Recovering Role-Based Access Control Security Models from Dynamic Web Applications

نویسندگان

  • Manar H. Alalfi
  • James R. Cordy
  • Thomas R. Dean
چکیده

Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic web applications from previously recovered structural and behavioral models. The SecureUML model generated by this technique can be used to check for security properties of the original application. We demonstrate our approach by constructing an RBAC security model of PhpBB, a popular internet bulletin board system.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Extended Role-based Access Control Model for Enterprise Systems and Web Services

This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control...

متن کامل

Privacy Preserving Dynamic Access Control Model with Access Delegation for eHealth

eHealth is the concept of using the stored digital data to achieve clinical, educational, and administrative goals and meet the needs of patients, experts, and medical care providers. Expansion of the utilization of information technology and in particular, the Internet of Things (IoT) in eHealth, raises various challenges, where the most important one is security and access control. In this re...

متن کامل

A context-sensitive dynamic role-based access control model for pervasive computing environments

Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environmen...

متن کامل

Dynamic Access Control Administration for Collaborative Applications

Today’s web-based collaborative applications need new approaches to overcome the shortcomings of classical access control. The limitations on administrative aspects of the existing security models and the requirements for more efficient management of authorizations in order to provide fine-grained and just-in-time access control for collaborative applications are discussed in this paper. The pr...

متن کامل

Dynamic, Context-Aware Access Control for Distributed Healthcare Applications

The rapid worldwide deployment of the Internet and Web is the enabler of a new generation of e-healthcare applications, but the provision of a security architecture that can ensure the privacy and security of sensitive healthcare data is still an open question. Current solutions to this problem (mostly built on static RBAC models) are application-dependent and do not address the intricate secur...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012