Modeling Secure Navigation in Web Information Systems
Secure web information systems are becoming increasingly important due to rising cybercrime as well as the growing awareness of data privacy. Besides authentication and confidential connections, both data access control and navigational access control are the most relevant security features in this field. Adding such security features, however, to already implemented web applications is an error-prone task. Our approach enables web engineers to model security issues in an early phase of the development process. We demonstrate the integration for the UML-based Web Engineering (UWE) method. The approach supports the engineer by providing means to model navigational security with a plugin in a UML modeling tool. Additionally, the models can be used for the verification of web systems and security properties, such as reachability of navigation nodes in general and of those that are restricted to authorized users.
KeywordsSecurity Web Engineering Modeling Verification
Unable to display preview. Download preview PDF.
- 1.Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Chichester (2008)Google Scholar
- 3.Busch, M.: Integration of Security Aspects in Web Engineering. Master’s thesis, Ludwig-Maximilians-Universität München (2011), http://uwe.pst.ifi.lmu.de/publications/BuschDA.pdf
- 7.Gnesi, S., Mazzanti, F.: On-The-Fly Model Checking of Communicating UML State Machines. In: Proc. 2nd ACIS Int. Conf. Software Engineering Research, Management and Applications (SERA 2004), Los Angeles (2004)Google Scholar
- 8.Hafner, M., Breu, R.: Security Engineering for Service-Oriented Architectures. Springer, Heidelberg (2008)Google Scholar
- 9.Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison–Wesley, London (2004)Google Scholar
- 17.Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)Google Scholar
- 18.Valverde, F., Pastor, O.: Applying Interaction Patterns: Towards a Model-Driven Approach for Rich Internet Applications Development. In: Proc. 7th Int. Wsh. Web-Oriented Software Technologies, IWWOST 2008 (2008)Google Scholar
- 19.Zhang, G., Hölzl, M.: Aspect-Oriented Modeling of Web Applications with HiLA. In: Wsh. Proc. 11th Int. Conf. Web Engineering (ICWE 2011). LNCS. Springer, Heidelberg (to appear, 2011)Google Scholar