ABSTRACT
In the modern business world it is increasingly often that Enterprises opt to bring their business model online, in their effort to reach out to more end users and increase their customer base. While transitioning to the new model, enterprises consider securing their data of pivotal importance. In fact, many efforts have been introduced to automate this ‘webification’ process; however, they all fall short in some aspect: a) they either generate only the security infrastructure, assigning implementation to the developers, b) they embed mainstream, less powerful authorisation schemes, or c) they disregard the merits of the dominating REST architecture and adopt less suitable approaches. In this paper we present RESTsec, a Low-Code platform that supports rapid security requirements modelling for Enterprise Services, abiding by the state of the art ABAC authorisation scheme. RESTsec enables the developer to seamlessly embed the desired access control policy and generate the service, the security infrastructure and the code. Evaluation shows that our approach is valid and can help developers deliver secure by design enterprise services in a rapid and automated manner.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
13. http://orbac.org.
31. CIM, PIM and PSM are the three distinct phases followed in MDA. CIM refers to the Computationally Independent Model that only comprises problem domain concepts, PIM refers to the Platform Independent Model that on top of CIM concepts introduces an abstract architecture of the system, which is then specialized to the target platform at the PSM or the Platform Specific Model .
34. The CRUD verbs comprise the: Create verb that is used to create a new resource, Read verb that is used to retrieve an existing resource and the Update and Delete ones that are used to update and delete an existing resource respectively.