Browse
We’re here to help

Find guidance on Author Services

Search
Browse
We’re here to help

Find guidance on Author Services

Home
All Journals
Enterprise Information Systems
List of Issues
Volume 12, Issue 8-9
RESTsec: a low-code platform for generat ....

Your download is now in progress and you may close this window

Did you know that with a free Taylor & Francis Online account you can gain access to the following benefits?

Choose new content alerts to be informed about new research of interest to you
Easy remote access to your institution's subscriptions on any device, from any location
Save your searches and schedule alerts to send you new results
Export your search results into a .csv file to support your research

Have an account?
Login now Don't have an account?
Register for free

Login or register to access this feature

Have an account?
Login now Don't have an account?
Register for free

Choose new content alerts to be informed about new research of interest to you
Easy remote access to your institution's subscriptions on any device, from any location
Save your searches and schedule alerts to send you new results
Export your search results into a .csv file to support your research

Search in:

Advanced search

Enterprise Information Systems Volume 12, 2018 - Issue 8-9: Model-driven data-intensive Enterprise Information Systems

Submit an article Journal homepage

812

Views

CrossRef citations to date

Altmetric

Original Articles

RESTsec: a low-code platform for generating secure by design enterprise services

Christoforos ZolotasElectrical and Computer Engineering Department, Aristotle University of Thessaloniki, Thessaloniki, GreeceCorrespondence[email protected]

http://orcid.org/0000-0003-4446-8230

Kyriakos C. ChatzidimitriouElectrical and Computer Engineering Department, Aristotle University of Thessaloniki, Thessaloniki, Greece

Andreas L. SymeonidisElectrical and Computer Engineering Department, Aristotle University of Thessaloniki, Thessaloniki, Greece

Pages 1007-1033 | Received 31 Jul 2017, Accepted 09 Mar 2018, Published online: 11 Apr 2018

Cite this article
https://doi.org/10.1080/17517575.2018.1462403
CrossMark

Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days

Full Article
Figures & data
References
Citations
Metrics
Reprints & Permissions
Read this article /doi/full/10.1080/17517575.2018.1462403?needAccess=true

ABSTRACT

In the modern business world it is increasingly often that Enterprises opt to bring their business model online, in their effort to reach out to more end users and increase their customer base. While transitioning to the new model, enterprises consider securing their data of pivotal importance. In fact, many efforts have been introduced to automate this ‘webification’ process; however, they all fall short in some aspect: a) they either generate only the security infrastructure, assigning implementation to the developers, b) they embed mainstream, less powerful authorisation schemes, or c) they disregard the merits of the dominating REST architecture and adopt less suitable approaches. In this paper we present RESTsec, a Low-Code platform that supports rapid security requirements modelling for Enterprise Services, abiding by the state of the art ABAC authorisation scheme. RESTsec enables the developer to seamlessly embed the desired access control policy and generate the service, the security infrastructure and the code. Evaluation shows that our approach is valid and can help developers deliver secure by design enterprise services in a rapid and automated manner.

KEYWORDS:

RESTful services
model driven engineering
ABAC
access control
data migration

Disclosure statement

No potential conflict of interest was reported by the authors.

Notes

1. https://goo.gl/a9aL6Q.

2. http://www.django-rest-framework.org.

3. http://rubyonrails.org.

4. https://en.wikipedia.org/wiki/Basic_access_authentication.

5. https://en.wikipedia.org/wiki/OAuth.

6. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.

7. http://csrc.nist.gov/projects/abac/.

8. https://goo.gl/QgPUDz.

9. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.

10. http://www.omg.org/spec/RAD/.

11. https://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html.

12. https://en.wikipedia.org/wiki/Role-based_access_control.

13. http://orbac.org.

14. https://www.owasp.org/index.php/Main_Page.

15. http://www.omg.org/spec/OCL/.

16. https://www.salesforce.com.

17. https://www.caspio.com.

18. http://agilepoint.com/.

19. http://www.appian.com.

20. https://www.mendix.com.

21. https://www.outsystems.com.

22. http://csrc.nist.gov/projects/abac/.

23. http://csrc.nist.gov/projects/abac/.

24. https://en.wikipedia.org/wiki/Discretionary_access_control.

25. https://en.wikipedia.org/wiki/Role-based_access_control.

26. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.

27. https://martinfowler.com/articles/richardsonMaturityModel.html.

28. https://projects.eclipse.org/projects/modeling.mmt.

29. https://goo.gl/evoux3.

30. http://www.omg.org/mda/.

31. CIM, PIM and PSM are the three distinct phases followed in MDA. CIM refers to the Computationally Independent Model that only comprises problem domain concepts, PIM refers to the Platform Independent Model that on top of CIM concepts introduces an abstract architecture of the system, which is then specialized to the target platform at the PSM or the Platform Specific Model .

32. https://en.wikipedia.org/wiki/Basic_access_authentication.

33. https://en.wikipedia.org/wiki/HATEOAS.

34. The CRUD verbs comprise the: Create verb that is used to create a new resource, Read verb that is used to retrieve an existing resource and the Update and Delete ones that are used to update and delete an existing resource respectively.

35. https://en.wikipedia.org/wiki/Basic_access_authentication.

36. https://github.com/AuthEceSoftEng/abac-mde-teis.

37. http://model.webofthings.io/.

Log in via your institution

Access through your institution

Log in to Taylor & Francis Online

Shibboleth

Log in to Taylor & Francis Online

Username Password

Forgot password?

Keep me logged in (not suitable for shared devices).

You will otherwise be logged out automatically, after a limited period, and will need to log in again.

Restore content access

Restore content access for purchases made as guest

Purchase options * Save for later Item saved, go to cart

PDF download + Online access

48 hours access to article PDF & online version
Article PDF can be downloaded
Article PDF can be printed

USD 61.00 Add to cart

PDF download + Online access - Online Checkout

Issue Purchase

30 days online access to complete issue
Article PDFs can be downloaded
Article PDFs can be printed

USD 199.00 Add to cart

Issue Purchase - Online Checkout

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.

People also read
Recommended articles
Cited by

To cite this article:

Reference style: APA Chicago Harvard

Citation copied to clipboard

Reference styles above use APA (6th edition), Chicago (16th edition) & Harvard (10th edition)

Download citation

Download a citation file in RIS format that can be imported by citation management software including EndNote, ProCite, RefWorks and Reference Manager.

Choose format: RIS BibTex RefWorks Direct Export

Choose options: Citation Citation & abstract Citation & references