Experimental Analysis of SPF Based Secure Web Application

Full Text (PDF, 337KB), PP.48-55

Views: 0 Downloads: 0

Author(s)

Nitish Pathak 1,* Girish Sharma 2 B. M. Singh 3

1. UTU, Dehradun (INDIA)

2. Departments of CS&E, BPIBS, Govt. of NCT, Delhi (INDIA)

3. Department of CS&E, College of Engineering Roorkee, Roorkee (INDIA)

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2015.02.07

Received: 8 Oct. 2014 / Revised: 13 Nov. 2014 / Accepted: 3 Dec. 2014 / Published: 8 Feb. 2015

Index Terms

UML, Code generation, Model driven software development, OO Rose Mode-Object Oriented Rose Model, TOS -Trusted Operating System

Abstract

In this paper we will propose model driven software development and Security Performance Framework (SPF) Model to maintain the balance between security and performance for web applications.
We propose that all security in a Trusted Operating System is not necessary. Some non-essential security checks can be skipped to increase system performance. These non essential security checks can be identified in any web application.
For implementation of this Security Performance framework based trusted operating system, we propose object oriented based Code generation through forward engineering. This involves generating source code of web application from one or more Object oriented Rational Rose model. The novel integration of security engineering with model-driven software expansion approach has varied advantages.
To maintain security in various applications like E-commerce, Banking, Marketplace services, Advertising, Auctions, Comparison shopping, Mobile commerce Payment, Ticketing, Online insurance policy management, we have to use high secured operating systems. In this regard a number of trusted operating systems like Argus, Trusted Solaris, and Virtual Vault have been developed by various companies to handle the increasing need of security. Due to high security reason these operating systems are being used in defense. But still these secure operating systems have limited scope in commercial sector due to lower performance; actually this security will come at a cost. This paper analyzes UML-based software development solutions for SPF to manage the security, performance and modeling for web applications.

Cite This Paper

Nitish Pathak, Girish Sharma, B. M. Singh, "Experimental Analysis of SPF Based Secure Web Application", International Journal of Modern Education and Computer Science (IJMECS), vol.7, no.2, pp.48-55, 2015. DOI:10.5815/ijmecs.2015.02.07

Reference

[1]Booch G., Jacobson I., Rumbaugh J. The UML Language Users Guide. Addison-Wesley, ACM Press, 1999.
[2]J. Jürjens. Towards development of secure systems using UMLsec. In H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, pages 187–200. Springer, 2001.
[3]P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM Workshop on Role-based access control, pages 135–143. ACM Press, 1999.
[4]http://en.wikipedia.org/wiki/Applications_of_UML.
[5]Roy A, Karforma S, A Survey on E-Governance Security, International Journal of Computer Engineering and Computer Applications (IJCECA). Fall Edition 2011, Vol 08 Issue No. 01, Pp: 50-62, ISSN 0974-4983.
[6]Baresi L., Garzotto F., Paolini P. From Web Sites to Web Applications: New Issues for Conceptual Modeling. ER’2000 Workshop on Conceptual Modeling and the Web, LNCS 1921. Springer-Verlag, 2000, pp. 89-100.
[7]K. Koskimies, T. M¨annist¨o, T. Syst¨a, and J. Tuomi, “Automated Support for Modeling OO Software”, IEEE Software, 15, 1, January/February 1998, pp. 87–94.
[8]Mark Aldrich. Secured Systems and Ada: A Trusted System Software Architecture. Proceedings of TRI-Ada, 2001.
[9]P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM workshop on Role-based access control, pages 135–143. ACM Press, 1999.
[10]Gómez J., Cachero C., Pastor O. Extending a Conceptual Modeling Approach to Web Application Design. In Proc. Conference on Advanced Information Systems Engineering (CAiSE), LNCS 1789, Springer- Verlag, 2000, pp. 79-93.
[11]J. Jürjens. Towards development of secure systems using UMLsec. In H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, pages 187–200. Springer, 2001.
[12]Gómez J., Cachero C., Pastor O. Extending a Conceptual Modeling Approach to Web Application Design. In Proc. Conference on Advanced Information Systems Engineering (CAiSE), LNCS 1789, Springer- Verlag, 2000, pp. 79-93.
[13]http://www.ijric.org/volumes/Vol8/Vol8No8.pdf.
[14]http://cairo.cs.uiuc.edu/publications/papers/thesis-achu.pdf.
[15]James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford. Security Models for Web-Based Applications, 2001.
[16]Christian Friberg and Achim Held. Support for Discretionary Role-Based Access Control in ACL-oriented Operating Systems. Proceedings of the Second ACM Role-Based Access Control Workshop, 2005.
[17]http://www.ksc.com/articles/usecases.htm.
[18]Ivar Jacobson, Magnus Christerson, Patrik Jonsson, and Gunnar Övergaard, Object-Oriented Software Engineering: A Use Case Driven Approach, Addison-Wesley, Wokingham, England, 1992. David Ferraiolo and Richard Kuhn. Role-Based Access Control. Proceedings of the 15th National Computer Security Conference, 2004.
[19]Power, J. F. & Malloy, B. A. (2000), an approach for modeling the name lookup problem in the C + + programming language, in `ACM Symposium on Applied Computing', Como, Italy.
[20]Tamar Richner and St′ephane Ducasse. Recovering high-level views of object-oriented applications from static and dynamic information. In Hongji Yang and Lee White, editors, Proceedings ICSM’99 (International Conference on Software Maintenance). IEEE, September 1999.
[21]Vishal Jain, Dr. Mayank “Singh Ontology Based Information Retrieval in Semantic Web: A Survey, I.J. Information Technology and Computer Science”, 2013/10, 62-69, http://www.mecs-press.org.
[22]Nan Nie, Suzhi Zhang, Quality Test Template toward Multi-user Access Control of Internet-Based System, International Journal of Information Engineering and Electronic Business (IJIEEB). Vol.3, No.3, June 2011, PP.30-36, ISSN: 2074-9031 (Online) http://www.mecs-press.org.
[23]Nitish Pathak, Dr. Girish Sharma and Dr. B. M. Singh “ Forward Engineering based Implementation of TOS in Social Networking” International Journal of Computer Applications, USA, Volume 102 – No.11, September 2014,PP.33-38, ISSN: 0975 – 8887.