Skip to Main content Skip to Navigation
Conference papers

Access Control Configuration for J2EE Web Applications: A Formal Perspective

Matteo Casalino 1 Romuald Thion 1 Mohand-Said Hacid 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Business services are increasingly dependent upon Web applications. Whereas URL-based access control is one of the most prominent and pervasive security mechanism in use, failure to restrict URL accesses is still a major security risk. This paper aims at mitigating this risk by giving a formal semantics for access control constraints standardized in the J2EE Java Servlet Specification, arguably one of the most common framework for web applications. A decision engine and a comparison algorithm for change impact analysis of access control configurations are developed on top of this formal building block.
Document type :
Conference papers
Complete list of metadatas
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Wednesday, August 10, 2016 - 4:24:23 PM
Last modification on : Wednesday, July 8, 2020 - 12:43:36 PM

Links full text



Matteo Casalino, Romuald Thion, Mohand-Said Hacid. Access Control Configuration for J2EE Web Applications: A Formal Perspective. Trust, Privacy and Security in Digital Business, Sep 2012, Vienna, Austria. pp.30-35, ⟨10.1007/978-3-642-32287-7_3⟩. ⟨hal-01353147⟩



Record views