Model-assisted access control implementation for code-centric ruby-on-rails web application development

Seiji Munetoh; Nobukazu Yoshioka

doi:10.1109/ARES.2013.47

Model-assisted access control implementation for code-centric ruby-on-rails web application development

Seiji Munetoh, Nobukazu Yoshioka

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.

Original language	English
Title of host publication	Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
Pages	350-359
Number of pages	10
DOIs	https://doi.org/10.1109/ARES.2013.47
Publication status	Published - 2013
Externally published	Yes
Event	2013 8th International Conference on Availability, Reliability and Security, ARES 2013 - Regensburg, Germany Duration: 2013 Sept 2 → 2013 Sept 6

Publication series

Name	Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Conference

Conference	2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Country/Territory	Germany
City	Regensburg
Period	13/9/2 → 13/9/6

Keywords

Access control
Agile development
Modeling Web application
Static security analysis

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality

Access to Document

10.1109/ARES.2013.47

Cite this

Munetoh, S., & Yoshioka, N. (2013). Model-assisted access control implementation for code-centric ruby-on-rails web application development. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 (pp. 350-359). Article 6657263 (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013). https://doi.org/10.1109/ARES.2013.47

Model-assisted access control implementation for code-centric ruby-on-rails web application development. / Munetoh, Seiji; Yoshioka, Nobukazu.
Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013. 2013. p. 350-359 6657263 (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Munetoh, S & Yoshioka, N 2013, Model-assisted access control implementation for code-centric ruby-on-rails web application development. in Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013., 6657263, Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp. 350-359, 2013 8th International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 13/9/2. https://doi.org/10.1109/ARES.2013.47

Munetoh S, Yoshioka N. Model-assisted access control implementation for code-centric ruby-on-rails web application development. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013. 2013. p. 350-359. 6657263. (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013). doi: 10.1109/ARES.2013.47

@inproceedings{31c9c6ef6a2d4757aa77b3124c4f5015,

title = "Model-assisted access control implementation for code-centric ruby-on-rails web application development",

abstract = "In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.",

keywords = "Access control, Agile development, Modeling Web application, Static security analysis",

author = "Seiji Munetoh and Nobukazu Yoshioka",

year = "2013",

doi = "10.1109/ARES.2013.47",

language = "English",

isbn = "9780769550084",

series = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",

pages = "350--359",

booktitle = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",

note = "2013 8th International Conference on Availability, Reliability and Security, ARES 2013 ; Conference date: 02-09-2013 Through 06-09-2013",

}

TY - GEN

T1 - Model-assisted access control implementation for code-centric ruby-on-rails web application development

AU - Munetoh, Seiji

AU - Yoshioka, Nobukazu

PY - 2013

Y1 - 2013

N2 - In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.

AB - In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.

KW - Access control

KW - Agile development

KW - Modeling Web application

KW - Static security analysis

UR - http://www.scopus.com/inward/record.url?scp=84892419150&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84892419150&partnerID=8YFLogxK

U2 - 10.1109/ARES.2013.47

DO - 10.1109/ARES.2013.47

M3 - Conference contribution

AN - SCOPUS:84892419150

SN - 9780769550084

T3 - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

SP - 350

EP - 359

BT - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

T2 - 2013 8th International Conference on Availability, Reliability and Security, ARES 2013

Y2 - 2 September 2013 through 6 September 2013

ER -

Model-assisted access control implementation for code-centric ruby-on-rails web application development

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this