Automated reverse engineering of role-based access control policies of web applications

Automated reverse engineering of role-based access control policies of web applications

Access control (AC) is an important security mechanism used in software systems to restrict access to sensitive resources. Therefore, it is essential to validate the correctness of AC implementations with respect to policy specifications or intended access rights. However, in practice, AC policy spe...

Full description

Saved in:

Bibliographic Details
Main Authors:	LE, Ha Thanh, SHAR, Lwin Khin, BIANCULLI, Domenico, BRIAND, Lionel C., NGUYEN, Cu Duy
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2022
Subjects:	Access control testing Reverse engineering Access control policies Machine learning Information Security Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/6407 https://ink.library.smu.edu.sg/context/sis_research/article/7410/viewcontent/main.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: Thome, Julian, et al.
Published: (2021)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Enforcing access control over data streams
by: Carminati, B., et al.
Published: (2013)

Secure access control in unix
by: HEMAL NAMDEV RATHOD
Published: (2010)

Access control protocols with two-layer architecture for wireless networks
by: Wan, Z., et al.
Published: (2013)

Layered Security for Storage at the Edge: On Decentralized Multi-factor Access Control
by: Esiner, Ertem, et al.
Published: (2017)

Anonymous DoS-resistant access control protocol using passwords for wireless networks
by: Wan, Z., et al.
Published: (2013)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Match in my way: Fine-grained bilateral access control for secure cloud-fog computing
by: XU, Shengmin, et al.
Published: (2022)

Medium access control for dynamic spectrum access in cognitive radio networks : analysis under uncertainty
by: Dong, Qiumin, et al.
Published: (2013)

A framework to enforce access control over data streams
by: Carminati, B., et al.
Published: (2013)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing
by: WAN, Zhiguo, et al.
Published: (2012)

EACSIP: Extendable Access Control System with Integrity Protection for enhancing collaboration in the cloud
by: SUSILO, Willy, et al.
Published: (2017)

A collusion-resistant conditional access system for flexible-pay-per-channel pay-tv broadcasting
by: Wan, Z., et al.
Published: (2014)

An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited
by: CUI, Hui, et al.
Published: (2018)

An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited
by: CUI, Hui, et al.
Published: (2018)

Computer based fingerprint access control system
by: Asensi, John-John, et al.
Published: (1990)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

MLD-AD real-time change password script
by: Inamarga, Harold N.
Published: (2007)

REKS: Role-based Encrypted Keyword Search with enhanced access control for outsourced cloud data
by: MIAO, Yibin, et al.
Published: (2023)

Attribute-based encryption for cloud computing access control: A survey
by: ZHANG, Yinghui, et al.
Published: (2020)

Expressive bilateral access control for Internet-of-Things in cloud-fog computing
by: XU, Shengmin, et al.
Published: (2021)

Attribute-based access to scalable media in cloud-assisted content sharing
by: WU, Yongdong, et al.
Published: (2013)

An efficient and expressive ciphertext-policy attribute-based-encryption scheme with partially hidden access structures
by: CUI, Hui, et al.
Published: (2016)

Privacy-Respecting Intrusion Detection
by: Flegel, Ulrich
Published: (2017)

Secure Data Management
Published: (2017)

Framework to apply risk-based approach to Identity and Access Management (IAM) to address negligent insider in the BPO
by: Vasquez, Merrynol Libunao
Published: (2017)

Secure fine-grained access control and data sharing for dynamic groups in the cloud
by: XU, Shengmin, et al.
Published: (2018)

Sanitizable access control system for secure cloud storage against malicious data publishers
by: SUSILO, Willy, et al.
Published: (2022)

Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things
by: ZHANG, Yinghui, et al.
Published: (2018)

Controlling information access in simulation games
by: Yeo, G.K., et al.
Published: (2014)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
by: THOME, Julian, et al.
Published: (2015)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Two-factor authentication for trusted third party free dispersed storage
by: Esiner, Ertem, et al.
Published: (2019)

Design and Implementation of a Secure Prototype for EPCglobal Network Services
by: SHI, Jie, et al.
Published: (2012)

An efficient access control method for multimedia social networks
by: Sachan, A., et al.
Published: (2013)

Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps
by: MALVIYA, Vikas Kumar, et al.
Published: (2022)

Transparent HTTPS web filtering system with no end user configuration - Prozilla
by: Dones, Paulo Nicole D., et al.
Published: (2014)