Security models for web-based applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Security models for web-based applications

Full text

Html (38 KB), Pdf

Pdf (112 KB)

Source

Communications of the ACM archive
Volume 44 , Issue 2 (February 2001) table of contents

Pages: 38 - 44

Year of Publication: 2001

ISSN:0001-0782

Authors

James B. D. Joshi	Purdue Univ., West Lafayette, IN
Walid G. Aref	Purdue Univ., West Lafayette, IN
Arif Ghafoor	Purdue Univ., West Lafayette, IN
Eugene H. Spafford	Purdue Univ., West Lafayette, IN

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 92, Downloads (12 Months): 893, Citation Count: 30

Additional Information:

appendices and supplements references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/359205.359224 What is a DOI?

APPENDICES and SUPPLEMENTS

p38-joshi.jp.pdf (91 KB),

Japanese CACM Collection

Requires Asian Language Support in Adobe Reader And Japanese Language Support in your Browser

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999 [doi>10.1145/300830.300837]
	2	Elisa Bertino , Elena Pagani , Gian Paolo Rossi , Pierangela Samarati, Protecting information on the Web, Communications of the ACM, v.43 n.11es, Nov. 2000 [doi>10.1145/352515.352518]
	3	David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999 [doi>10.1145/300830.300834]
	4	Simson Garfinkel , Gene Spafford, Web security & commerce, O'Reilly & Associates, Inc., Sebastopol, CA, 1997
	5	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976 [doi>10.1145/360303.360333]
	6	Richard Power , Rik Farrow, Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace, Macmillan Press Ltd., Basingstoke, UK, 2000
	7	Proceedings of The Fifth ACM Workshop on Role-based Access Control. Berlin, Germany, Jul. 2000.
	8	Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993 [doi>10.1109/2.241422]
	9	Zahir Tari , Shun-Wu Chan, A Role-Based Access Control for Intranet Security, IEEE Internet Computing, v.1 n.5, p.24-34, September 1997 [doi>10.1109/4236.623965]
	10	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	11	Wing, P. and O'Higgins, B. Using public-key infrastructure for security and risk management. IEEE Communications Magazine, (Sept. 1999), 71-73.

CITED BY 30

	James B. D. Joshi , Basit Shafiq , Arif Ghafoor , Elisa Bertino, Dependencies and separation of duty constraints in GTRBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Victoria Ungureanu, An agreement centric access control mechanism for business to business e-commerce, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001
	Sejong Oh , Ravi Sandhu, A model for role administration using organization structure, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Greg Cooper, ACM fellow profile: Eugene H. Spafford, ACM SIGSOFT Software Engineering Notes, v.26 n.4, July 2001
	Mark Evered, Bracket capabilities for distributed systems security, Australian Computer Science Communications, v.24 n.1, p.51-58, January-February 2002
	Patrick C. K. Hung , Kamalakar Karlapalem, A secure workflow model, Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003, p.33-41, February 01, 2003, Adelaide, Australia
	Yao-Wen Huang , Shih-Kun Huang , Tsung-Po Lin , Chung-Hung Tsai, Web application security assessment by fault injection and behavior monitoring, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary
	Edgar Weippl , Wolfgang Essmayr, Personal trusted devices for web services: revisiting multilevel security, Mobile Networks and Applications, v.8 n.2, p.151-157, April 2003
	Iliya K. Georgiev , Ivo I. Georgiev, A security model for distributed computing, Journal of Computing Sciences in Colleges, v.17 n.1, p.178-186, October 2001
	Sejong Oh , Seog Park, Task-role-based access control model, Information Systems, v.28 n.6, p.533-562, September 2003
	Mark Evered, Opsis: a distributed object architecture based on bracket capabilities, Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications, February 01, 2002, Sydney, Australia
	In Lee, An e-channel development framework for hybrid e-retailers, Managing e-commerce and mobile computing technologies, Idea Group Publishing, Hershey, PA, 2003
	Eric Jui-Lin Lu , Rai-Fu Chen, Design and implementation of a fine-grained menu control processor for web-based information systems, Future Generation Computer Systems, v.19 n.7, p.1105-1119, October 2003
	Ildemaro Araujo , Iván Araujo, Developing trust in internet commerce, Proceedings of the 2003 conference of the Centre for Advanced Studies on Collaborative research, p.1-15, October 06-09, 2003, Toronto, Ontario, Canada
	Hristo Koshutanski , Fabio Massacci, An access control framework for business processes for web services, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Fariborz Farahmand , Shamkant B. Navathe , Gunter P. Sharp , Philip H. Enslow, A Management Perspective on Risk of Security Threats to Information Systems, Information Technology and Management, v.6 n.2-3, p.203-225, April 2005
	Rafae Bhatti , Elisa Bertino , Arif Ghafoor , James B. D. Joshi, XML-Based Specification for Web Services Document Security, Computer, v.37 n.4, p.41-49, April 2004
	Vijay V. Raghavan, Toward an integrative model of application-software security, Practicing software engineering in the 21st century, Idea Group Publishing, Hershey, PA, 2003
	Yao-Wen Huang , Chung-Hung Tsai , Tsung-Po Lin , Shih-Kun Huang , D. T. Lee , Sy-Yen Kuo, A testing framework for Web application security assessment, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.48 n.5, p.739-761, 5 August 2005
	James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005
	Siqing Du , James B. D. Joshi, Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Sejong Oh , Ravi Sandhu , Xinwen Zhang, An effective role administration model using organization structure, ACM Transactions on Information and System Security (TISSEC), v.9 n.2, p.113-137, May 2006
	James B. D. Joshi , Elisa Bertino, Fine-grained role-based delegation in presence of the hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Arif Ghafoor, Distributed multimedia information systems: an end-to-end perspective, Multimedia Tools and Applications, v.33 n.1, p.31-56, April 2007
	James B. D. Joshi , Elisa Bertino , Arif Ghafoor , Yue Zhang, Formal foundations for hybrid hierarchies in GTRBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-39, January 2008
	Indranil Bose , Alvin Chung Man Leung, Assessing anti-phishing preparedness: A study of online banks in Hong Kong, Decision Support Systems, v.45 n.4, p.897-912, November, 2008
	Qurban Memon , Shakil Akhtar , Alaa A. Aly, Role management in adhoc networks, Proceedings of the 2007 spring simulaiton multiconference, March 25-29, 2007, Norfolk, Virginia
	Ioannis Mavridis , Andreas Mattas , Ioannis Pagkalos , Isabella Kotini , Christos Ilioudis, Supporting dynamic administration of RBAC in web-based collaborative applications during run-time, International Journal of Information and Computer Security, v.2 n.4, p.328-352, January 2009
	Matthew M. North , Max M. North , Sarah M. North, Security from the bottom-up: compliance regulations and the trend toward design-oriented web applications, Journal of Computing Sciences in Colleges, v.24 n.4, April 2009