Author(s)

M. A. Alabdulkareem

Abstract

Web-based Information Systems (WIS) are becoming more popular; they consist of a collection of servers providing one or more services. WIS usually grow in time to become a complex mixture of servers. Changing the WIS architecture may affect the performance or create new security threats. This paper proposes a framework to evaluate a WIS from architectural and security points of view. The framework follows a layer-based approach to analyse the desired web information system. Keywords: web system evaluation, security evaluation, web information systems, data flow analysis, network analysis, performance analysis. 1 Introduction Analysis of web logs is a well-known approach to detect problems on the web server. The logs will reveal much information that can be used as indicators to system performance [1] as well as security threats [2]. However, in real life more than one server is connected to act as one whole system. Moreover, the logs will tell what happened in the past and much information about the system performance and architecture will be hidden under the complex architecture. This work proposes a framework to analyse WIS based on data flow so as to capture more information about performance and security. The flow of the data and how it is going to be accessed totally affected by the system architecture. So the aim of this approach is to model the WIS in a simplified diagram. This diagram should demonstrate the overall structure of the WIS and business details that affect the data flow. The following section describes the framework in more detail. In the third section the framework is

Keywords

web system evaluation, security evaluation, web information systems, data flow analysis, network analysis, performance analysis.