Secure Agent-Oriented Modelling with Web-based Security Application Development
Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies a...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM
2024
|
Subjects: | |
Online Access: | http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf http://ir.unimas.my/id/eprint/46958/ https://joiv.org/index.php/joiv/article/view/2180 http://dx.doi.org/10.62527/joiv.8.1.2180 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.unimas.ir-46958 |
---|---|
record_format |
eprints |
spelling |
my.unimas.ir-469582024-12-19T04:17:50Z http://ir.unimas.my/id/eprint/46958/ Secure Agent-Oriented Modelling with Web-based Security Application Development Macklin, Limpan Cheah, Wai Shiang Eaqerzilla, Phang Muhammad Asyraf, Khairuddin Nurfauza, Jali QA76 Computer software Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an alternative methodology that supports security risk management. Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM 2024 Article PeerReviewed text en http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf Macklin, Limpan and Cheah, Wai Shiang and Eaqerzilla, Phang and Muhammad Asyraf, Khairuddin and Nurfauza, Jali (2024) Secure Agent-Oriented Modelling with Web-based Security Application Development. INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION, 8 (1). pp. 499-509. ISSN 2549-9904 https://joiv.org/index.php/joiv/article/view/2180 http://dx.doi.org/10.62527/joiv.8.1.2180 |
institution |
Universiti Malaysia Sarawak |
building |
Centre for Academic Information Services (CAIS) |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Malaysia Sarawak |
content_source |
UNIMAS Institutional Repository |
url_provider |
http://ir.unimas.my/ |
language |
English |
topic |
QA76 Computer software |
spellingShingle |
QA76 Computer software Macklin, Limpan Cheah, Wai Shiang Eaqerzilla, Phang Muhammad Asyraf, Khairuddin Nurfauza, Jali Secure Agent-Oriented Modelling with Web-based Security Application Development |
description |
Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce
applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently
ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure
Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior
Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an
alternative methodology that supports security risk management. |
format |
Article |
author |
Macklin, Limpan Cheah, Wai Shiang Eaqerzilla, Phang Muhammad Asyraf, Khairuddin Nurfauza, Jali |
author_facet |
Macklin, Limpan Cheah, Wai Shiang Eaqerzilla, Phang Muhammad Asyraf, Khairuddin Nurfauza, Jali |
author_sort |
Macklin, Limpan |
title |
Secure Agent-Oriented Modelling with Web-based Security
Application Development |
title_short |
Secure Agent-Oriented Modelling with Web-based Security
Application Development |
title_full |
Secure Agent-Oriented Modelling with Web-based Security
Application Development |
title_fullStr |
Secure Agent-Oriented Modelling with Web-based Security
Application Development |
title_full_unstemmed |
Secure Agent-Oriented Modelling with Web-based Security
Application Development |
title_sort |
secure agent-oriented modelling with web-based security
application development |
publisher |
Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM |
publishDate |
2024 |
url |
http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf http://ir.unimas.my/id/eprint/46958/ https://joiv.org/index.php/joiv/article/view/2180 http://dx.doi.org/10.62527/joiv.8.1.2180 |
_version_ |
1819914973192650752 |
score |
13.223943 |