The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
API web yang tenang telah menjadi biasa dengan kebanyakan aplikasi web moden yang merangkumi seni bina perkhidmatan mikro. API RESTful menyediakan data melalui rangkaian menggunakan HTTP yang mungkin berinteraksi dengan pangkalan data dan perkhidmatan lain dan mesti mengekalkan sifat keselamatannya. Walau bagaimanapun, REST bukan protokol sebaliknya satu set garis panduan tentang cara mereka bentuk sumber yang diakses melalui titik akhir HTTP. Terdapat garis panduan tentang cara sumber berkaitan harus distrukturkan dengan URI hierarki serta cara kata kerja HTTP yang berbeza harus digunakan untuk mewakili tindakan yang ditakrifkan dengan baik pada sumber tersebut. Walaupun keselamatan sentiasa menjadi kritikal dalam reka bentuk API RESTful, terdapat sedikit atau tiada teknik kejuruteraan dipacu model yang jelas menggunakan pendekatan selamat mengikut reka bentuk yang menjalin kedua-dua keperluan fungsian dan keselamatan. Oleh itu, kami mencadangkan pendekatan untuk menentukan keperluan fungsian dan keselamatan API dengan Bahasa Formal Berorientasikan Objek Berstruktur (SOFL) praktikal. Pendekatan yang dicadangkan kami menyediakan metodologi generik untuk mereka bentuk API sedar keselamatan dengan menggunakan konsep model domain, primitif domain, metamodel Ecore dan SOFL. Kami juga menerangkan kajian kes untuk menilai keberkesanan pendekatan kami dan membincangkan isu-isu penting berhubung dengan kebolehgunaan praktikal kaedah kami.
Busalire Onesmus EMEKA
Hosei University
Soichiro HIDAKA
Hosei University
Shaoying LIU
Hiroshima University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Busalire Onesmus EMEKA, Soichiro HIDAKA, Shaoying LIU, "A Practical Model Driven Approach for Designing Security Aware RESTful Web APIs Using SOFL" in IEICE TRANSACTIONS on Information,
vol. E106-D, no. 5, pp. 986-1000, May 2023, doi: 10.1587/transinf.2022EDP7194.
Abstract: RESTful web APIs have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful API provides data over the network using HTTP probably interacting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guidelines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierarchical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful APIs, there are few or no clear model driven engineering techniques utilizing a secure-by-design approach that interweaves both the functional and security requirements. We therefore propose an approach to specifying APIs functional and security requirements with the practical Structured-Object-oriented Formal Language (SOFL). Our proposed approach provides a generic methodology for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022EDP7194/_p
Salinan
@ARTICLE{e106-d_5_986,
author={Busalire Onesmus EMEKA, Soichiro HIDAKA, Shaoying LIU, },
journal={IEICE TRANSACTIONS on Information},
title={A Practical Model Driven Approach for Designing Security Aware RESTful Web APIs Using SOFL},
year={2023},
volume={E106-D},
number={5},
pages={986-1000},
abstract={RESTful web APIs have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful API provides data over the network using HTTP probably interacting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guidelines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierarchical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful APIs, there are few or no clear model driven engineering techniques utilizing a secure-by-design approach that interweaves both the functional and security requirements. We therefore propose an approach to specifying APIs functional and security requirements with the practical Structured-Object-oriented Formal Language (SOFL). Our proposed approach provides a generic methodology for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.},
keywords={},
doi={10.1587/transinf.2022EDP7194},
ISSN={1745-1361},
month={May},}
Salinan
TY - JOUR
TI - A Practical Model Driven Approach for Designing Security Aware RESTful Web APIs Using SOFL
T2 - IEICE TRANSACTIONS on Information
SP - 986
EP - 1000
AU - Busalire Onesmus EMEKA
AU - Soichiro HIDAKA
AU - Shaoying LIU
PY - 2023
DO - 10.1587/transinf.2022EDP7194
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E106-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2023
AB - RESTful web APIs have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful API provides data over the network using HTTP probably interacting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guidelines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierarchical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful APIs, there are few or no clear model driven engineering techniques utilizing a secure-by-design approach that interweaves both the functional and security requirements. We therefore propose an approach to specifying APIs functional and security requirements with the practical Structured-Object-oriented Formal Language (SOFL). Our proposed approach provides a generic methodology for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.
ER -