Secure Agent-Oriented Modelling with Web-based Security Application Development

Macklin, Limpan and Cheah, Wai Shiang and Eaqerzilla, Phang and Muhammad Asyraf, Khairuddin and Nurfauza, Jali (2024) Secure Agent-Oriented Modelling with Web-based Security Application Development. INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION, 8 (1). pp. 499-509. ISSN 2549-9904

[img] PDF
2180-6607-1-PB.pdf
Download (4MB)
Official URL: https://joiv.org/index.php/joiv/article/view/2180

Abstract

Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an alternative methodology that supports security risk management.

Item Type: Article
Uncontrolled Keywords: AOM; secure modelling; secure methodology; Secure Tropos.
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Faculties, Institutes, Centres > Faculty of Computer Science and Information Technology
Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Gani
Date Deposited: 19 Dec 2024 04:17
Last Modified: 19 Dec 2024 04:17
URI: http://ir.unimas.my/id/eprint/46958

Actions (For repository members only: login required)

View Item View Item
UNIMAS Institutional Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.