Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current s...
Somesh Jha, Ninghui Li, Mahesh V. Tripunitara, Qih...
A major drawback of existing access control systems is that they have all been developed with a specific access control policy in mind. This means that all protection requirement...
Sushil Jajodia, Pierangela Samarati, V. S. Subrahm...
This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a rolebased ac...
There is considerable interest in programs that can migrate from one host to another and execute. Mobile programs are appealing because they support efficient utilization of networ...
Certified code is a general mechanism for enforcing security properties. In this paradigm, untrusted mobile code carries annotations that allow a host to verify its trustworthine...