A verification framework for access control in dynamic web applications

Manar H. Alalfi, James R. Cordy, Thomas R. Dean
2009 Proceedings of the 2009 C3S2E conference on - C3S2E '09  
This paper proposes a security analysis framework for dynamic web applications. A reverse engineering process is performed over a dynamic web application to extract a rolebased access control security model. A formal analysis is applied on the recovered model to check access control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer.
doi:10.1145/1557626.1557643 dblp:conf/c3s2e/AlalfiCD09 fatcat:2vu6lcuq2zfdrihly6jiyg2dba