A Formal Approach to Secure Design of RESTful Web APIs Using SOFL

Emeka, Busalire Onesmus; Hidaka, Soichiro; Liu, Shaoying

doi:10.1007/978-3-030-77474-5_8

Cited by 1 publication

(1 citation statement)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our previous publications [3] we proposed a method offering a practical approach to specify and verify security and functional requirements of RESTful APIs using SOFL (Structured-Object-oriented Formal Language) [4]. In our approach, we focused on ensuring that all of the expected functional behaviors provided by an API and their related security requirements were captured correctly.…”

Section: Introductionmentioning

confidence: 99%

A Practical Model Driven Approach for Designing Security Aware RESTful Web APIs Using SOFL

Emeka

HIDAKA

LIU

2023

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

RESTful web APIs have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful API provides data over the network using HTTP probably interacting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guidelines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierarchical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful APIs, there are few or no clear model driven engineering techniques utilizing a secure-by-design approach that interweaves both the functional and security requirements. We therefore propose an approach to specifying APIs functional and security requirements with the practical Structured-Object-oriented Formal Language (SOFL). Our proposed approach provides a generic methodology for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.

show abstract

Section: Introductionmentioning

confidence: 99%