Model driven secure web applications: The SeWAT platform

Abstract : Model driven security (MDS) is a well known approach in the access control domain. It proposes a security-by-design approach intended to link the encoded policy to the security policy modeling. However, this technique does not tie in the specificity and heterogeneity of web applications and hence the proposed model-to-code transformation doesn't fit the needs of web architects. Consequently, web applications are mainly hand-coded, or correspond to legacy code developed before the implementation of security mechanisms. Security concerns are mixed with the application code and hence it is difficult to understand the policy in order to maintain, correct, or evolve it. This work deals with access control mechanisms following the RBAC pattern. Our work proposes a toolset dedicated to modeling and deployment of an acces control engine for a web application assuming that the functional part of the application is developed following a classical process. Our technique tries to reconcile modeling, validation and implementation of role-based security policies, and favours model driven security in the context of web applications. The toolset allows developers to graphically model an MVC web application by making links to its requirements and then generates a security filter from the web application's model. This technique guaranties that the deployed access control policy is conformant to its specification and associated validation activities.
Type de document :
Communication dans un congrès
ECBS, Aug 2017, Larnaca, Cyprus. ACM Conference on the Engineering of Computer-Based Systems - ECBS'2017, 2017, 〈10.1145/3123779.3123800〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01586723
Contributeur : Akram Idani <>
Soumis le : mercredi 13 septembre 2017 - 10:48:29
Dernière modification le : vendredi 15 septembre 2017 - 01:04:32

Identifiants

Collections

Citation

Akram Idani. Model driven secure web applications: The SeWAT platform. ECBS, Aug 2017, Larnaca, Cyprus. ACM Conference on the Engineering of Computer-Based Systems - ECBS'2017, 2017, 〈10.1145/3123779.3123800〉. 〈hal-01586723〉

Partager

Métriques

Consultations de la notice

16