HDM—a model-based approach to hypertext application design
ACM Transactions on Information Systems (TOIS)
Role-Based Access Control Models
Computer
An object oriented approach to Web-based applications design
Theory and Practice of Object Systems - Special issue objects, databases, and the WWW
WSDM: a user centered design method for Web sites
WWW7 Proceedings of the seventh international conference on World Wide Web 7
Web Modeling Language (WebML): a modeling language for designing Web sites
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Architecture recovery of web applications
Proceedings of the 24th International Conference on Software Engineering
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Understanding Web Applications through Dynamic Analysis
IWPC '04 Proceedings of the 12th IEEE International Workshop on Program Comprehension
An Approach to Extract RBAC Models from BPEL4WS Processes
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Integrating Static and Dynamic Analysis to improve the Comprehension of Existing Web Applications
WSE '05 Proceedings of the Seventh IEEE International Symposium on Web Site Evolution
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
The TXL source transformation language
Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
SQL2XMI: Reverse Engineering of UML-ER Diagrams from Relational Database Schemas
WCRE '08 Proceedings of the 2008 15th Working Conference on Reverse Engineering
A Practical Evaluation of Using TXL for Model Transformation
Software Language Engineering
Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications
ICSTW '09 Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation Workshops
Extraction of Inter-procedural Simple Role Privilege Models from PHP Code
WCRE '09 Proceedings of the 2009 16th Working Conference on Reverse Engineering
Modelling methods for web application verification and testing: state of the art
Software Testing, Verification & Reliability
Automating Coverage Metrics for Dynamic Web Applications
CSMR '10 Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Uncovering access control weaknesses and flaws with security-discordant software clones
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic web applications from previously recovered structural and behavioral models. The SecureUML model generated by this technique can be used to check for security properties of the original application. We demonstrate our approach by constructing an RBAC security model of PhpBB, a popular internet bulletin board system.