Abstract
Currently, only a small number of user agents present information on the web security context to the user in an easy way for understandability. W3C has created WSC-UI documents as a security suggestion standard for web security context. The application in designing user agents to be secure requires human resources in identifying specifications, which takes much time and ex-pense, and may also result in incompleteness. Security patterns have been used to collect solutions to recurring problems. Therefore, this research proposes a method for creating web security context patterns, based on WSC-UI documents, and identifying the relationship structure of the patterns. The proposed patterns are validated and refined according to the initial validation list. The developers can specify the security requirements based on the proposed patterns according to the specified application approach, for the benefits in designing a user agent to be aware of the web security context.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
W3C: Web Security Context: User Interface Guidelines, http://www.w3.org/TR/2010/REC-wsc-ui-20100812/
Lebanidze, E.: Securing enterprise web applications at the source: an application security perspective. OWASP-The Open Web Application Security Project (2006)
Bolchini, D., Colazzo, S., Paolini, P.: Requirements for Aural Web Sites. Proceedings of the Eighth IEEE International Symposium on Web Site Evolution, pp. 75-82. IEEE Computer Society (2006)
Dias, A.L., Fortes, R.P.d.M., Masiero, P.C.: Increasing the Quality of Web Systems: By Inserting Requirements of Accessibility and Usability. Proceedings of the 2012 Eighth International Conference on the Quality of Information and Communications Technology, pp. 224-229. IEEE Computer Society (2012)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley (2013)
Riaz, M., Williams, L.: Security requirements patterns: understanding the science behind the art of pattern writing. Requirements Patterns (RePa), 2012 IEEE Second International Workshop on, pp. 29-34 (2012)
Hafiz, M., Adamczyk, P., Johnson, R.E.: Organizing security patterns. IEEE Software 24, 52-60 (2007)
Alvi, A.K., Zulkernine, M.: A comparative study of software security pattern classifications. Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, pp. 582-589 (2012)
Palomares, C., Franch, X., Quer, C.: Requirements Reuse and Patterns: A Survey. Requirements Engineering: Foundation for Software Quality, pp. 301-308. Springer (2014)
Supaporn, K., Prompoon, N., Rojkangsadan, T.: Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns. Software Engineering Conference, 2007. APSEC 2007. 14th Asia-Pacific, pp. 112-119 (2007)
W3C Working Group Note: Web Security Experience, Indicators and Trust: Scope and Use Cases, http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Singpant, P., Prompoon, N. (2015). A Method for Web Security Context Patterns Development from User Interface Guidelines Based on Structural and Textual Analysis. In: Kim, K. (eds) Information Science and Applications. Lecture Notes in Electrical Engineering, vol 339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46578-3_64
Download citation
DOI: https://doi.org/10.1007/978-3-662-46578-3_64
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46577-6
Online ISBN: 978-3-662-46578-3
eBook Packages: EngineeringEngineering (R0)