Role-Based Access Control Models
Computer
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
WebUml: reverse engineering of web applications
Proceedings of the 2004 ACM symposium on Applied computing
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
The TXL source transformation language
Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
SQL2XMI: Reverse Engineering of UML-ER Diagrams from Relational Database Schemas
WCRE '08 Proceedings of the 2008 15th Working Conference on Reverse Engineering
Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications
ICSTW '09 Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation Workshops
WAVer: A Model Checking-based Tool to Verify Web Application Design
Electronic Notes in Theoretical Computer Science (ENTCS)
A survey of analysis models and methods in website verification and testing
ICWE'07 Proceedings of the 7th international conference on Web engineering
MDA and analysis of web applications
TEAA'05 Proceedings of the 31st VLDB conference on Trends in Enterprise Application Architecture
Hi-index | 0.00 |
This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a role-based access control security model. A formal analysis is applied on the recovered model to check access control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer.