Automated reverse engineering of role-based access control policies of web applications

Automated reverse engineering of role-based access control policies of web applications

Access control (AC) is an important security mechanism used in software systems to restrict access to sensitive resources. Therefore, it is essential to validate the correctness of AC implementations with respect to policy specifications or intended access rights. However, in practice, AC policy spe...

Full description

Saved in:

Bibliographic Details
Main Authors:	LE, Ha Thanh, SHAR, Lwin Khin, BIANCULLI, Domenico, BRIAND, Lionel C., NGUYEN, Cu Duy
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2022
Subjects:	Access control testing Reverse engineering Access control policies Machine learning Information Security Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/6407 https://ink.library.smu.edu.sg/context/sis_research/article/7410/viewcontent/main.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: Thome, Julian, et al.
Published: (2021)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Medium access control for dynamic spectrum access in cognitive radio networks : analysis under uncertainty
by: Dong, Qiumin, et al.
Published: (2013)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Enforcing access control over data streams
by: Carminati, B., et al.
Published: (2013)

Computer based fingerprint access control system
by: Asensi, John-John, et al.
Published: (1990)

Secure access control in unix
by: HEMAL NAMDEV RATHOD
Published: (2010)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Match in my way: Fine-grained bilateral access control for secure cloud-fog computing
by: XU, Shengmin, et al.
Published: (2022)

Access control protocols with two-layer architecture for wireless networks
by: Wan, Z., et al.
Published: (2013)

Layered Security for Storage at the Edge: On Decentralized Multi-factor Access Control
by: Esiner, Ertem, et al.
Published: (2017)

Anonymous DoS-resistant access control protocol using passwords for wireless networks
by: Wan, Z., et al.
Published: (2013)

EACSIP: Extendable Access Control System with Integrity Protection for enhancing collaboration in the cloud
by: SUSILO, Willy, et al.
Published: (2017)

Framework to apply risk-based approach to Identity and Access Management (IAM) to address negligent insider in the BPO
by: Vasquez, Merrynol Libunao
Published: (2017)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Controlling information access in simulation games
by: Yeo, G.K., et al.
Published: (2014)

A framework to enforce access control over data streams
by: Carminati, B., et al.
Published: (2013)

A collusion-resistant conditional access system for flexible-pay-per-channel pay-tv broadcasting
by: Wan, Z., et al.
Published: (2014)

An efficient access control method for multimedia social networks
by: Sachan, A., et al.
Published: (2013)

An efficient and expressive ciphertext-policy attribute-based-encryption scheme with partially hidden access structures
by: CUI, Hui, et al.
Published: (2016)

An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited
by: CUI, Hui, et al.
Published: (2018)

An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited
by: CUI, Hui, et al.
Published: (2018)

HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing
by: WAN, Zhiguo, et al.
Published: (2012)

Peer-aware collaborative access control in social networks
by: Xiao, Q., et al.
Published: (2013)

SCTAC: A novel MAC protocol for a multiCode-CDMA network
by: Kong, P.-Y., et al.
Published: (2014)

REKS: Role-based Encrypted Keyword Search with enhanced access control for outsourced cloud data
by: MIAO, Yibin, et al.
Published: (2023)

An underwater acoustic MAC protocol using reverse opportunistic packet appending
by: Ng, H.-H., et al.
Published: (2014)

The impact of gated community on connectivity & accessibility
by: WANG QING
Published: (2011)

TIME DOMAIN MEDIUM ACCESS CONTROL PROTOCOLS FOR UNDERWATER ACOUSTIC NETWORKS
by: SHAHABUDEEN SHIRAZ
Published: (2012)

Network media access control with QoS modeled through timed automata
by: Obach, Darlene Daryl, et al.
Published: (2009)

Attribute-based encryption for cloud computing access control: A survey
by: ZHANG, Yinghui, et al.
Published: (2020)

Expressive bilateral access control for Internet-of-Things in cloud-fog computing
by: XU, Shengmin, et al.
Published: (2021)

Personal computer numerically controlled retrofitted gas cutting machine using fuzzy logic
by: Trinidad, Babelio L.
Published: (2004)

Challenges to higher education in Cambodia: access, equity of access and quality & relevance
by: O'Brien, Patricia Noelle
Published: (2014)

Automated removal of cross site scripting vulnerabilities in web applications
by: Shar, Lwin Khin, et al.
Published: (2013)

Improving Primary School Access in Disadvantaged Communes
by: Greeves, Richard, et al.
Published: (2014)

MLD-AD real-time change password script
by: Inamarga, Harold N.
Published: (2007)

Do students with high grade point averages create better passwords?
by: De La Cuesta, Josephine M.
Published: (2018)

A primer on rate-splitting multiple access: tutorial, myths, and frequently asked questions
by: Clerckx, Bruno, et al.
Published: (2023)

Dual access control for cloud-based data storage and sharing
by: NING, Jianting, et al.
Published: (2022)