applied computing, ComoGoogle Scholar
  27. Richner T, Ducasse S (1999) Recovering high-level views of object-oriented applications from static and dynamic information. In: Yang H and White L (eds) Proceedings ICSM’99 (International Conference on Software Maintenance) IEEEGoogle Scholar
  28. Sendall S, Kozaczynski W (2003) Model transformation: the heart and soul of model-driven software developement. IEEE Softw 20(5):42–45CrossRefGoogle Scholar
  29. Siau K, Lee L (2004) Are use case and class diagrams complementary in requirements analysis? An experimental study on use case and class diagrams in UML. Requir Eng 2004(9):229–237. doi: 10.1007/s00766-004-0203-7 CrossRefGoogle Scholar

Copyright information

© The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden 2015

Authors and Affiliations

  1. 1.UTUDehradunIndia
  2. 2.Departments of CS&EBPIBS, Government of NCT DelhiDelhiIndia
  3. 3.Department of CS&ECollege of Engineering RoorkeeRoorkeeIndia

Personalised recommendations