Authorization Enforcement Detection

被引:2
|
作者
Porat, Ehood [1 ]
Tikochinski, Shmuel [1 ]
Stulman, Ariel [1 ]
机构
[1] Jerusalem Coll Technol, Jerusalem, Israel
来源
PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17) | 2017年
关键词
Authorization; Cookies; CSRF-TOKEN;
D O I
10.1145/3078861.3084172
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
One of the many aspects of website security is the question of authorization breach. It is an attack in which un-authorized entities are allowed access to restricted space. As the complexity of website code increases, the human capability of handling authorization rules and semantics decreases accordingly. In this project, we demonstrate an automated authorization enforcement detection (AED) tool which allows website administrators to check if they have authorization vulnerabilities on their sites.
引用
收藏
页码:179 / 182
页数:4
相关论文
共 50 条
  • [1] Authorization Constraints Specification and Enforcement
    Zhou, Wei
    Meinel, Christoph
    Xiang, Yidong
    Shao, Yang
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2008, 3 (01): : 38 - 50
  • [2] Authorization enforcement in distributed query evaluation
    di Vimercati, Sabrina
    Foresti, Sara
    Jajodia, Sushil
    Paraboschi, Stefano
    Samarati, Pierangela
    [J]. JOURNAL OF COMPUTER SECURITY, 2011, 19 (04) : 751 - 794
  • [3] Authorization Enforcement Usability Case Study
    Bartsch, Steffen
    [J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2011, 6542 : 209 - 220
  • [4] Retrofitting legacy code for authorization policy enforcement
    Ganapathy, Vinod
    Jaeger, Trent
    Jha, Somesh
    [J]. 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2006, : 214 - +
  • [5] Authorization Constraint Enforcement for Information System Security
    Hewett, Rattikorn
    Kijsanayothin, Phongphun
    [J]. 2008 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS (SMC), VOLS 1-6, 2008, : 3501 - 3506
  • [6] Compiling NATO Authorization Policies for Enforcement in the Cloud and SDNs
    Armando, Alessandro
    Ranise, Silvio
    Traverso, Riccardo
    Wrona, Konrad
    [J]. 2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2015, : 741 - 742
  • [7] Secure Access for MANET Using Authorization Enforcement Facility
    Gowthami
    Sangeetha
    [J]. 2013 INTERNATIONAL CONFERENCE ON INFORMATION COMMUNICATION AND EMBEDDED SYSTEMS (ICICES), 2013, : 212 - 216
  • [8] Specification and Enforcement of Dynamic Authorization Policies oriented by Situations
    Kabbani, Bashar
    Laborde, Romain
    Barrere, Francois
    Benzekri, Abdelmalek
    [J]. 2014 6TH INTERNATIONAL CONFERENCE ON NEW TECHNOLOGIES, MOBILITY AND SECURITY (NTMS), 2014,
  • [9] The PRIMA system for privilege management, authorization and enforcement in grid environments
    Lorch, M
    Adams, DB
    Kafura, D
    Koneni, MSR
    Rathi, A
    Shah, S
    [J]. FOURTH INTERNATIONAL WORKSHOP ON GRID COMPUTING, PROCEEDINGS, 2003, : 109 - 116
  • [10] Context based enforcement of authorization for privacy and security in identity management
    Alagar, Vasu
    Wan, Kaiyu
    [J]. POLICIES AND RESEARCH IN IDENTITY MANAGEMENT, 2008, 261 : 25 - 37
12345