Abstract
In order to perform a useful threat analysis of a web application platform, some architectural assumptions about such applications must be made. This document describes a generic architecture for typical 3-tier web applications. It serves as the basis for analyzing the threats in the most important infrastructural components in that architecture, presented in the following papers.
Chapter PDF
Similar content being viewed by others
6. References
Departemento di Informatica e Comunicazione, Univesità degli studi di Milano, Italy; url: http://www.dico.unimi.it
Technical University of Ilmenau, Research Group Multimedia Applications, Germany; url: http://www-ifmk.tu-ilmenau.de/mma
Information Systems Security Research Group, University of Salford, UK, url: http://sec.isi.salford.ac.uk/
COmputer Security and Industrial Cryptography (COSIC), Department Electrical engineering (ESAT), Katholieke Universiteit Leuven, Belgium; url: http://www.esat.kuleuven.ac.be/cosic/
DistriNet Research Group, Department of Computer Science, Katholieke Universiteit Leuven, Belgium url: http://www.cs.kuleuven.ac.be/cwis/research/distrinet/
E. Bertino, D. Bruschi, S. Franzoni, I. Nai-Fovino, and S. Valtolina. Threat modelling for SQL Servers. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 189–201
R. Grimm and H. Eichstädt. Threat modelling for ASP.NET — Designing Secure Applications. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 175–187
D. W. Chadwick. Threat Modelling for Active Directory. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp203-
D. De Cock, K. Wouters, D. Schellekens, D. Singelee, and B. Preneel. Threat modelling for security tokens in web applications. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 213–223
L. Desmet, B. Jacobs, F. Piessens, and W. Joosen. Threat modelling for web services based web applications. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, ppl61–174
G. F. Coulouris, J. Dollimore and T. Kindberg. Distributed Systems: Concepts and Design, third edition. Addison-Wesley, 2001.
J. Kohl and C. Neuman. The Kerberos Network Authentication Service (V5), RFC 1510, September 1993, http://www.ietf.org/rfc/rfc1510.txt
W3C Note, SOAP: Simple Object Access Protocol 1.1, May 2000, http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
M. Wahl, T. Howes, and S. Kille. Lightweight Directory Access Protocol (v3), RFC 2251, December 1997, http://www.ietf.org/rfc/rfc2251.txt
R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, January 1999, http://www.ietf.org/rfc/rfc2459.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Desmet, L., Jacobs, B., Piessens, F., Joosen, W. (2005). A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructural Components. In: Chadwick, D., Preneel, B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_9
Download citation
DOI: https://doi.org/10.1007/0-387-24486-7_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24485-3
Online ISBN: 978-0-387-24486-0
eBook Packages: Computer ScienceComputer Science (R0)