Modeling security features of web applications

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8431, Issue , 2014, Pages 119-139

  Busch, Marianne ^a   Koch, Nora ^a   Suppan, Santiago ^b  

^a UNIVERSITY OF MUNICH   (Germany)

^b SIEMENS AG   (Germany)

Author keywords

Energy Management System; Secure web engineering; Security; Smart Home; UML; UML based web engineering; Web applications

Indexed keywords

APPLICATION PROGRAMS; AUTOMATION; ENERGY MANAGEMENT; ENERGY UTILIZATION; LIFE CYCLE; SOFTWARE DESIGN; COMPUTER SOFTWARE; ENERGY MANAGEMENT SYSTEMS; INTELLIGENT BUILDINGS; MOBILE SECURITY; SOCIAL NETWORKING (ONLINE);

CONCRETE APPLICATIONS; REQUIREMENTS DOCUMENT; SECURITY; SMART HOMES; SOFTWARE DEVELOPMENT LIFE CYCLE; WEB APPLICATION; WEB DEVELOPERS; WEB ENGINEERING; UML;

ENERGY MANAGEMENT SYSTEMS; WORLD WIDE WEB;

EID: 84925012790     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-07452-8_5     Document Type: Article

References (37)

1. Basin, D., Clavel, M., Egea, M., Schläpfer, M.: Automatic Generation of Smart, Security-Aware GUI Models. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 201-217. Springer, Heidelberg (2010).
2. Busch, M., Knapp, A., Koch, N.: Modeling Secure Navigation in Web Information Systems. In: Grabis, J., Kirikova, M. (eds.) BIR 2011. LNBIP, vol. 90, pp. 239-253. Springer, Heidelberg (2011).
3. Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 75-88. ACM, New York (2008).
4. NESSoS: Network of Excellence on Engineering Secure Future Internet Software Services and Systems (2014), http://nessos-project.eu/.
5. Bertolino, A., Busch, M., Daoudagh, S., Lonetti, F., Marchetti, E.: A Toolchain for Designing and Testing Access Control Policies. In: Heisel, M., Joosen,W., Lopez, J., Martinelli, F. (eds.) Engineering SecureFuture Internet Services and Systems.LNCS, vol. 8431, pp. 266-286. Springer, Heidelberg (2014).
6. Cuellar, J., Suppan, S.: A smart metering scenario (2013), https://securitylab.disi.unitn.it/lib/exe/fetch.php?media=research activities:erise:erise 2013:erise2013-smartmeteering-description.pdf.
7. Cuellar, J.: NESSoS deliverable D11.4 - Pilot applications, evaluating NESSoS solutions (to appear, 2014).
8. Guerrero, J.M.: Microgrids: Integration of distributed energy resources into the smart-grid. In: IEEE International Symposium on Industrial Electronics, pp. 4281-4414 (2010).
9. LMU. Web Engineering Group.: UWE Website (2014), http://uwe.pst.ifi.lmu.de/.
10. Cubo, J., Cuellar, J., Fries, S., Martín, J.A., Moyano, F., Fernández, G., Gago, M.C.F., Pasic, A., Román, R., Dieguez, R.T., Vinagre, I.: Selection and documentation of the two major applicationcase studies. NESSoS deliverable D11.2 (2011).
11. Gómez, A., Tellechea, M., Rodríguez, C.: D1.1 Requirements of AMI. Technical report, OPEN meter project (2009).
12. Bennett, C., Wicker, S.: Decreased time delay and security enhancement recommendations for ami smart meter networks. In: Innovative Smart Grid Technologies (ISGT), pp. 1-6 (2010).
13. OWASP Foundation: OWASP Top 10 - 2013 (2013), http://owasptop10.googlecode.com/files/OWASPTop10-2013.pdf.
14. OMG.: OCL 2.0 (2011), http://www.omg.org/spec/OCL/2.0/.
15. No Magic Inc.: Magicdraw (2014), http://www.magicdraw.com/.
16. Busch, M., Koch, N.: NESSoS Deliverable D2.3 - Second Release of the SDE for Security-Related Tools (2012).
17. Busch, M., Koch, N.: MagicUWE — A CASE Tool Plugin for Modeling Web Applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 505-508. Springer, Heidelberg (2009).
18. Busch, M., Ochoa, M., Schwienbacher, R.: Modeling, Enforcing and Testing Secure Navigation Paths for Web Applications. Technical Report 1301, Ludwig- Maximilians-Universität München (2013).
19. Busch, M., García de Dios, M.A.: ActionUWE: Transformation of UWE to ActionGUI Models. Technical report, Ludwig-Maximilians-Universität München, Number 1203 (2012).
20. Kroiss, C., Koch, N., Knapp, A.: UWE4JSF - A Model-Driven Generation Approach for Web Applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 493-496. Springer, Heidelberg (2009).
21. Eclipse: XPand (2013), http://wiki.eclipse.org/Xpand.
22. OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access control-xacml-2.0-core-spec-os.pdf.
23. Wolf, K.: Sicherheitsbezogene Model-to-Code Transformation für Webanwendungen (German), Bachelor Thesis (2012).
24. Busch, M., Koch, N., Masi, M., Pugliese, R., Tiezzi, F.: Towards model-driven development of access control policies for web applications. In: Model-Driven Security Workshop in Conjunction with MoDELS 2012. ACM Digital Library (2012).
25. Masi, M., Pugliese, R., Tiezzi, F.: Formalisation and Implementation of the XACML Access Control Mechanism. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 60-74. Springer, Heidelberg (2012).
26. SDE: Service Development Environment (2014), http://www.nessos-project.eu/sde.
27. Soriano, R., Alberto, M., Collazo, J., Gonzales, I., Kupzo, F., Moreno, L., Lugmaier, A., Lorenzo, J.: OpenNode. Open Architecture for Secondary Nodes of the Electricity SmartGrid. In: 21st International Conference on Electricity Distribution (2011).
28. Department of Energy and Climate Change: Smart Metering Implementation Programme, Response to Prospectus Consultation, Overview Document. Technical report, Office of Gas and Electricity Markets (2011).
29. Beckers, K., Fabender, S., Heisel, M., Suppan, S.: A threat analysis methodology for smart home scenarios. In: SmartGridSec 2014. LNCS. Springer (2014).
30. Grossman, J.: Website security statistics report. Technical report, WhiteHat Security (2013), https://www.whitehatsec.com/resource/stats.html.
31. Busch, M.: Secure Web Engineering supported by an Evaluation Framework. In: Modelsward 2014. Scitepress (2014).
32. Jürjens, J.: Secure Systems Development with UML. Springer (2004), Tools and further information: http://www.umlsec.de/.
33. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426-441. Springer, Heidelberg (2002).
34. Slimani, N., Khambhammettu, H., Adi, K., Logrippo, L.: UACML: Unified Access Control Modeling Language. In: NTMS 2011, pp. 1-8 (2011).
35. Hafner, M., Breu, R.: Security Engineering for Service-Oriented Architectures. Springer (2008).
36. Gilmore, S., Gönczy, L., Koch, N., Mayer, P., Tribastone, M., Varró, D.: Nonfunctional Properties in the Model-Driven Development of Service-Oriented Systems. J. Softw. Syst. Model. 10(3), 287-311 (2011).
37. Menzel, M., Meinel, C.: A Security Meta-model for Service-Oriented Architectures. In: Proc. 2009 IEEE Int. Conf. Services Computing (SCC 2009), pp. 251-259. IEEE (2009).