Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Name
Andrey Sergeev
Abstract
Nowadays fast and successful development of a web application is one of the keys to effective business. However, modern world requirements define the complex approach in definition of ac-cess control and user groups’ interoperability. The software development process typically in-volves different responsible members for the application assessment, planning, development, de-ployment and support, as a consequence, increasing the complexity and information losses be-tween target groups. In order to mitigate possible risks in software development misinterpretation and security violation, teams should use tools that allow fast and accurate interpretation of the web application through a model. Modelling will help with minimization of possible problems and ensure the functionality needs with respect to desired RBAC model. In order to support and simpli-fy the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them. The generation of visual model is achieved in two main steps: recognition of Spring Security configuration and gen-eration of representation with SecureUML modeling language. The concept of contributed plugin was validated within case studies that demonstrated the acceptance of this plugin by software de-velopers due to its integrated solution for faster development and help in understanding of RBAC model for the selected web application.
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Raimundas Matulevičius
Defence year
2016