DOI QR코드

DOI QR Code

A Development of the Unified Object-Oriented Analysis and Design Methodology for Security-Critical Web Applications Based on Object-Relational Database - Forcusing on Oracle11g -

웹 응용 시스템 개발을 위한 보안을 고려한 통합 분석·설계 방법론 개발 - Oracle11g를 중심으로 -

  • Joo, Kyung-Soo (Dept. of Computer Software Engineering, SoonChunHyang University) ;
  • Woo, Jung-Woong (Dept. of Computer Software Engineering, SoonChunHyang University)
  • 주경수 (순천향대학교 컴퓨터소프트웨어공학과) ;
  • 우정웅 (순천향대학교 컴퓨터소프트웨어공학과)
  • Received : 2012.09.11
  • Accepted : 2012.11.08
  • Published : 2012.12.31

Abstract

In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.

응용 시스템 개발 과정에 있어서 중요하고 핵심을 이루는 작업은 분석과 설계 작업이며 아울러 대부분의 응용 시스템은 데이터베이스 기반으로 구축된다. 또한, IT 시스템들 간 상호 연결이 증가되면서 응용 시스템들은 외부공격에 쉽게 노출되어 지고 있기 때문에 보안과 관련된 처리 과정 역시 중요하다. 보안은 시스템에서 많은 부분과 상호작용을 하는 복잡한 비기능적 요구사항이다. 하지만 이러한 보안은 대부분 개발 마지막 과정에서 고려하기 때문에 보안에 취약한 응용 시스템이 개발될 가능성이 매우 높다. 따라서 개발 초기에 보안을 반영한 분석 및 설계 과정이 매우 중요하다. J2EE는 웹 응용 시스템을 위한 보안 방안을 제공하고, 아울러 객체-관계형 데이터베이스도 보안을 위하여 역할기반 접근제어를 지원하고 있지만 객체-관계형 데이터베이스 및 J2EE의 역할기반 접근제어를 활용하는, 요구사항 수집부터 구현까지 개발 단계 전체에 걸친 보안을 고려한 일관된 개발방법론은 전무한 실정이다. 따라서 본 논문에서는 보안 요구사항을 요구사항 수집부터 분석 및 설계 그리고 마지막 구현 단계까지 반영하여 J2EE 기반의 웹 응용 시스템을 개발하기 위한, 보안을 고려한 일관된 통합 분석 설계 방법론을 제안한다.

Keywords

References

  1. Brett D. McLaughlin, Gary Pollice, David West, Head First Object Oriented Analysis & Design, Hanbit Media. Inc, pp. 96-103, 2007.
  2. Han Jeong-Su, Kim Gwi-Jeong, Song Yeong-Jae, Introduction to UML : Object-Oriented Design as in a friendly learning, Hanbit Media. Inc, pp. 58-66, 2009.
  3. Madan, s, "security Standards Perspective to Fortify Web Database Applications From Code Injection Attacks", International Conference on Intelligent Systems, Modelling and Simulation(ISMS), pp. 226-230, Jan 2010.
  4. lqra Basharat, Farooque Anam, Abdul Wahab Muzaffar, "Database Security and Encryption: A Survey Study", International Journal of Computer Application, Vol. 47, No. 12, June 2012.
  5. Cho Wan-su, "UML 2 & UP Object-Oriented Analysis&design", pp.189-205, Hongrung Publishing Company, 2005.
  6. Jho Do-hyung, Joo Kyung-Soo, "UML Extension for Object-Relational Database Design - Focusing on Oracle11g-", Korea Society of Internet Infomation, Vol. 12, No. 6, pp.149-159, December 2011.
  7. G.Popp, J. Jurjens, G.Wimmel, R. Breu, "Security-Critical System Development with Extended Use Case", Asia-Pacific Software Engineering Conference, 5-1 self, 2003.
  8. Kathy Sierra, Bert Bates, Bryan Basham, Head First Servlet & JSP, Hanbit Media. Inc, pp. 683-721, 2009.
  9. Chae Heung-Seok, Object-oriented CDB Project for UML and Java as learning, Hanbit Media. Inc, pp. 290-960, 2009.
  10. Jho Do-hyung, Joo Kyung-Soo, "Development of Integrated Design Methodology for Relational Database Application -Focusing on Object-Oriented Analysis and Design Methodology-", Korea Society of Computer Information, Vol. 16, No. 11, 2011. https://doi.org/10.9708/jksci.2011.16.11.025
  11. Oracle Corporation, Oracle 11g SQL Reference Release 2 (11.2), www.oracle.com, 2011.
  12. ISO(International Standardization Organization), ISO/IEC 9075-11:2008, www.iso.org, 2011.
  13. E. Marcos, B. Vela, J. M. Cavero, "A Methodology for Object-Relational Database Design Using UML", 12th International Conference and Workshop on Database and Expert Systems and Applications, 2001.
  14. E. Marcos, B. Vela, J. M. Cavero, "Aggregation and Composition in Object-Relational Database Design", Fifth East European Conference on Advances in Databases and Information Systems, 2001.
  15. Khaleel Ahmad, Jayant Shekhar, Nitesh Kumar, K.P.Yadav, "Policy Levels Concerning Database Security", International Journal of Computer Science & Emerging Technologies, Vol. 2, No. 3, June 2011.

Cited by

  1. An Object-Oriented Analysis and Design Methodology for Security of Web Applications vol.14, pp.4, 2013, https://doi.org/10.7472/jksii.2013.14.4.35
  2. .net Framework 환경에서 하이브리드 웹 기반의 매니지드 구조화 시스템 프로그래밍 개발방식-스마트 웹 중심으로 vol.18, pp.4, 2012, https://doi.org/10.9708/jksci.2013.18.4.141