By Topic

A resource-based approach to formalize use case specification for web applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Weifeng Xu ; Dept. of Comput. & Inf. Sci., Gannon Univ., Erie, PA, USA ; Lin Deng ; Yunkai Liu

Web applications under attack may perform undesirable behaviors against their use case specification. These attacks exploit web vulnerabilities which are usually considered as consequences of abusing web resources. The paper proposes a resource-based approach to formalize use case specification for web applications. The goal of the research is to identify and organize web resources, and to integrate web resources into use cases in a structured way. First, we filter web resource information based on the lexical analysis of the original use case specification. Then, we identify hidden web resources that are not listed in the event flow but required during the realization of the event. After that, we organize these web resources into a web resource tree. Finally, the formalized use case specification is constructed into a tree structure along with a defined event flow grammar. The resource-based use case specification enables security analysts to analyze the web vulnerabilities in terms of the resources required by each event. It is helpful to elicit security requirements.

Published in:

Progress in Informatics and Computing (PIC), 2010 IEEE International Conference on  (Volume:2 )

Date of Conference:

10-12 Dec. 2010