乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T13:16:26Z","timestamp":1648732586479},"reference-count":28,"publisher":"World Scientific Pub Co Pte Lt","issue":"05","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2021,5]]},"abstract":" The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems\u2019 resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems\u2019 access control policies may arise potential flaws that make applications\u2019 access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system. <\/jats:p>","DOI":"10.1142\/s0218194021500182","type":"journal-article","created":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T07:33:52Z","timestamp":1621841632000},"page":"655-675","source":"Crossref","is-referenced-by-count":0,"title":["VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications"],"prefix":"10.1142","volume":"31","author":[{"given":"Thanh-Nhan","family":"Luong","sequence":"first","affiliation":[{"name":"Haiphong University of Medicine and Pharmacy, 72A Nguyen Binh Khiem Street, Ngo Quyen, Hai Phong 180000, Vietnam"}]},{"given":"Hanh-Phuc","family":"Nguyen","sequence":"additional","affiliation":[{"name":"Vietnam Maritime University, 484 Lach Tray Street, Le Chan, Hai Phong 180000, Vietnam"}]},{"given":"Ninh-Thuan","family":"Truong","sequence":"additional","affiliation":[{"name":"University of Engineering and Technology, Vietnam National University, Hanoi, 144 Xuan Thuy, Cau Giay, Hanoi, Vietnam"}]}],"member":"219","published-online":{"date-parts":[[2021,5,21]]},"reference":[{"issue":"1","key":"S0218194021500182BIB001","first-page":"222","volume":"3","author":"Garg A.","year":"2013","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"key":"S0218194021500182BIB002","doi-asserted-by":"publisher","DOI":"10.1056\/NEJMp1707212"},{"key":"S0218194021500182BIB004","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"S0218194021500182BIB005","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"S0218194021500182BIB006","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45800-X_33"},{"key":"S0218194021500182BIB007","doi-asserted-by":"publisher","DOI":"10.1109\/ICSSA.2016.20"},{"key":"S0218194021500182BIB008","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.401"},{"key":"S0218194021500182BIB009","doi-asserted-by":"publisher","DOI":"10.1007\/s12927-019-0003-8"},{"key":"S0218194021500182BIB010","first-page":"53","volume":"3","author":"Boadu E. O.","year":"2014","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"S0218194021500182BIB011","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24559-6_19"},{"key":"S0218194021500182BIB012","first-page":"176","volume-title":"Int. Symp. Foundations of Health Informatics Engineering and Systems","author":"Qamar N.","year":"2012"},{"key":"S0218194021500182BIB013","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.05.011"},{"key":"S0218194021500182BIB015","doi-asserted-by":"publisher","DOI":"10.1109\/EDOC.2017.29"},{"key":"S0218194021500182BIB016","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.72"},{"key":"S0218194021500182BIB017","doi-asserted-by":"publisher","DOI":"10.1145\/1557626.1557643"},{"key":"S0218194021500182BIB018","doi-asserted-by":"publisher","DOI":"10.1109\/WSE.2012.6320525"},{"key":"S0218194021500182BIB019","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31753-8_9"},{"key":"S0218194021500182BIB020","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.98"},{"key":"S0218194021500182BIB021","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-56660-3_42"},{"key":"S0218194021500182BIB022","doi-asserted-by":"publisher","DOI":"10.1145\/1125808.1125810"},{"key":"S0218194021500182BIB023","first-page":"10","volume-title":"Proc. Int. Conf. e-Learning, e-Business, Enterprise Information Systems, and e-Government","author":"Principe M.","year":"2015"},{"key":"S0218194021500182BIB024","volume-title":"Web Application Architecture","author":"Shklar L.","year":"2009"},{"issue":"2","key":"S0218194021500182BIB025","first-page":"137","volume":"3","author":"Mane D.","year":"2013","journal-title":"Int. J. Innov. Technol. Explor. Eng."},{"key":"S0218194021500182BIB026","volume-title":"Spring Security 3","author":"Mularien P.","year":"2010"},{"key":"S0218194021500182BIB027","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4302-4819-4"},{"key":"S0218194021500182BIB028","doi-asserted-by":"publisher","DOI":"10.1109\/ICDIPC.2016.7470795"},{"key":"S0218194021500182BIB029","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2011.07.013"},{"key":"S0218194021500182BIB030","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75209-7_29"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194021500182","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T07:34:14Z","timestamp":1621841654000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/abs\/10.1142\/S0218194021500182"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5]]},"references-count":28,"journal-issue":{"issue":"05","published-print":{"date-parts":[[2021,5]]}},"alternative-id":["10.1142\/S0218194021500182"],"URL":"https:\/\/doi.org\/10.1142\/s0218194021500182","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"value":"0218-1940","type":"print"},{"value":"1793-6403","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5]]}}}