The University of Southampton
University of Southampton Institutional Repository

A declarative and fine-grained policy language for the web application domain

A declarative and fine-grained policy language for the web application domain
A declarative and fine-grained policy language for the web application domain
A Web application that deploys on a set of servers and can be accessed by a large number of users over the Internet requires efficient security mechanisms. The core element in security is access control that enforces desired policies over the shared objects of the system and stops the unauthorised users to operate on these objects. Moreover, the used access control mechanism needs to be managed, through authorisation management elements, during the run-time of the system by the administrators. Therefore, the development of such models and their mechanisms are a main concern for secure systems development. Fine-grained access control and their authorisation management models provide more customisation possibilities and administrative power to the developers; however, in Web applications these models are typically hand-coded without taking advantage of the data model, object types, or contextual information.

This thesis presents the design, implementation and evaluation of (), a declarative, fine-grained policy language that enables the developer to define a set of fine-grained access control and authorisation management models for a Web application. For () three types of access control and authorisation management models were designed and implemented. These models, used by (), are based on four main access control approaches, namely attribute-, discretionary-, mandatory-, and role-based access control models. For efficiency and flexibility, each access control model can be used with an authorisation management model. () compiler, first validates and verifies all these models based on written transformation strategies and verifies them by translating them into logical satisfiability problems to check the models for correctness and completeness, and against independently defined coverage criteria. If the models pass these tests, the generator then compiles them down to the existing tiers of WebDSL, a domain specific Web programming language.
Ghotbi, Seyed Hossein
a5d88e77-cd7e-45bf-86fd-92cd76437895
Ghotbi, Seyed Hossein
a5d88e77-cd7e-45bf-86fd-92cd76437895
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18

Ghotbi, Seyed Hossein (2014) A declarative and fine-grained policy language for the web application domain. University of Southampton, Physical Sciences and Engineering, Doctoral Thesis, 259pp.

Record type: Thesis (Doctoral)

Abstract

A Web application that deploys on a set of servers and can be accessed by a large number of users over the Internet requires efficient security mechanisms. The core element in security is access control that enforces desired policies over the shared objects of the system and stops the unauthorised users to operate on these objects. Moreover, the used access control mechanism needs to be managed, through authorisation management elements, during the run-time of the system by the administrators. Therefore, the development of such models and their mechanisms are a main concern for secure systems development. Fine-grained access control and their authorisation management models provide more customisation possibilities and administrative power to the developers; however, in Web applications these models are typically hand-coded without taking advantage of the data model, object types, or contextual information.

This thesis presents the design, implementation and evaluation of (), a declarative, fine-grained policy language that enables the developer to define a set of fine-grained access control and authorisation management models for a Web application. For () three types of access control and authorisation management models were designed and implemented. These models, used by (), are based on four main access control approaches, namely attribute-, discretionary-, mandatory-, and role-based access control models. For efficiency and flexibility, each access control model can be used with an authorisation management model. () compiler, first validates and verifies all these models based on written transformation strategies and verifies them by translating them into logical satisfiability problems to check the models for correctness and completeness, and against independently defined coverage criteria. If the models pass these tests, the generator then compiles them down to the existing tiers of WebDSL, a domain specific Web programming language.

Text
Ghotbi.pdf - Other
Download (7MB)

More information

Published date: June 2014
Organisations: University of Southampton, Electronic & Software Systems

Identifiers

Local EPrints ID: 369989
URI: http://eprints.soton.ac.uk/id/eprint/369989
PURE UUID: 7867aac1-ceb5-4fcf-96a2-16bf22ac9df2

Catalogue record

Date deposited: 27 Oct 2014 12:01
Last modified: 14 Mar 2024 18:11

Export record

Contributors

Author: Seyed Hossein Ghotbi
Thesis advisor: Bernd Fischer

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×