{"title":"Model driven secure web applications: the SeWAT platform","authors":"Akram Idani","doi":"10.1145/3123779.3123800","DOIUrl":null,"url":null,"abstract":"Model driven security (MDS) is a well known approach in the access control domain. It proposes a security-by-design approach intended to link the encoded policy to the security policy modeling. However, this technique does not tie in the specificity and heterogeneity of web applications and hence the proposed model-to-code transformation doesn't fit the needs of web architects. Consequently, web applications are mainly hand-coded, or correspond to legacy code developed before the implementation of security mechanisms. Security concerns are mixed with the application code and hence it is difficult to understand the policy in order to maintain, correct, or evolve it. This work deals with access control mechanisms following the RBAC pattern. Our work proposes a toolset dedicated to modeling and deployment of an acces control engine for a web application assuming that the functional part of the application is developed following a classical process. Our technique tries to reconcile modeling, validation and implementation of role-based security policies, and favours model driven security in the context of web applications. The toolset allows developers to graphically model an MVC web application by making links to its requirements and then generates a security filter from the web application's model. This technique guaranties that the deployed access control policy is conformant to its specification and associated validation activities.","PeriodicalId":405980,"journal":{"name":"Proceedings of the Fifth European Conference on the Engineering of Computer-Based Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fifth European Conference on the Engineering of Computer-Based Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3123779.3123800","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Model driven security (MDS) is a well known approach in the access control domain. It proposes a security-by-design approach intended to link the encoded policy to the security policy modeling. However, this technique does not tie in the specificity and heterogeneity of web applications and hence the proposed model-to-code transformation doesn't fit the needs of web architects. Consequently, web applications are mainly hand-coded, or correspond to legacy code developed before the implementation of security mechanisms. Security concerns are mixed with the application code and hence it is difficult to understand the policy in order to maintain, correct, or evolve it. This work deals with access control mechanisms following the RBAC pattern. Our work proposes a toolset dedicated to modeling and deployment of an acces control engine for a web application assuming that the functional part of the application is developed following a classical process. Our technique tries to reconcile modeling, validation and implementation of role-based security policies, and favours model driven security in the context of web applications. The toolset allows developers to graphically model an MVC web application by making links to its requirements and then generates a security filter from the web application's model. This technique guaranties that the deployed access control policy is conformant to its specification and associated validation activities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
