2016 IEEE/ACM 8th International Workshop on Modeling in Software Engineering (2016)
Austin, Texas, USA
May 16, 2016 to May 17, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MiSE.2016.017
The widespread use of Java EE web applications as a means to provide distributed services to remote clients imposes strong security requirements, so that the resources managed by these applications remain protected from unauthorized disclosures and manipulations. For this purpose, the Java EE framework provides developers with mechanisms to define access-control policies. Unfortunately, the variety and complexity of the provided security configuration mechanisms cause the definition and manipulation of a security policy to be complex and error prone. As security requirements are not static, and thus, implemented policies must be changed and reviewed often, discovering and representing the policy at an appropriate abstraction level to enable their understanding and reenginering appears as a critical requirement. To tackle this problem, this paper presents a (model-based) approach aimed to help security experts to visualize, (automatically) analyse and manipulate web security policies.
Security, Java, Analytical models, XML, Data mining, Writing, Syntactics
S. Martinez, V. Cosentino and J. Cabot, "Model-Based Analysis of Java EE Web Security Configurations," 2016 IEEE/ACM 8th International Workshop on Modeling in Software Engineering(MiSE), Austin, Texas, USA, 2016, pp. 55-61.