Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years

Aleksandra Siderova; Maya Daneva; Faiza A. Bukhsh; Jeewanie J. Arachchige

doi:10.1109/REW61692.2024.00026

Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years

Aleksandra Siderova, Maya Daneva, Faiza A. Bukhsh, Jeewanie J. Arachchige

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

13 Downloads (Pure)

Abstract

In the past decade, several approaches have been proposed for integrating security requirements into the model-driven engineering (MDE) of web applications. However, very little has been done to consolidate the knowledge about these approaches and analyze them from the perspective of common security threats, such as those listed in the Top 10 list of OWASP. This systematic literature review provides a state-of-the-art overview of the newly proposed approaches. It consolidates what is currently known about the level of their empirical evaluation and the extent to which each addresses the threats in the Top 10 list of OWASP. We examined 181 publications, of which 11 articles proposed new approaches to integrating security into the MDE of web applications. Our analysis of these 11 approaches reveals that most of them address the threat of Broken Access Control and that no approach exists that addresses all threats in the Top 10 list. Compared to a decade ago, we could see a clear trend towards using aspect-oriented methods to integrate security into MDE for web apps. Finally, we reflect on the implications of our results and the limitations of this work.

Original language	English
Title of host publication	Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024
Editors	Grischa Liebel, Irit Hadar, Paola Spoletini
Publisher	IEEE
Pages	155-163
Number of pages	9
ISBN (Electronic)	9798350395518
DOIs	https://doi.org/10.1109/REW61692.2024.00026
Publication status	Published - 21 Aug 2024
Event	32nd IEEE International Requirements Engineering Conference Workshops, REW 2024 - Reykjavik, Iceland Duration: 24 Jun 2024 → 28 Jun 2024 Conference number: 32

Conference

Conference	32nd IEEE International Requirements Engineering Conference Workshops, REW 2024
Abbreviated title	REW 2024
Country/Territory	Iceland
City	Reykjavik
Period	24/06/24 → 28/06/24

Keywords

2025 OA procedure
empirical research method
model-driven engineering
security requirements
security-by-design
UML
web applications development
aspect-oriented software development

Access to Document

10.1109/REW61692.2024.00026

Security_Approaches_in_Model-Driven_Engineering_for_Web_Applications_the_State-of-the-art_in_the_Last_10_YearsFinal published version, 474 KBLicence: Taverne

Cite this

Siderova, A., Daneva, M., Bukhsh, F. A., & Arachchige, J. J. (2024). Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years. In G. Liebel, I. Hadar, & P. Spoletini (Eds.), Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024 (pp. 155-163). IEEE. https://doi.org/10.1109/REW61692.2024.00026

@inproceedings{92aba9470744443cbd742efada1f9f48,

title = "Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years",

abstract = "In the past decade, several approaches have been proposed for integrating security requirements into the model-driven engineering (MDE) of web applications. However, very little has been done to consolidate the knowledge about these approaches and analyze them from the perspective of common security threats, such as those listed in the Top 10 list of OWASP. This systematic literature review provides a state-of-the-art overview of the newly proposed approaches. It consolidates what is currently known about the level of their empirical evaluation and the extent to which each addresses the threats in the Top 10 list of OWASP. We examined 181 publications, of which 11 articles proposed new approaches to integrating security into the MDE of web applications. Our analysis of these 11 approaches reveals that most of them address the threat of Broken Access Control and that no approach exists that addresses all threats in the Top 10 list. Compared to a decade ago, we could see a clear trend towards using aspect-oriented methods to integrate security into MDE for web apps. Finally, we reflect on the implications of our results and the limitations of this work.",

keywords = "2025 OA procedure, empirical research method, model-driven engineering, security requirements, security-by-design, UML, web applications development, aspect-oriented software development",

author = "Aleksandra Siderova and Maya Daneva and Bukhsh, {Faiza A.} and Arachchige, {Jeewanie J.}",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024, REW 2024 ; Conference date: 24-06-2024 Through 28-06-2024",

year = "2024",

month = aug,

day = "21",

doi = "10.1109/REW61692.2024.00026",

language = "English",

pages = "155--163",

editor = "Grischa Liebel and Irit Hadar and Paola Spoletini",

booktitle = "Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024",

publisher = "IEEE",

address = "United States",

}

Siderova, A, Daneva, M , Bukhsh, FA & Arachchige, JJ 2024, Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years. in G Liebel, I Hadar & P Spoletini (eds), Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024. IEEE, pp. 155-163, 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024, Reykjavik, Iceland, 24/06/24. https://doi.org/10.1109/REW61692.2024.00026

Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years. / Siderova, Aleksandra; Daneva, Maya ; Bukhsh, Faiza A. et al.
Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024. ed. / Grischa Liebel; Irit Hadar; Paola Spoletini. IEEE, 2024. p. 155-163.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Security Approaches in Model-Driven Engineering for Web Applications

T2 - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024

AU - Siderova, Aleksandra

AU - Daneva, Maya

AU - Bukhsh, Faiza A.

AU - Arachchige, Jeewanie J.

N1 - Conference code: 32

PY - 2024/8/21

Y1 - 2024/8/21

N2 - In the past decade, several approaches have been proposed for integrating security requirements into the model-driven engineering (MDE) of web applications. However, very little has been done to consolidate the knowledge about these approaches and analyze them from the perspective of common security threats, such as those listed in the Top 10 list of OWASP. This systematic literature review provides a state-of-the-art overview of the newly proposed approaches. It consolidates what is currently known about the level of their empirical evaluation and the extent to which each addresses the threats in the Top 10 list of OWASP. We examined 181 publications, of which 11 articles proposed new approaches to integrating security into the MDE of web applications. Our analysis of these 11 approaches reveals that most of them address the threat of Broken Access Control and that no approach exists that addresses all threats in the Top 10 list. Compared to a decade ago, we could see a clear trend towards using aspect-oriented methods to integrate security into MDE for web apps. Finally, we reflect on the implications of our results and the limitations of this work.

AB - In the past decade, several approaches have been proposed for integrating security requirements into the model-driven engineering (MDE) of web applications. However, very little has been done to consolidate the knowledge about these approaches and analyze them from the perspective of common security threats, such as those listed in the Top 10 list of OWASP. This systematic literature review provides a state-of-the-art overview of the newly proposed approaches. It consolidates what is currently known about the level of their empirical evaluation and the extent to which each addresses the threats in the Top 10 list of OWASP. We examined 181 publications, of which 11 articles proposed new approaches to integrating security into the MDE of web applications. Our analysis of these 11 approaches reveals that most of them address the threat of Broken Access Control and that no approach exists that addresses all threats in the Top 10 list. Compared to a decade ago, we could see a clear trend towards using aspect-oriented methods to integrate security into MDE for web apps. Finally, we reflect on the implications of our results and the limitations of this work.

KW - 2025 OA procedure

KW - empirical research method

KW - model-driven engineering

KW - security requirements

KW - security-by-design

KW - UML

KW - web applications development

KW - aspect-oriented software development

UR - http://www.scopus.com/inward/record.url?scp=85203105910&partnerID=8YFLogxK

U2 - 10.1109/REW61692.2024.00026

DO - 10.1109/REW61692.2024.00026

M3 - Conference contribution

AN - SCOPUS:85203105910

SP - 155

EP - 163

BT - Proceedings - 32nd IEEE International Requirements Engineering Conference Workshops, REW 2024

A2 - Liebel, Grischa

A2 - Hadar, Irit

A2 - Spoletini, Paola

PB - IEEE

Y2 - 24 June 2024 through 28 June 2024

ER -

Security Approaches in Model-Driven Engineering for Web Applications: The State-of-the-art in the Last 10 Years

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this