Model-assisted access control implementation for code-centric ruby-on-rails web application development

Seiji Munetoh, Nobukazu Yoshioka

研究成果: Conference contribution

5 被引用数 (Scopus)

抄録

In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.

本文言語English
ホスト出版物のタイトルProceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
ページ350-359
ページ数10
DOI
出版ステータスPublished - 2013
外部発表はい
イベント2013 8th International Conference on Availability, Reliability and Security, ARES 2013 - Regensburg, Germany
継続期間: 2013 9月 22013 9月 6

出版物シリーズ

名前Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Conference

Conference2013 8th International Conference on Availability, Reliability and Security, ARES 2013
国/地域Germany
CityRegensburg
Period13/9/213/9/6

ASJC Scopus subject areas

  • 安全性、リスク、信頼性、品質管理

フィンガープリント

「Model-assisted access control implementation for code-centric ruby-on-rails web application development」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル