Zeitschriftenartikel:
C. Hochreiner, P. Frühwirt, Z. Ma, P. Kieseberg, S. Schrittwieser, E. Weippl:
"Genie in a Model? Why Model Driven Security will not secure your Web Application";
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications,
5
(2014),
3;
S. 44
- 62.
Kurzfassung deutsch:
More often a new software development methodology called Model Driven Engineering (MDE) is
used to increase productivity by supporting powerful code generation tools, which allows a less errorprone
implementation process. However the idea of modeling system aspects during the design phase
- so called Model Driven Security (MDS) - was proposed by the scientific community decades ago
and yet it is still unclear whether MDS can improve the security of a software project. In this paper
we provide a comprehensive evaluation of current MDS approaches based on a web application scenario
in regards to the most common web security attacks. We discuss their strengths and limitations
as well as the practicability of MDS for modern web application security in general.
Kurzfassung englisch:
More often a new software development methodology called Model Driven Engineering (MDE) is
used to increase productivity by supporting powerful code generation tools, which allows a less errorprone
implementation process. However the idea of modeling system aspects during the design phase
- so called Model Driven Security (MDS) - was proposed by the scientific community decades ago
and yet it is still unclear whether MDS can improve the security of a software project. In this paper
we provide a comprehensive evaluation of current MDS approaches based on a web application scenario
in regards to the most common web security attacks. We discuss their strengths and limitations
as well as the practicability of MDS for modern web application security in general.