Automated reverse engineering of role-based access control policies of web applications

Le, Hung M.; Shar, Lwin Khin; Bianculli, Domenico; Briand, Lionel C.; Nguyen, Cu

doi:10.1016/j.jss.2021.111109

Cited by 9 publications

(2 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also introduce a new approach to analyze the presence of heterogeneous access control policies in RAMHAC by modeling the policies with Datalog facts and using the μz tool. The management model includes a wide range of management relationships, commands, antecedent constraints, and postecedent constraints.Le et al in [4] proposed a semi-automated reverse engineering access control policy framework for learning and recovering role-based access control (RBAC) policies from web applications to verify the correctness of implemented policies and detect access control issues. The framework is based on a set of security tools that automatically explore a given Web application, mine domain input specifications from access logs, and use combinatorial test generation to systematically generate and execute additional access requests.Spanaki et al [5] proposed the concept of Data Sharing Agreements (DSAs) as an important path and template for AI applications for data management between parties.…”

Section: Access Control Policies and Modelsmentioning

confidence: 99%

Overview of security access control mechanisms

Yang,

Yu,

Tang

et al. 2023

Second International Conference on Applied Statistics, Computational Mathematics, and Software Engineering (ASCMSE 2023)

View full text Add to dashboard Cite

As the core of a computer system, the operating system stores a large amount of sensitive data and critical resources, and in order to ensure the security of these resources, security access control technology has come into being. Security access control technology plays an important role in operating system security. It effectively prevents security risks such as information leakage, data corruption and system breakdown by restricting and controlling users' access to system resources. Security access control technology not only restricts the resources that users can access, but also ensures that users can only perform operations within their authorization, thus protecting the confidentiality, integrity and availability of the system. Security access control technologies use a variety of policies and mechanisms to achieve precise control and protection of resources. These technologies manage and restrict user access through roles, permissions, tags and policies to ensure that only authorized users can access sensitive data and resources, thereby maintaining the stability and trustworthiness of the operating system.

show abstract

Section: Access Control Policies and Modelsmentioning

confidence: 99%

Overview of security access control mechanisms

Yang,

Yu,

Tang

et al. 2023

Second International Conference on Applied Statistics, Computational Mathematics, and Software Engineering (ASCMSE 2023)

View full text Add to dashboard Cite

show abstract

“…The integration spanned four key domains: new student admissions, academics, finance, and human resources. A notable feature of this system is the implementation of role-based access control (RBAC) [1] with Single Sign-On (SSO) capabilities, enhancing security and efficiency.…”

Section: Introductionmentioning

confidence: 99%

Lessons Learned: Enterprise Information System Project on Education Institution

Haryono,

Ramadhani,

Setiawan

et al. 2024

E3S Web of Conf.

View full text Add to dashboard Cite

This paper addresses the challenges posed by Industry 4.0 and the COVID-19 pandemic, which necessitate digital transformation in educational institutions. It focuses on the specific issues of integrating enterprise information systems to facilitate this transformation. The solution proposed is the development of an integrated information system to manage operational processes within educational institutions. This system targets key domains including student admissions, academics, finance, and human resources, utilizing role-based access control (RBAC) and Single Sign-On (SSO) for efficiency and security. The methodology involves a collaborative effort under the Matching Fund program by the Ministry of Education, Culture, Research, and Technology of Indonesia. This collaboration includes the Universitas Islam Indonesia and the Salman Alfarisi Yogyakarta educational institution. The approach includes defining the project, collecting, and reviewing lessons, creating a repository of these lessons, and disseminating the findings. The project successfully developed and implemented an integrated information system, addressing the initial challenges and improving organizational efficiency in the participating educational institution. The system’s deployment covered multiple key operational domains, significantly digitizing the institution’s processes. This paper contributes valuable insights and best practices from the integration project, serving as a model for other universities and educational institutions. It showcases the potential of collaborative efforts in accelerating digital transformation in education, especially in the context of Indonesia’s vast network of universities and educational institutions.

show abstract