Formalization of Web Security Patterns

Dwivedi, Ashish Kumar; Rath, Santanu Kumar

doi:10.18760/ic.14120152

Cited by 14 publications

(5 citation statements)

References 18 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alzahrani [18] demonstrated the use of codecharts for formal specification and verification of security patterns in terms of generalisation and abstraction. Dwivedi and Rath [19,20] presented verification of five security patterns of web applications and one security pattern of Service-Oriented Architecture (SOA) using Alloy [21]. The security patterns verified by Dwivedi and Rath [19,20] are secure proxy, single-sign-on, check point, authenticator, and access policy.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Approach for Verification of Secure Access Control Using Security Pattern

Gupta

Singh

Mohapatra

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

According to OWASP-2021, more than 3,00,000 web applications have been detected for unauthenticated and unauthorised access leading to a breach of security trust. Security patterns are commonly used in web applications to address the problem of broken access. Web developers are not experts in implementing security patterns. Therefore, it is necessary to verify that the security pattern has been applied, specifying the original intent of the security pattern. In this paper, an approach has been proposed that analyses the behavioural aspect of security patterns to verify that it meets the security requirement of the web application. The proposed approach extracts the class diagram’s structural properties, relations, associations, and security-related constraints and verifies it using the first-order predicate logic. Experiments have been conducted using class diagrams of security patterns to detect instances of broken access control early in the design phase. The proposed approach will help minimise the risk of unauthenticated and unauthorised access to a web application.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Dwivedi and Rath [19,20] presented verification of five security patterns of web applications and one security pattern of Service-Oriented Architecture (SOA) using Alloy [21]. The security patterns verified by Dwivedi and Rath [19,20] are secure proxy, single-sign-on, check point, authenticator, and access policy.…”

Section: Related Workmentioning

confidence: 99%

An Approach for Verification of Secure Access Control Using Security Pattern

Gupta

Singh

Mohapatra

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…• transforming UML models of security patterns to Alloy [15] and using the Alloy Analyzer to check the incon-sistencies and ambiguities within security patterns [10]. Five security patterns were studied.…”

Section: A Verification Of Security Patternsmentioning

confidence: 99%

Pattern-Based Approach to Modelling and Verifying System Security

Zheng

Zhu

et al. 2020

2020 IEEE International Conference on Service Oriented Systems Engineering (SOSE)

View full text Add to dashboard Cite

Security is one of the most important problems in the engineering of online service-oriented systems. The current best practice in security design is a pattern-oriented approach. A large number of security design patterns have been identified, categorised and documented in the literature. The design of a security solution for a system starts with identification of security requirements and selection of appropriate security design patterns; these are then composed together. It is crucial to verify that the composition of security design patterns is valid in the sense that it preserves the features, semantics and soundness of the patterns and correct in the sense that the security requirements are met by the design. This paper proposes a methodology that employs the algebraic specification language SOFIA to specify security design patterns and their compositions. The specifications are then translated into the Alloy formalism and their validity and correctness are verified using the Alloy model checker. A tool that translates SOFIA into Alloy is presented. A case study with the method and the tool is also reported.

show abstract

“…Furthermore, no detailed model checking result was given. In [5], a formal modeling approach for composing security patterns for web-based applications was proposed. This approach uses UML to model the security patterns and their composition and then transforms the UML model to Alloy (a formal specification language based on first order logic) formal specification for security property analysis.…”

Section: Related Workmentioning

confidence: 99%

Modeling and Analyzing Security Patterns Using High Level Petri Nets

2016

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

show abstract

Formalization of Web Security Patterns

Cited by 14 publications

References 18 publications

An Approach for Verification of Secure Access Control Using Security Pattern

An Approach for Verification of Secure Access Control Using Security Pattern

Pattern-Based Approach to Modelling and Verifying System Security

Modeling and Analyzing Security Patterns Using High Level Petri Nets

Contact Info

Product

Resources

About