A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
A verification framework for access control in dynamic web applications
2009
Proceedings of the 2009 C3S2E conference on - C3S2E '09
This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a rolebased access control security model. A formal analysis is applied on the recovered model to check access control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer.
doi:10.1145/1557626.1557643
dblp:conf/c3s2e/AlalfiCD09
fatcat:2vu6lcuq2zfdrihly6jiyg2dba