Modeling secure navigation in web information systems

Abstract

Secure web information systems are becoming increasingly important due to rising cybercrime as well as the growing awareness of data privacy. Besides authentication and confidential connections, both data access control and navigational access control are the most relevant security features in this field. Adding such security features, however, to already implemented web applications is an error-prone task. Our approach enables web engineers to model security issues in an early phase of the development process. We demonstrate the integration for the UML-based Web Engineering (UWE) method. The approach supports the engineer by providing means to model navigational security with a plugin in a UML modeling tool. Additionally, the models can be used for the verification of web systems and security properties, such as reachability of navigation nodes in general and of those that are restricted to authorized users. © 2011 Springer-Verlag.