A resource-based approach to formalize use case specification for web applications

Web applications under attack may perform undesirable behaviors against their use case specification. These attacks exploit web vulnerabilities which are usually considered as consequences of abusing web resources. The paper proposes a resource-based approach to formalize use case specification for web applications. The goal of the research is to identify and organize web resources, and to integrate web resources into use cases in a structured way. First, we filter web resource information based on the lexical analysis of the original use case specification. Then, we identify hidden web resources that are not listed in the event flow but required during the realization of the event. After that, we organize these web resources into a web resource tree. Finally, the formalized use case specification is constructed into a tree structure along with a defined event flow grammar. The resource-based use case specification enables security analysts to analyze the web vulnerabilities in terms of the resources required by each event. It is helpful to elicit security requirements.