A verification framework for access control in dynamic web applications

Authors:
Manar H. Alalfi;James R. Cordy;Thomas R. Dean
Affiliations:
Queen's University, Kingston, Canada;Queen's University, Kingston, Canada;Queen's University, Kingston, Canada
Venue:
C3S2E '09 Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering
Year:
2009

Citing 15
Cited 0

Role-Based Access Control Models

Computer
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
WebUml: reverse engineering of web applications

Proceedings of the 2004 ACM symposium on Applied computing
Securing web application code by static analysis and runtime protection

Proceedings of the 13th international conference on World Wide Web
authUML: a three-phased framework to analyze access control specifications in use cases

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A testing framework for Web application security assessment

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Software Abstractions: Logic, Language, and Analysis

Software Abstractions: Logic, Language, and Analysis
The TXL source transformation language

Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
Towards realizing a formal RBAC model in real systems

Proceedings of the 12th ACM symposium on Access control models and technologies
SQL2XMI: Reverse Engineering of UML-ER Diagrams from Relational Database Schemas

WCRE '08 Proceedings of the 2008 15th Working Conference on Reverse Engineering
Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications

ICSTW '09 Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation Workshops
WAVer: A Model Checking-based Tool to Verify Web Application Design

Electronic Notes in Theoretical Computer Science (ENTCS)
A survey of analysis models and methods in website verification and testing

ICWE'07 Proceedings of the 7th international conference on Web engineering
MDA and analysis of web applications

TEAA'05 Proceedings of the 31st VLDB conference on Trends in Enterprise Application Architecture

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a role-based access control security model. A formal analysis is applied on the recovered model to check access control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer.