Modeling Secure Navigation in Web Information Systems

  • Marianne Busch
  • Alexander Knapp
  • Nora Koch
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 90)


Secure web information systems are becoming increasingly important due to rising cybercrime as well as the growing awareness of data privacy. Besides authentication and confidential connections, both data access control and navigational access control are the most relevant security features in this field. Adding such security features, however, to already implemented web applications is an error-prone task. Our approach enables web engineers to model security issues in an early phase of the development process. We demonstrate the integration for the UML-based Web Engineering (UWE) method. The approach supports the engineer by providing means to model navigational security with a plugin in a UML modeling tool. Additionally, the models can be used for the verification of web systems and security properties, such as reachability of navigation nodes in general and of those that are restricted to authorized users.


Security Web Engineering Modeling Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Chichester (2008)Google Scholar
  2. 2.
    Balser, M., Bäumler, S., Knapp, A., Reif, W., Thums, A.: Interactive Verification of UML State Machines. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 434–448. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Busch, M.: Integration of Security Aspects in Web Engineering. Master’s thesis, Ludwig-Maximilians-Universität München (2011),
  4. 4.
    Busch, M., Koch, N.: MagicUWE – A CASE Tool Plugin for Modeling Web Applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 505–508. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Clavel, M., da Silva, V., Braga, C., Egea, M.: Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 326–337. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Gilmore, S., Gönczy, L., Koch, N., Mayer, P., Tribastone, M., Varró, D.: Non-functional Properties in the Model-Driven Development of Service-Oriented Systems. J. Softw. Syst. Model. 10(3), 287–311 (2011)CrossRefGoogle Scholar
  7. 7.
    Gnesi, S., Mazzanti, F.: On-The-Fly Model Checking of Communicating UML State Machines. In: Proc. 2nd ACIS Int. Conf. Software Engineering Research, Management and Applications (SERA 2004), Los Angeles (2004)Google Scholar
  8. 8.
    Hafner, M., Breu, R.: Security Engineering for Service-Oriented Architectures. Springer, Heidelberg (2008)Google Scholar
  9. 9.
    Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison–Wesley, London (2004)Google Scholar
  10. 10.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004); Tools and further information, Google Scholar
  11. 11.
    Knapp, A., Merz, S., Rauh, C.: Model Checking - Timed UML State Machines and Collaborations. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 395–416. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Koch, N., Knapp, A., Zhang, G., Baumeister, H.: UML-based Web Engineering: An Approach based on Standards. In: Web Engineering: Modelling and Implementing Web Applications. Human-Computer Interaction Series, pp. 157–191. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Meliá, S., Gómez, J., Pérez, S., Díaz, O.: A Model-Driven Development for GWT-Based Rich Internet Applications with OOH4RIA. In: Proc. 8th Int. Conf. Web Engineering (ICWE 2008), pp. 13–23. IEEE, Los Alamitos (2008)CrossRefGoogle Scholar
  15. 15.
    Menzel, M., Meinel, C.: A Security Meta-model for Service-Oriented Architectures. In: Proc. 2009 IEEE Int. Conf. Services Computing (SCC 2009), pp. 251–259. IEEE, Los Alamitos (2009)CrossRefGoogle Scholar
  16. 16.
    Moreno, N., Fraternali, P., Vallecillo, A.: WebML modelling in UML. IET Software 1(3), 67 (2007)CrossRefGoogle Scholar
  17. 17.
    Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Valverde, F., Pastor, O.: Applying Interaction Patterns: Towards a Model-Driven Approach for Rich Internet Applications Development. In: Proc. 7th Int. Wsh. Web-Oriented Software Technologies, IWWOST 2008 (2008)Google Scholar
  19. 19.
    Zhang, G., Hölzl, M.: Aspect-Oriented Modeling of Web Applications with HiLA. In: Wsh. Proc. 11th Int. Conf. Web Engineering (ICWE 2011). LNCS. Springer, Heidelberg (to appear, 2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Marianne Busch
    • 1
  • Alexander Knapp
    • 2
  • Nora Koch
    • 1
    • 3
  1. 1.Ludwig-Maximilians-Universität MünchenMünchenGermany
  2. 2.Universität AugsburgAugsburgGermany
  3. 3.Cirquent GmbHMünchenGermany

Personalised recommendations