Using Model Driven Security Approaches in Web Application Development

[ PrePrint ] [ External Download ]
With the rise of Model Driven Engineering (MDE) as a software development methodology, which increases productivity and, supported by powerful code generation tools, allows a less error-prone implementation process, the idea of modeling security aspects during the design phase of the software development process was first suggested by the research community almost a decade ago. While various approaches for Model Driven Security (MDS) have been proposed during the years, it is still unclear, how these concepts compare to each other and whether they can improve the security of software projects. In this paper, we pro- vide an evaluation of current MDS approaches based on a simple web application scenario and discuss the strengths and limitations of the various techniques, as well as the practicability of MDS for web application security in general.
  author = {Hochreiner, Christoph and Ma, Zhendong and Kieseberg, Peter and Schrittwieser, Sebastian and Weippl, Edgar R.},
  editor = {Linawati and Mahendra, Made Sudiana and Neuhold, Erich J. and Tjoa, A. Min and You, Ilsun},
  title = {Using Model Driven Security Approaches in Web Application Development},
  booktitle = {Information and Communication Technology: Second IFIP TC5/8 International Conference, ICT-EurAsia 2014, Bali, Indonesia, April 14-17, 2014.},
  year = {2014},
  publisher = {Springer Berlin Heidelberg},
  address = {Berlin, Heidelberg},
  pages = {419--431},
  isbn = {978-3-642-55032-4},
  doi = {10.1007/978-3-642-55032-4_42},
  url = {}
Direct Link