A Platform Specific UML model for Web application self defense through an Aspect Oriented Approach

Abstract

Invention of internet has paved a way for popularity of Web based applications. Web application vulnerabilities are a major concern for critical applications. We bring forth the idea of making applications self defendable through aspect oriented approach of code modification. Aspect Oriented programming and modeling has been accepted as it facilitates integration of cross cutting concern without any change to the existing application and also facilitates separation of nonfunctional concerns in applications that are under development. We propose a Platform Specific Model{PSM) in java using aspect oriented approach for securing web applications against most popular cross site scripting, sql injection, authentication, authorization parameter tampering and session hijacking attacks. The main focus in this paper is the description of various classes in the PSM model. Each and every security countermeasure is modeled as class in the PSM model and act as an aspect in aspect oriented modeling. We have shown the relationships between various other components of aspects like pointcut and advice. The paper also presents an excerpt of the model implementation of aspect oriented countermeasure using aspectJ. The paper also gives an excerpt of algorithm devised for session protection. Running web applications were tested before and after the aspect injection and test results are given to prove the approach.