Formalization of Security Requirements-A Case Study on a Web- Based Application

Abstract

Security of web-based applications is one of the main concerns today. With the expanding cyberspace, utility and threats are increasing simultaneously. Like earlier, even today security is taken as an afterthought. Functional requirements override the security assurance. Therefore, different security issues such as threat, vulnerability, security breaches, etc. may arise after the deployment of web-based applications. The use of formal specifications for the security requirements while developing web-based applications is cost-effective, time-saving, and error-free. Most of the exiting models rarely deal with a formal approach. The objective of this research paper is to provide an idea about the formal specification and formal verification of web-based applications. In this paper, a novel and broad approach are proposed to specify the security requirement. The proposed approach has been verified through a case study of a web-based mobile banking application. This research paper mainly focused on the specification of security properties by considering some security requirements such as authentication, authorization, confidentiality, and integrity. These security properties are formally verified by the existing more formal tools which is an extension of the proposed work.