An Approach for Verification of Secure Access Control Using Security Pattern

Abstract

According to OWASP-2021, more than 3,00,000 web applications have been detected for unauthenticated and unauthorised access leading to a breach of security trust. Security patterns are commonly used in web applications to address the problem of broken access. Web developers are not experts in implementing security patterns. Therefore, it is necessary to verify that the security pattern has been applied, specifying the original intent of the security pattern. In this paper, an approach has been proposed that analyses the behavioural aspect of security patterns to verify that it meets the security requirement of the web application. The proposed approach extracts the class diagram’s structural properties, relations, associations, and security-related constraints and verifies it using the first-order predicate logic. Experiments have been conducted using class diagrams of security patterns to detect instances of broken access control early in the design phase. The proposed approach will help minimise the risk of unauthenticated and unauthorised access to a web application.