Access Control Configuration for J2EE Web Applications: A Formal Perspective - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2012

Access Control Configuration for J2EE Web Applications: A Formal Perspective

Matteo Casalino
  • Fonction : Auteur
  • PersonId : 984258
Romuald Thion
Mohand-Said Hacid

Résumé

Business services are increasingly dependent upon Web applications. Whereas URL-based access control is one of the most prominent and pervasive security mechanism in use, failure to restrict URL accesses is still a major security risk. This paper aims at mitigating this risk by giving a formal semantics for access control constraints standardized in the J2EE Java Servlet Specification, arguably one of the most common framework for web applications. A decision engine and a comparison algorithm for change impact analysis of access control configurations are developed on top of this formal building block.

Dates et versions

hal-01353147 , version 1 (10-08-2016)

Identifiants

Citer

Matteo Casalino, Romuald Thion, Mohand-Said Hacid. Access Control Configuration for J2EE Web Applications: A Formal Perspective. Trust, Privacy and Security in Digital Business, Sep 2012, Vienna, Austria. pp.30-35, ⟨10.1007/978-3-642-32287-7_3⟩. ⟨hal-01353147⟩
72 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More