A Web application that deploys on a set of servers and can be accessed by a large number of users over the Internet requires efficient security mechanisms. The core element in security is access control that enforces desired policies over the shared objects of the system and stops the unauthorised users to operate on these objects. Moreover, the used access control mechanism needs to be managed, through authorisation management elements, during the run-time of the system by the administrators. Therefore, the development of such models and their mechanisms are a main concern for secure systems development. Fine-grained access control and their authorisation management models provide more customisation possibilities and administrative power to the developers; however, in Web applications these models are typically hand-coded without taking advantage of the data model, object types, or contextual information. This thesis presents the design, implementation and evaluation of (), a declarative, fine-grained policy language that enables the developer to define a set of fine-grained access control and authorisation management models for a Web application. For () three types of access control and authorisation management models were designed and implemented. These models, used by (), are based on four main access control approaches, namely attribute-, discretionary-, mandatory-, and role-based access control models. For efficiency and flexibility, each access control model can be used with an authorisation management model. () compiler, first validates and verifies all these models based on written transformation strategies and verifies them by translating them into logical satisfiability problems to check the models for correctness and completeness, and against independently defined coverage criteria. If the models pass these tests, the generator then compiles them down to the existing tiers of WebDSL, a domain specific Web programming language.
| Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:628795 |
| Date | January 2014 |
| Creators | Ghotbi, Seyed Hossein |
| Contributors | Fischer, Bernd |
| Publisher | University of Southampton |
| Source Sets | Ethos UK |
| Detected Language | English |
| Type | Electronic Thesis or Dissertation |
| Source | https://eprints.soton.ac.uk/369989/ |
Page generated in 0.0022 seconds