Title :
Model-Assisted Access Control Implementation for Code-centric Ruby-on-Rails Web Application Development
Author :
Munetoh, S. ; Yoshioka, Nobukazu
Author_Institution :
Dept. of Inf., Grad. Univ. for Adv. Studies, Tokyo, Japan
Abstract :
In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.
Keywords :
Internet; authorisation; formal verification; Ruby on Rails Web application source codes; application code; authentication features; authorization features; code-centric Ruby-on-Rails Web application development; model-assisted access control implementation; navigation model; security feature faultlessness; security properties; static verification tool; Authentication; Authorization; Navigation; Rails; Testing; Static security analysis; access control; agile development; modeling Web application;
Conference_Titel :
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location :
Regensburg
DOI :
10.1109/ARES.2013.47
