Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Automated verification of role-based access control security models recovered from dynamic web applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Alalfi, M.H. ; Sch. of Comput., Queen''s Univ., Kingston, ON, Canada ; Cordy, J.R. ; Dean, T.R.

This paper presents an original Model-Driven-Engineering (MDE) approach to support the verification and testing of security properties in dynamic web applications. Based on a previously recovered UML-based fine-grained security model, the approach begins by transforming the model into a Prolog-based formal model. The Prolog model is then checked to verify whether the application conforms to specified access control security properties. We demonstrate the use of our method on the popular open source bulletin board system PhpBB 2.0, in the context of three test scenarios: testing for unauthorized access, web application security maintenance, and web application re-engineering.

Published in:

Web Systems Evolution (WSE), 2012 14th IEEE International Symposium on

Date of Conference:

28-28 Sept. 2012