论文信息 - A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructural Components

A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructural Components

In order to perform a useful threat analysis of a web application platform, some architectural assumptions about such applications must be made. This document describes a generic architecture for typical 3-tier web applications. It serves as the basis for analyzing the threats in the most important infrastructural components in that architecture, presented in the following papers.

Wouter Joosen | Frank Piessens | Lieven Desmet | Bart Jacobs

[1] Rüidiger Grimm,et al. Threat Modelling for ASP.NET - Designing Secure Applications , 2004, Communications and Multimedia Security.

[2] Tim Polk,et al. Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .

[3] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .

[4] Elisa Bertino,et al. Threat Modelling for SQL Servers - Designing a Secure Database in a Web Application , 2004, Communications and Multimedia Security.

[5] Tim Howes,et al. Lightweight Directory Access Protocol (v3) , 1997, RFC.

[7] Tim Howes,et al. Lightweight Directory Access Protocol , 1995, RFC.

[8] Bart Preneel,et al. Threat Modelling for Security Tokens in Web Applications , 2004, Communications and Multimedia Security.

[9] George Coulouris,et al. Distributed systems - concepts and design , 1988 .

[10] Wouter Joosen,et al. Threat Modelling for Web Services Based Web Applications , 2004, Communications and Multimedia Security.

[11] David Chadwick. Threat Modelling for Active Directory , 2004, Communications and Multimedia Security.