We present an approach based on roles and access policies to improve security management of Web applications. The approach first identifies the roles users have in the application, and then the software resources they can access based on the assigned role. Roles and resources are then used to design access policies by means of a visual language based tool providing a metaphor-oriented layer above the well-known role based access control (RBAC) model. A network infrastructure based on a policy enforcement point (PEP) and a policy decision point (PDP) is used to enforce these policies. The proposed approach has been used in a preliminary case study.

Role Based Reengineering of Web Applications

SCANNIELLO, GIUSEPPE;
2005-01-01

Abstract

We present an approach based on roles and access policies to improve security management of Web applications. The approach first identifies the roles users have in the application, and then the software resources they can access based on the assigned role. Roles and resources are then used to design access policies by means of a visual language based tool providing a metaphor-oriented layer above the well-known role based access control (RBAC) model. A network infrastructure based on a policy enforcement point (PEP) and a policy decision point (PDP) is used to enforce these policies. The proposed approach has been used in a preliminary case study.
2005
9780769524702
File in questo prodotto:
File Dimensione Formato  
14_Scanniello.pdf

solo utenti autorizzati

Tipologia: Documento in Post-print
Licenza: DRM non definito
Dimensione 210.13 kB
Formato Adobe PDF
210.13 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11563/13923
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 3
social impact