Access Control Configuration for J2EE Web Applications: A Formal Perspective

Matteo Casalino 1 Romuald Thion 1 Mohand-Said Hacid 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Business services are increasingly dependent upon Web applications. Whereas URL-based access control is one of the most prominent and pervasive security mechanism in use, failure to restrict URL accesses is still a major security risk. This paper aims at mitigating this risk by giving a formal semantics for access control constraints standardized in the J2EE Java Servlet Specification, arguably one of the most common framework for web applications. A decision engine and a comparison algorithm for change impact analysis of access control configurations are developed on top of this formal building block.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01353147
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Wednesday, August 10, 2016 - 4:24:23 PM
Last modification on : Tuesday, February 26, 2019 - 11:49:41 AM

Links full text

Identifiers

Citation

Matteo Casalino, Romuald Thion, Mohand-Said Hacid. Access Control Configuration for J2EE Web Applications: A Formal Perspective. Trust, Privacy and Security in Digital Business, Sep 2012, Vienna, Austria. pp.30-35, ⟨10.1007/978-3-642-32287-7_3⟩. ⟨hal-01353147⟩

Share

Metrics

Record views

148