VNU-UET Repository

VeRA: Verifying RBAC and authorization constraints models of web applications

Luong, Thanh Nhan and Truong, Ninh Thuan (2020) VeRA: Verifying RBAC and authorization constraints models of web applications. International journal of software engineering and knowledge engineering (IJSEKE) . ISSN 0218-1940 (In Press)

Full text not available from this repository.

Abstract

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. In this paper, we introduce an approach to reviewing the implementation of these models in web applications written by JavaEE according to the MVC architecture under the support of the Spring Security framework. The proposed method helps developers detect flaws in the assignment implementation process of the models. Firstly, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the system. Next, algorithms are introduced to validate the correctness of implemented user - role and role - permission assignments in the application system against the role-based access control and authorization constraint specification by the SecureUML model. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool has also experimented with a number of access violation scenarios in the medical record management system.

Item Type: Article
Subjects: ISI-indexed journals
Divisions: School of Aerospace Engineering (SAE)
Depositing User: Prof. Ninh Thuan Truong
Date Deposited: 30 Nov 2020 14:57
Last Modified: 30 Nov 2020 14:57
URI: http://eprints.uet.vnu.edu.vn/eprints/id/eprint/4095

Actions (login required)

View Item View Item