Secure Agent-Oriented Modelling with Web-based Security Application Development

Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies a...

Full description

Saved in:
Bibliographic Details
Main Authors: Macklin, Limpan, Cheah, Wai Shiang, Eaqerzilla, Phang, Muhammad Asyraf, Khairuddin, Nurfauza, Jali
Format: Article
Language:English
Published: Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM 2024
Subjects:
Online Access:http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf
http://ir.unimas.my/id/eprint/46958/
https://joiv.org/index.php/joiv/article/view/2180
http://dx.doi.org/10.62527/joiv.8.1.2180
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.unimas.ir-46958
record_format eprints
spelling my.unimas.ir-469582024-12-19T04:17:50Z http://ir.unimas.my/id/eprint/46958/ Secure Agent-Oriented Modelling with Web-based Security Application Development Macklin, Limpan Cheah, Wai Shiang Eaqerzilla, Phang Muhammad Asyraf, Khairuddin Nurfauza, Jali QA76 Computer software Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an alternative methodology that supports security risk management. Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM 2024 Article PeerReviewed text en http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf Macklin, Limpan and Cheah, Wai Shiang and Eaqerzilla, Phang and Muhammad Asyraf, Khairuddin and Nurfauza, Jali (2024) Secure Agent-Oriented Modelling with Web-based Security Application Development. INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION, 8 (1). pp. 499-509. ISSN 2549-9904 https://joiv.org/index.php/joiv/article/view/2180 http://dx.doi.org/10.62527/joiv.8.1.2180
institution Universiti Malaysia Sarawak
building Centre for Academic Information Services (CAIS)
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaysia Sarawak
content_source UNIMAS Institutional Repository
url_provider http://ir.unimas.my/
language English
topic QA76 Computer software
spellingShingle QA76 Computer software
Macklin, Limpan
Cheah, Wai Shiang
Eaqerzilla, Phang
Muhammad Asyraf, Khairuddin
Nurfauza, Jali
Secure Agent-Oriented Modelling with Web-based Security Application Development
description Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an alternative methodology that supports security risk management.
format Article
author Macklin, Limpan
Cheah, Wai Shiang
Eaqerzilla, Phang
Muhammad Asyraf, Khairuddin
Nurfauza, Jali
author_facet Macklin, Limpan
Cheah, Wai Shiang
Eaqerzilla, Phang
Muhammad Asyraf, Khairuddin
Nurfauza, Jali
author_sort Macklin, Limpan
title Secure Agent-Oriented Modelling with Web-based Security Application Development
title_short Secure Agent-Oriented Modelling with Web-based Security Application Development
title_full Secure Agent-Oriented Modelling with Web-based Security Application Development
title_fullStr Secure Agent-Oriented Modelling with Web-based Security Application Development
title_full_unstemmed Secure Agent-Oriented Modelling with Web-based Security Application Development
title_sort secure agent-oriented modelling with web-based security application development
publisher Society of Visual Informatics, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM
publishDate 2024
url http://ir.unimas.my/id/eprint/46958/1/2180-6607-1-PB.pdf
http://ir.unimas.my/id/eprint/46958/
https://joiv.org/index.php/joiv/article/view/2180
http://dx.doi.org/10.62527/joiv.8.1.2180
_version_ 1819914973192650752
score 13.223943