This technical report details our a semi-automated framework for the reverse-engineering and testing of access control (AC) policies for web-based applications. In practice, AC specifications are often missing or poorly documented, leading to AC vulnerabilities. Our goal is to learn and recover AC policies from implementation, and assess them to find AC issues. Built on top of a suite of security tools, our framework automatically explores a system under test, mines domain input specifications from access request logs, and then, generates and executes more access requests using combinatorial test generation. We apply machine learning on the obtained data to characterise relevant attributes that influence access control to learn policies. Fi...
Web applications are an essential component of the current wide range of digital services propositio...
Access control systems are widely used means for the protection of computing systems. They are defin...
We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple an...
This technical report details our a semi-automated framework for the reverse-engineering and testing...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
The importance of automated and reproducible security testing of web applications is growing, driven...
In the beginning the World Wide Web, also known as the Internet, consisted mainly of websites. These...
This thesis is a research into developing a methodology and implementation of automated gray-box Bro...
Any type of system, having different users, need to have a access control system for authorized acce...
Abstract—The advent of emerging technologies such as Web services, service-oriented architecture, an...
Access control is one of the most fundamental security mechanisms used in the design and management ...
Automated and reproducible security testing of web applications is getting more and more important, ...
Abstract. Access control vulnerabilities can be disastrous in Web appli-cations. The vulnerabilities...
peer reviewedRole-based access control is an important access control method for securing computer s...
The paper presents an approach based on machine learning to refine attribute-based access control p...
Web applications are an essential component of the current wide range of digital services propositio...
Access control systems are widely used means for the protection of computing systems. They are defin...
We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple an...
This technical report details our a semi-automated framework for the reverse-engineering and testing...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
The importance of automated and reproducible security testing of web applications is growing, driven...
In the beginning the World Wide Web, also known as the Internet, consisted mainly of websites. These...
This thesis is a research into developing a methodology and implementation of automated gray-box Bro...
Any type of system, having different users, need to have a access control system for authorized acce...
Abstract—The advent of emerging technologies such as Web services, service-oriented architecture, an...
Access control is one of the most fundamental security mechanisms used in the design and management ...
Automated and reproducible security testing of web applications is getting more and more important, ...
Abstract. Access control vulnerabilities can be disastrous in Web appli-cations. The vulnerabilities...
peer reviewedRole-based access control is an important access control method for securing computer s...
The paper presents an approach based on machine learning to refine attribute-based access control p...
Web applications are an essential component of the current wide range of digital services propositio...
Access control systems are widely used means for the protection of computing systems. They are defin...
We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple an...