scholarly journals SG-PAC: A stochastic game approach to generate personal privacy paradox access-control policies in social networks

2021 ◽  
Vol 102 ◽  
pp. 102157
Author(s):  
Yu Wu ◽  
Li Pan
2008 ◽  
Vol 10 (4) ◽  
pp. 1-37 ◽  
Author(s):  
Luc Bouganim ◽  
Francois Dang Ngoc ◽  
Philippe Pucheral

2002 ◽  
Vol 5 (1) ◽  
pp. 1-35 ◽  
Author(s):  
Piero Bonatti ◽  
Sabrina De Capitani di Vimercati ◽  
Pierangela Samarati

Author(s):  
Thanh-Nhan Luong ◽  
Hanh-Phuc Nguyen ◽  
Ninh-Thuan Truong

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.


Author(s):  
Amani Abu Jabal ◽  
Elisa Bertino ◽  
Jorge Lobo ◽  
Mark Law ◽  
Alessandra Russo ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document