Recovering Role-Based Access Control Security Models from Dynamic Web Applications [chapter]

Manar H. Alalfi, James R. Cordy, Thomas R. Dean
2012 Lecture Notes in Computer Science  
Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic web applications from previously recovered structural and behavioral models. The SecureUML model
more » ... d by this technique can be used to check for security properties of the original application. We demonstrate our approach by constructing an RBAC security model of PhpBB, a popular internet bulletin board system.
doi:10.1007/978-3-642-31753-8_9 fatcat:o4zwbimgcjhtvh3wbth3mzzkcm