Towards designing of SPF based secure web application using UML 2.0

详细信息    查看全文

• 作者：Nitish Pathak ; Girish Sharma ; B. M. Singh
• 关键词：UML ; Fast prototyping ; Object oriented (OO) ; Model driven software development ; TOS ; Trusted operating system ; Class identification and modeling
• 刊名：International Journal of System Assurance Engineering and Management
• 出版年：2017
• 出版时间：January 2017
• 年：2017
• 卷：8
• 期：1-supp
• 页码：208-218
• 全文大小：
• 刊物类别：Engineering
• 刊物主题：Quality Control, Reliability, Safety and Risk; Engineering Economics, Organization, Logistics, Marketing;
• 出版者：Springer India
• ISSN：0976-4348
• 卷排序：8

文摘

This paper describes UML-based foundations for model driven architecture and forward engineering of UML static models. In this paper, we propose an integrated environment for designing object-oriented enterprise models. In this projected process for Fast Prototyping, we design object models like use case diagram, sequence diagram, class diagram, etc. We use object-oriented conceptual modeling techniques to design and develop various applications like E-commerce, Banking, Comparison shopping, Ticketing, Online insurance policy management, product purchase system, etc. This paper suggests forward engineering to generate source code from object models through IBM Rational Rose software. This object oriented source code help software development team from analysis to maintenance phase as well as for round trip engineering. Due to high security concern, we have to use highly secure operating systems as a platform to run these web applications. In this regard, a number of trusted operating systems like Argus, Trusted Solaris, and Virtual Vault have been developed by various companies to handle the increasing need of security. The novel integration of security engineering with model-driven software expansion approach has various advantages. As we observe that all security checks in a Trusted Operating System is not necessary. Some non-essential security checks can be skipped by administrator to increase system performance. These non essential security checks can be easily identified at the time of requirement analysis. For example, the majority of web servers deal with pure public information. The majority of data on a web server is publicly readable and available to all users, but these users should not be capable to change the data on the web server. In this application, the need for security checks during reads from disk seems like a waste of CPU cycles. The real security need for web servers seems to be the security of write accesses, not read accesses. In this paper, we propose code generation, Class identification and Modeling for web applications through UML 2.0. Further we propose Security Performance flexibility model for the same to maintain the balance between security and performance for web applications.