Skip to main content
SpringerLink
Log in

Modeling Secure Navigation in Web Information Systems

  • Conference paper
Perspectives in Business Informatics Research (BIR 2011)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 90))

Included in the following conference series:

Summary

Secure web information systems are becoming increasingly important due to rising cybercrime as well as the growing awareness of data privacy. Besides authentication and confidential connections, both data access control and navigational access control are the most relevant security features in this field. Adding such security features, however, to already implemented web applications is an error-prone task. Our approach enables web engineers to model security issues in an early phase of the development process. We demonstrate the integration for the UML-based Web Engineering (UWE) method. The approach supports the engineer by providing means to model navigational security with a plugin in a UML modeling tool. Additionally, the models can be used for the verification of web systems and security properties, such as reachability of navigation nodes in general and of those that are restricted to authorized users.

This work has been partially supported by the DFG project MAEWA II, WI 841/7-2, the EU project ASCENS, 257414, and by the EU-NoE project NESSoS, 256980.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Chichester (2008)

    Google Scholar 

  2. Balser, M., Bäumler, S., Knapp, A., Reif, W., Thums, A.: Interactive Verification of UML State Machines. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 434–448. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Busch, M.: Integration of Security Aspects in Web Engineering. Master’s thesis, Ludwig-Maximilians-Universität München (2011), http://uwe.pst.ifi.lmu.de/publications/BuschDA.pdf

  4. Busch, M., Koch, N.: MagicUWE – A CASE Tool Plugin for Modeling Web Applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 505–508. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Clavel, M., da Silva, V., Braga, C., Egea, M.: Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 326–337. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Gilmore, S., Gönczy, L., Koch, N., Mayer, P., Tribastone, M., Varró, D.: Non-functional Properties in the Model-Driven Development of Service-Oriented Systems. J. Softw. Syst. Model. 10(3), 287–311 (2011)

    Article  Google Scholar 

  7. Gnesi, S., Mazzanti, F.: On-The-Fly Model Checking of Communicating UML State Machines. In: Proc. 2nd ACIS Int. Conf. Software Engineering Research, Management and Applications (SERA 2004), Los Angeles (2004)

    Google Scholar 

  8. Hafner, M., Breu, R.: Security Engineering for Service-Oriented Architectures. Springer, Heidelberg (2008)

    Google Scholar 

  9. Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison–Wesley, London (2004)

    Google Scholar 

  10. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004); Tools and further information, http://www.umlsec.de/

    Google Scholar 

  11. Knapp, A., Merz, S., Rauh, C.: Model Checking - Timed UML State Machines and Collaborations. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 395–416. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Koch, N., Knapp, A., Zhang, G., Baumeister, H.: UML-based Web Engineering: An Approach based on Standards. In: Web Engineering: Modelling and Implementing Web Applications. Human-Computer Interaction Series, pp. 157–191. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Meliá, S., Gómez, J., Pérez, S., Díaz, O.: A Model-Driven Development for GWT-Based Rich Internet Applications with OOH4RIA. In: Proc. 8th Int. Conf. Web Engineering (ICWE 2008), pp. 13–23. IEEE, Los Alamitos (2008)

    Chapter  Google Scholar 

  15. Menzel, M., Meinel, C.: A Security Meta-model for Service-Oriented Architectures. In: Proc. 2009 IEEE Int. Conf. Services Computing (SCC 2009), pp. 251–259. IEEE, Los Alamitos (2009)

    Chapter  Google Scholar 

  16. Moreno, N., Fraternali, P., Vallecillo, A.: WebML modelling in UML. IET Software 1(3), 67 (2007)

    Article  Google Scholar 

  17. Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)

    Google Scholar 

  18. Valverde, F., Pastor, O.: Applying Interaction Patterns: Towards a Model-Driven Approach for Rich Internet Applications Development. In: Proc. 7th Int. Wsh. Web-Oriented Software Technologies, IWWOST 2008 (2008)

    Google Scholar 

  19. Zhang, G., Hölzl, M.: Aspect-Oriented Modeling of Web Applications with HiLA. In: Wsh. Proc. 11th Int. Conf. Web Engineering (ICWE 2011). LNCS. Springer, Heidelberg (to appear, 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ludwig-Maximilians-Universität München, Oettingenstraße 67, 80538, München, Germany

    Marianne Busch & Nora Koch

  2. Universität Augsburg, Universitätsstraße 6a, 86159, Augsburg, Germany

    Alexander Knapp

  3. Cirquent GmbH, Zamdorfer Staße 120, 81677, München, Germany

    Nora Koch

Authors
  1. Marianne Busch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Knapp
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Koch
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Riga Technical University, 2169, Salaspils, Latvia

    Janis Grabis

  2. Riga Technical University, 1048, Riga, Latvia

    Marite Kirikova

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Busch, M., Knapp, A., Koch, N. (2011). Modeling Secure Navigation in Web Information Systems. In: Grabis, J., Kirikova, M. (eds) Perspectives in Business Informatics Research. BIR 2011. Lecture Notes in Business Information Processing, vol 90. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24511-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24511-4_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24510-7

  • Online ISBN: 978-3-642-24511-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation