A verification framework for access control in dynamic web applications

14 years 3 months ago

Download research.cs.queensu.ca

This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a rolebased access control security model. A formal analysis is applied on the recovered model to check access control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer. Categories and Subject Descriptors D.2.7 [Software Engineering]: Distribution, Maintenance, and Enhancement--reverse engineering; J.8 [Computer Applications]: Internet Applications

Manar H. Alalfi, James R. Cordy, Thomas R. Dean

Real-time Traffic

Access Control Security | C3S2E 2009 | Dynamic Web Application | Security Analysis Framework | Software Engineering |

claim paper

Post Info
More Details (n/a)

Added	12 Aug 2010
Updated	12 Aug 2010
Type	Conference
Year	2009
Where	C3S2E
Authors	Manar H. Alalfi, James R. Cordy, Thomas R. Dean

Comments (0)

Sciweavers

A verification framework for access control in dynamic web applications

Access Control Security | C3S2E 2009 | Dynamic Web Application | Security Analysis Framework | Software Engineering |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers