1. Inicio
  2. Universitat Oberta de Catalunya
  3. Documents de recerca
  4. Tecnologia i comunicació
  5. Informàtica, tecnologia i multimèdia
  6. Articles
  7. Ver ítem

Model-based analysis of Java EE web security misconfigurations

dc.contributor
AtlanMod
dc.contributor
Universitat Oberta de Catalunya (UOC)
dc.contributor.author
Martínez Pérez, Salvador
dc.contributor.author
Cosentino, Valerio
dc.contributor.author
Cabot Sagrera, Jordi
dc.date
2019-04-11T07:53:56Z
dc.date
2019-04-11T07:53:56Z
dc.date
2017-09-01
dc.identifier.citation
Martínez Pérez, S., Cosentino, V. & Cabot Sagrera, J. (2017). Model-based analysis of Java EE web security misconfigurations. Computer Languages, Systems and Structures, 49(), 36-61. doi: 10.1016/j.cl.2017.02.001
dc.identifier.citation
1477-8424
dc.identifier.citation
10.1016/j.cl.2017.02.001
dc.identifier.uri
http://hdl.handle.net/10609/93050
dc.description.abstract
The Java EE framework, a popular technology of choice for the development of web applications, provides developers with the means to define access-control policies to protect application resources from unauthorized disclosures and manipulations. Unfortunately, the definition and manipulation of such security policies remains a complex and error prone task, requiring expert-level knowledge on the syntax and semantics of the Java EE access-control mechanisms. Thus, misconfigurations that may lead to unintentional security and/or availability problems can be easily introduced. In response to this problem, we present a (model-based) reverse engineering approach that automatically evaluates a set of security properties on reverse engineered Java EE security configurations, helping to detect the presence of anomalies. We evaluate the efficacy and pertinence of our approach by applying our prototype tool on a sample of real Java EE applications extracted from GitHub.
dc.format
application/pdf
dc.language.iso
eng
dc.publisher
Computer Languages, Systems and Structures
dc.relation
Computer Languages, Systems and Structures, 2017, 49()
dc.relation
https://hal-cea.archives-ouvertes.fr/cea-01803832/file/Martinez2017.pdf
dc.rights
(c) Author/s & (c) Journal
dc.rights
info:eu-repo/semantics/openAccess
dc.subject
reverse engineering
dc.subject
model driven engineering
dc.subject
security
dc.subject
ingeniería dirigida por modelos
dc.subject
seguridad
dc.subject
ingeniería inversa
dc.subject
enginyeria dirigida per models
dc.subject
seguretat
dc.subject
enginyeria inversa
dc.subject
Web applications
dc.subject
Aplicacions web
dc.subject
Aplicaciones web
dc.title
Model-based analysis of Java EE web security misconfigurations
dc.type
info:eu-repo/semantics/article
dc.type
info:eu-repo/semantics/submittedVersion


Ficheros en el ítem

FicherosTamañoFormatoVer

No hay ficheros asociados a este ítem.

Este ítem aparece en la(s) siguiente(s) colección(ones)

Articles [361]