Refactoring: improving the design of existing code
Refactoring: improving the design of existing code
JAsCo: an aspect-oriented approach tailored for component based software development
Proceedings of the 2nd international conference on Aspect-oriented software development
The Journal of Machine Learning Research
Software traceability with topic modeling
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Nemesis: preventing authentication & access control vulnerabilities in web applications
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Reverse Engineering Co-maintenance Relationships Using Conceptual Analysis of Source Code
WCRE '11 Proceedings of the 2011 18th Working Conference on Reverse Engineering
Proceedings of the 34th International Conference on Software Engineering
Fast Detection of Access Control Vulnerabilities in PHP Applications
WCRE '12 Proceedings of the 2012 19th Working Conference on Reverse Engineering
Uncovering access control weaknesses and flaws with security-discordant software clones
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Access control models implement mechanisms to restrict access to sensitive data from unprivileged users. Access controls typically check privileges that capture the semantics of the operations they protect. Semantic smells and errors in access control models stem from privileges that are partially or totally unrelated to the action they protect. This paper presents a novel approach, partly based on static analysis and information retrieval techniques, for the automatic detection of semantic smells and errors in access control models. Investigation of the case study application revealed 31 smells and 2 errors. Errors were reported to developers who quickly confirmed their relevance and took actions to correct them. Based on the obtained results, we also propose three categories of semantic smells and errors to lay the foundations for further research on access control smells in other systems and domains.