A Novel Approach for Prevention of SQL Injection Attacks Using Cryptography and Access Control Policies

2011 ◽  
pp. 26-33 ◽  
Author(s):  
K. Selvamani ◽  
A. Kannan
Keyword(s):  
Access Control ◽  
Sql Injection ◽  
Control Policies ◽  
Injection Attacks ◽  
Access Control Policies ◽  
Novel Approach ◽  
Sql Injection Attacks

scholarly journals An Ontological Representation of an Adaptive Access Control Mechanism for Enterprise Cloud

2020 ◽  
Vol 8 (5) ◽  
pp. 2390-2396
Keyword(s):  
Resource Allocation ◽  
Access Control ◽  
Control Mechanism ◽  
Peak Load ◽  
Role Based Access Control ◽  
Control Policies ◽  
Access Control Policies ◽  
Novel Approach ◽  
Access Control Mechanism ◽  
Security Concern

With the increased development of cloud computing, access control is of paramount importance as a security concern. Numerous access control approaches exist in various published works. Among such prevalent approaches, Role Based Access Control (RBAC) model for enterprise cloud is scope of the present study. Nowadays, resource management, along with the primary aspect of security concern, is also addressed by the access control policies through restricting the allocation of the computing resources based on the roles assigned to the users. Keeping in view of the upcoming peak-load requirements or certain constraints, the policies may have ineffective resource allocation which leads to over/under-utilization of the resources over a period of time. So, an adaptive access control mechanism is desired that can vary their policies dynamically for resource allocation depending upon the ongoing requirements, for its efficient utilization. This is presented in the form of an adaptive access control mechanism (AACM) that aims to effectively utilize the computing resources in the enterprise cloud. It will aid in identifying the over- and under-allocation of the computing resources defined as access control policies and redefine these policies so as to ensure efficient and effective usage of the enterprise cloud resources. In this paper, this novel approach to access control mechanism for the enterprise cloud is represented using ontologies developed in Protégé. This is developed by identification of the underlying concepts and their interrelationships through properties, in the enterprise cloud. The presented ontology is for the sake of knowledge representation to represent knowledge and facts.

scholarly journals Dynamic access-control policies on XML encrypted data

2008 ◽  
Vol 10 (4) ◽  
pp. 1-37 ◽  
Author(s):  
Luc Bouganim ◽  
Francois Dang Ngoc ◽  
Philippe Pucheral
Keyword(s):  
Access Control ◽  
Control Policies ◽  
Encrypted Data ◽  
Access Control Policies ◽  
Dynamic Access Control

An algebra for composing access control policies

2002 ◽  
Vol 5 (1) ◽  
pp. 1-35 ◽  
Author(s):  
Piero Bonatti ◽  
Sabrina De Capitani di Vimercati ◽  
Pierangela Samarati
Keyword(s):  
Access Control ◽  
Control Policies ◽  
Access Control Policies

VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications

2021 ◽  
Vol 31 (05) ◽  
pp. 655-675
Author(s):  
Thanh-Nhan Luong ◽  
Hanh-Phuc Nguyen ◽  
Ninh-Thuan Truong
Keyword(s):  
Access Control ◽  
Programming Languages ◽  
Web Application ◽  
Web Applications ◽  
Implementation Process ◽  
Record Management ◽  
Role Based Access Control ◽  
Security Issue ◽  
Control Policies ◽  
Access Control Policies

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.

Sign in / Sign up

Export Citation Format

Share Document