Formalization of Web Security Patterns

Security issues in software industries become more and more challenging due to malicious attacks and as a result, it leads to exploration of various security holes in software system. In order to secure the information assets associated with any software system, organizations plan to design the system based on a number of security patterns, useful to build and test new security mechanisms. These patterns are nothing but certain design guidelines. But they have certain limitations in terms of consistency and usability. Hence, these security patterns may sometimes act as insecure. In this study, an attempt has been made to compose security patterns for the web-based application. Subsequently, a formal modeling approach for the composition of security patterns is presented. In order to maximize comprehensibility, Unified Modeling Language (UML) notations are used to represent structural and behavioral aspects of a web-based system. A formal modeling language i.e., Alloy has been taken into consideration for analyzing web-based security pattens. For the demonstration of this approach, a case study i.e., an online banking system is considered. A qualitative evaluation is performed for the identified security patterns against the critical security properties. In this study a model-driven framework is presented, which helps to automate the process of analyzing web security patterns.