Security models for web-based applications

Authors:
James B. D. Joshi;Walid G. Aref;Arif Ghafoor;Eugene H. Spafford
Affiliations:
Purdue Univ., West Lafayette, IN;Purdue Univ., West Lafayette, IN;Purdue Univ., West Lafayette, IN;Purdue Univ., West Lafayette, IN
Venue:
Communications of the ACM
Year:
2001

Citing 10
Cited 44

Web security & commerce

Web security & commerce
A role-based access control model and reference implementation within a corporate intranet

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protecting information on the Web

Communications of the ACM
Protection in operating systems

Communications of the ACM
Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace

Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace
Lattice-Based Access Control Models

Computer
A Role-Based Access Control for Intranet Security

IEEE Internet Computing
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Using public-key infrastructures for security and risk management

IEEE Communications Magazine

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
ACM fellow profile: Eugene H. Spafford

ACM SIGSOFT Software Engineering Notes
A model for role administration using organization structure

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
An agreement centric access control mechanism for business to business e-commerce

Proceedings of the 2002 ACM symposium on Applied computing
Bracket capabilities for distributed systems security

ACSC '02 Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4
Opsis: a distributed object architecture based on bracket capabilities

CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
Web Document Access Control Using Two-Layered Storage Structures with RBAC Server

EurAsia-ICT '02 Proceedings of the First EurAsian Conference on Information and Communication Technology
Personal trusted devices for web services: revisiting multilevel security

Mobile Networks and Applications - Security in mobile computing environments
A security model for distributed computing

Journal of Computing Sciences in Colleges
Web application security assessment by fault injection and behavior monitoring

WWW '03 Proceedings of the 12th international conference on World Wide Web
Dependencies and separation of duty constraints in GTRBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
A secure workflow model

ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Task-role-based access control model

Information Systems
Design and implementation of a fine-grained menu control processor for web-based information systems

Future Generation Computer Systems - Selected papers on theoretical and computational aspects of structural dynamical systems in linear algebra and control
Toward an integrative model of application-software security

Practicing software engineering in the 21st century
Developing trust in internet commerce

CASCON '03 Proceedings of the 2003 conference of the Centre for Advanced Studies on Collaborative research
An e-channel development framework for hybrid e-retailers

Managing e-commerce and mobile computing technologies
An access control framework for business processes for web services

Proceedings of the 2003 ACM workshop on XML security
XML-Based Specification for Web Services Document Security

Computer
A Management Perspective on Risk of Security Threats to Information Systems

Information Technology and Management
An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Dependable and Secure Computing
A testing framework for Web application security assessment

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Fine-grained role-based delegation in presence of the hybrid role hierarchy

Proceedings of the eleventh ACM symposium on Access control models and technologies
Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Proceedings of the eleventh ACM symposium on Access control models and technologies
An effective role administration model using organization structure

ACM Transactions on Information and System Security (TISSEC)
Distributed multimedia information systems: an end-to-end perspective

Multimedia Tools and Applications
Formal foundations for hybrid hierarchies in GTRBAC

ACM Transactions on Information and System Security (TISSEC)
Role management in adhoc networks

SpringSim '07 Proceedings of the 2007 spring simulaiton multiconference - Volume 1
Assessing anti-phishing preparedness: A study of online banks in Hong Kong

Decision Support Systems
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time

International Journal of Information and Computer Security
Security from the bottom-up: compliance regulations and the trend toward design-oriented web applications

Journal of Computing Sciences in Colleges
Security in dynamic web content management systems applications

Communications of the ACM - Finding the Fun in Computer Science Education
A testing framework for Web application security assessment

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Injecting a permission-based delegation model to secure web-based workflow systems

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Incorporating flexible, configurable and scalable security to the education collaborative environments

FIE'09 Proceedings of the 39th IEEE international conference on Frontiers in education conference
SecurOntology: A semantic web access control framework

Computer Standards & Interfaces
Understanding the acceptance of mobile university services: an empirical analysis

International Journal of Mobile Learning and Organisation
Dynamic access control administration for collaborative applications

ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Intelligent social networks

Proceedings of the International Conference on Web Intelligence, Mining and Semantics
Information systems resources and information security

Information Systems Frontiers
Addressing cloud computing security issues

Future Generation Computer Systems
Interactive credential negotiation for stateful business processes

iTrust'05 Proceedings of the Third international conference on Trust Management
GitBAC: Flexible access control for non-modular concerns

ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Supporting customized views for enforcing access control constraints in real-time collaborative web applications

ICWE'13 Proceedings of the 13th international conference on Web Engineering

Quantified Score

Hi-index	48.22

Security models for web-based applications

Quantified Score

Visualization

Abstract