Browse > Article
http://dx.doi.org/10.7472/jksii.2013.14.4.35

An Object-Oriented Analysis and Design Methodology for Security of Web Applications  

Joo, Kyung-Soo (Dept. of Computer Software Engineering, SoonChunHyang University)
Woo, Jung-Woong (Dept. of Computer Software Engineering, SoonChunHyang University)
Publication Information
Journal of Internet Computing and Services / v.14, no.4, 2013 , pp. 35-42 More about this Journal
Abstract
Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.
Keywords
Object-Oriented Analysis and Design; Web Application; Security; RBAC; Java EE;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Denis Hatebur, Maritta Heisel, Jan Jurjens, Holger Schmidt, "Systematic Development of UMLsec Design Models Based on Security Requirements", Lecture Notes in computer Science, Vol. 6603, pp.232-246, 2011.   DOI   ScienceOn
2 Salim Chehida, Mustapha kamel Rahmouni, "Security Requirements Analysis of Web Applications using UML", ICWIT, Vol. 867, pp.232-239, 2012.
3 Kathy Sierra, Bert Bates, Bryan Basham, "Head First Servlet & JSP", pp.683-721, Hanbit Media. Inc, 2009.
4 Chae Heung-Seok, Object-oriented CDB Project for UML and Java as learning, Hanbit Media. Inc, pp. 84-112, 2009.
5 Joo Kyung-Soo, Woo Jung-Woong, "A Development of the Unified Object-Oriented Analysis and Design Methodology for Security-Critical Web Applications Based on Object-Relational Data-Forcusing on Oracle 11g-", Korea Society of Computer Infomation, Vol. 17, No. 12, pp. 169-177, 2012.   과학기술학회마을   DOI   ScienceOn
6 Eduardo Fernandez-Medinaa, Juan Trujillob, Rodolfo Villarroelc and Mario Piattinia, "Developing secure data warehouses with a UML extension", Journal Information Systems archive, vol. 32 No. 6, pp.826-856, 2007.   DOI   ScienceOn
7 G.Popp, J. Jurjens, G.Wimmel, R. Breu, "Security-Critical System Development with Extended Use Case", Asia-Pacific Software Engineering Conference, 5-1 self, 2003.
8 Madan, s, "security Standards Perspective to Fortify Web Database Applications From Code Injection Attacks", International Conference on Intelligent Systems, Modelling and Simulation(ISMS), vol. 10, pp. 226-230, 2010.
9 lqra Basharat, Farooque Anam, Abdul Wahab Muzaffar, "Database Security and Encryption: A Survey Study", International Journal of Computer Application, vol. 47, No. 12, pp28-34, 2012
10 Cho Wan-Su, "UML 2 & UP Object-Oriented Analysis&design", pp.189-205, Hongrung Publishing Company, 2005.
11 David Basin, Jugen Doser and Torsten Lodderstedt, "Model Driven Security: from UML Models to Access Control Infrastructures", ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 15 No. 1, pp39-91, 2006   DOI
12 OWASP TOP 10, https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
13 Certification : protect of on-line banking, http://www.tekbar.net/ko/network-knowledge/two-factor-authentication-the-protection-of.html
14 Jeon Byeong-Seon, "CBD, WHAT&HOW", Wowbooks, pp. 189-205, 2005.
15 Han Jeong-Su, Kim Gwi-Jeong, Song Yeong-Jae, "Introduction to UML : Object-Oriented Design as in a friendly learning", Hanbit Media. Inc, pp. 58-66, 2009.
16 R. Matulevicius, M. Dumas, "Towards Model Transformation between SecureUML and UMLsec for Role-based Access Control", IEEE, DB&IS, pp.339-352, 2010.
17 Brett D. McLaughlin, Gary Pollice, David West, "Head First Object Oriented Analysis & Design", pp.96-103, Hanbit Media. Inc, 2007.