Model-assisted access control implementation for code-centric ruby-on-rails web application development

Seiji Munetoh, Nobukazu Yoshioka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.

Original languageEnglish
Title of host publicationProceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
Pages350-359
Number of pages10
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event2013 8th International Conference on Availability, Reliability and Security, ARES 2013 - Regensburg, Germany
Duration: 2013 Sep 22013 Sep 6

Publication series

NameProceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Conference

Conference2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Country/TerritoryGermany
CityRegensburg
Period13/9/213/9/6

Keywords

  • Access control
  • Agile development
  • Modeling Web application
  • Static security analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Model-assisted access control implementation for code-centric ruby-on-rails web application development'. Together they form a unique fingerprint.

Cite this