• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Security Assurance of REST API based applications

Prasher, Nishu
Master thesis
Thumbnail
View/Open
19973_FULLTEXT.pdf (903.9Kb)
19973_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2502569
Date
2018
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [2808]
Abstract
Security assurance is the confidence that a system meets its security requirements, based on specific evidences that an assurance technique provide. In this thesis, I have proposed a quantification method which aims to develop security assurance profiles by measuring the level of security of a REST API.

The notion of measuring security is complex and tricky, existing approaches are often based on manual review and time consuming tasks. In addition, there is little research work done on quantification of security assurance for REST APIs.

A common perspective has been to focus on the vulnerabilities of a system while security testing. However, security requirements are not tend to get enough attention during a security test. The main approach of this thesis was to look at both requirements and vulnerabilities to accomplish a level of security assurance.

Appropriate metrics were defined to reflect the \textit{requirement fulfillment} and the \textit{vulnerability presence}. The requirements were declared to be fulfilled if their associated security mechanisms were present. Vulnerabilities were on the other hand sorted into their relevant categories and assigned a risk score.

The security assurance metric was defined as an equation where the vulnerability metric was subtracted from the requirement metric.

The case studies were carried out at Statistics Norway, where the author is employed.

Analyzes showed that the API with the most security mechanisms implemented got a slightly higher security assurance score. This was due to the fact that the vulnerabilities were considered more harmful in one of the cases as the security objectives diverged.

The proposed quantification method can be re-used on any other domain, by altering the lists of requirements and vulnerabilities.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit