Por favor, use este identificador para citar o enlazar este ítem:
http://hdl.handle.net/10609/93050
Registro completo de metadatos
| Campo DC | Valor | Lengua/Idioma |
|---|---|---|
| dc.contributor.author | Martínez Pérez, Salvador | - |
| dc.contributor.author | Cosentino, Valerio | - |
| dc.contributor.author | Cabot, Jordi | - |
| dc.contributor.other | AtlanMod | - |
| dc.contributor.other | Universitat Oberta de Catalunya (UOC) | - |
| dc.date.accessioned | 2019-04-11T07:53:56Z | - |
| dc.date.available | 2019-04-11T07:53:56Z | - |
| dc.date.issued | 2017-09-01 | - |
| dc.identifier.citation | Martínez Pérez, S., Cosentino, V. & Cabot Sagrera, J. (2017). Model-based analysis of Java EE web security misconfigurations. Computer Languages, Systems and Structures, 49(), 36-61. doi: 10.1016/j.cl.2017.02.001 | - |
| dc.identifier.issn | 1477-8424MIAR | - |
| dc.identifier.uri | http://hdl.handle.net/10609/93050 | - |
| dc.description.abstract | The Java EE framework, a popular technology of choice for the development of web applications, provides developers with the means to define access-control policies to protect application resources from unauthorized disclosures and manipulations. Unfortunately, the definition and manipulation of such security policies remains a complex and error prone task, requiring expert-level knowledge on the syntax and semantics of the Java EE access-control mechanisms. Thus, misconfigurations that may lead to unintentional security and/or availability problems can be easily introduced. In response to this problem, we present a (model-based) reverse engineering approach that automatically evaluates a set of security properties on reverse engineered Java EE security configurations, helping to detect the presence of anomalies. We evaluate the efficacy and pertinence of our approach by applying our prototype tool on a sample of real Java EE applications extracted from GitHub. | en |
| dc.language.iso | eng | - |
| dc.publisher | Computer Languages, Systems and Structures | - |
| dc.relation.ispartof | Computer Languages, Systems and Structures, 2017, 49() | - |
| dc.relation.uri | https://doi.org/10.1016/j.cl.2017.02.001 | - |
| dc.rights | CC BY-NC-ND | - |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/es/ | - |
| dc.subject | reverse engineering | en |
| dc.subject | model driven engineering | en |
| dc.subject | ingeniería dirigida por modelos | es |
| dc.subject | enginyeria dirigida per models | ca |
| dc.subject | security | en |
| dc.subject | seguridad | es |
| dc.subject | seguretat | ca |
| dc.subject | ingeniería inversa | es |
| dc.subject | enginyeria inversa | ca |
| dc.subject.lcsh | Web applications | en |
| dc.title | Model-based analysis of Java EE web security misconfigurations | - |
| dc.type | info:eu-repo/semantics/article | - |
| dc.subject.lemac | Aplicacions web | ca |
| dc.subject.lcshes | Aplicaciones web | es |
| dc.rights.accessRights | info:eu-repo/semantics/openAccess | - |
| dc.identifier.doi | 10.1016/j.cl.2017.02.001 | - |
| dc.gir.id | AR/0000005525 | - |
| dc.type.version | info:eu-repo/semantics/submittedVersion | - |
| Aparece en las colecciones: | Articles cientÍfics Articles | |
Ficheros en este ítem:
| Fichero | Descripción | Tamaño | Formato | |
|---|---|---|---|---|
| javaEE.pdf | Preprint | 440,09 kB | Adobe PDF |  Visualizar/Abrir |
Comparte:
Google Scholar
Microsoft Academic
Los ítems del Repositorio están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.