Assessing the impact of model driven development on secure software development

Abstract

Security flaws are quite widespread in the coding world. A developer can easily mitigate them if found during the system testing but there are some flaws that cannot be found by the normal testing routines employed. Such flaws do not affect the functionalities of the system but they allow malicious users to compromise the system. These secure programming flaws have always existed but environments like the internet make these flaws more severe because of its widely-usage. The secure coding practices employed to develop secure applications depend on the programming language used. Programming languages are evolving constantly and as they continue to evolve the developer has to deal with much less complexity when developing. Thus it may be easier to employ secure coding practices in some languages than in others. However because of the different levels of abstraction, it is possible that the secure coding practices can be implemented much easier or can be reduced to a minimum in a fourth generation language. The main objective of this project is to assess whether the problem of requiring all developers as security experts can be alleviated by using a model-driven language. This includes an investigation on how easy it is for a developer to include a security flaw in Java rather and in a model-driven language such as UniPaaS. To assess which technology facilitate the developer the most in building secure sites, different web applications are built with Java and UniPaaS. Another two Rich Internet applications are also built to analyze how the frameworks react to new technologies and how easy it is for the developers to create a secure application using a new technology. Each of the applications was analyzed by well known attack strings, which are used by attackers in real attacks, to check if the applications are vulnerable to several flaws. The flaws are categorized into four different categories: Session Management, Incorrect Input Validation, Password Management and Deployment Issues. Such categorization is made for completeness so as to cover all related flaws in that category. For each flaw, an attack string is sent to check how the application reacts to each attack. In the case that the application under test is vulnerable to a flaw, rectification steps for that flaw are developed. From the evaluation, it came out clear that the model-driven development approach really alleviates the problem of requiring all developers to be security experts. As a language, UniPaaS offers already a secure way of developing when compared to Java since some vulnerabilities that were introduced in Java couldn't be introduced in UniPaaS. This is because UniPaaS has a way of handling backend queries and sessions that prevents all attacks by itself.