Genie in a Model? Why Model Driven
Security will not secure your Web Application {hochreiner, pfruehwirt, pkieseberg, eweippl}@sba-research.org 2Austrian
Institute of Technology, Austria zhendong.ma@ait.ac.at 3St. Pölten
University of Applied Sciences, Austria sebastian.schrittwieser@fhstp.ac.at Abstract More often a
new software development methodology called Model Driven Engineering (MDE) is
used to increase productivity by supporting powerful code generation tools,
which allows a less error-prone implementation process. However the idea of
modeling system aspects during the design phase - so called Model Driven
Security (MDS) - was proposed by the scientific community decades ago and yet
it is still unclear whether MDS can improve the security of a software
project. In this paper we provide a comprehensive evaluation of current MDS
approaches based on a web application scenario in regards to the most common
web security attacks. We discuss their strengths and limitations as well as
the practicability of MDS for modern web application security in general. Keywords: model engineering, model driven security, security engineering. +: Corresponding author: Peter Frühwirt Favoritenstrasse 16,
1040 Wien, Austria; Tel: +43-699-17941418, Journal of
Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
(JoWUA), Vol. 5, No. 3,
pp. 44-62, September 2014 [pdf] |