Automated reverse engineering of role-based access control policies of web applications

[1]  F. Lonetti,et al.  Continuous Development and Testing of Access and Usage Control: A Systematic Literature Review , 2020, ESSE.

[2]  Francesca Lonetti,et al.  XACMET: XACML Testing & Modeling , 2020, Software Quality Journal.

[3]  Scott D. Stoller,et al.  Greedy and evolutionary algorithms for mining relationship-based access control policies , 2019, Comput. Secur..

[4]  Dianxiang Xu,et al.  Automated Coverage-Based Testing of XACML Policies , 2018, SACMAT.

[5]  Amirreza Masoumzadeh,et al.  Mining Positive and Negative Attribute-Based Access Control Policy Rules , 2018, SACMAT.

[6]  Francesca Lonetti,et al.  An Automated Model-Based Test Oracle for Access Control Systems , 2018, 2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST).

[7]  Sarah Smith Heckman,et al.  10+ Years of Teaching Software Engineering with iTrust: The Good, the Bad, and the Ugly , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET).

[8]  David A. Basin,et al.  Mining ABAC Rules from Sparse Logs , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[9]  Scott D. Stoller,et al.  Mining Relationship-Based Access Control Policies , 2017, SACMAT.

[10]  Lionel C. Briand,et al.  ReACP: A Semi-Automated Framework for Reverse-engineering and Testing of Access Control Policies of Web Applications , 2016 .

[11]  Dianxiang Xu,et al.  Automated Fault Localization of XACML Policies , 2016, SACMAT.

[12]  Francesca Lonetti,et al.  Testing access control policies against intended access rights , 2016, SAC.

[13]  Lionel C. Briand,et al.  A Model-driven Approach to Representing and Checking RBAC Contextual Policies , 2016, CODASPY.

[14]  Lionel C. Briand,et al.  A comprehensive modeling framework for role-based access control policies , 2015, J. Syst. Softw..

[15]  Myra B. Cohen,et al.  Practical Combinatorial Interaction Testing: Empirical Findings on Efficiency and Early Fault Detection , 2015, IEEE Transactions on Software Engineering.

[16]  Dianxiang Xu,et al.  Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets , 2015, IEEE Transactions on Computers.

[17]  Lionel C. Briand,et al.  Automated Inference of Access Control Policies for Web Applications , 2015, SACMAT.

[18]  Myra B. Cohen,et al.  Learning Combinatorial Interaction Test Generation Strategies Using Hyperheuristic Search , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[19]  Eric Medvet,et al.  Evolutionary Inference of Attribute-Based Access Control Policies , 2015, EMO.

[20]  Francesca Lonetti,et al.  Similarity testing for access control , 2015, Inf. Softw. Technol..

[21]  Scott D. Stoller,et al.  Mining Attribute-Based Access Control Policies , 2013, IEEE Transactions on Dependable and Secure Computing.

[22]  Eleni Stroulia,et al.  Supporting Maintenance and Evolution of Access Control Models in Web Applications , 2014, 2014 IEEE International Conference on Software Maintenance and Evolution.

[23]  Jacques Klein,et al.  Bypassing the Combinatorial Explosion: Using Similarity to Generate and Prioritize T-Wise Test Configurations for Software Product Lines , 2014, IEEE Transactions on Software Engineering.

[24]  David L. Dowe,et al.  Two decades of Web application testing - A survey of recent advances , 2014, Inf. Syst..

[25]  Scott D. Stoller,et al.  Mining Attribute-Based Access Control Policies from Logs , 2014, DBSec.

[26]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[27]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[28]  Laurie A. Williams,et al.  Access Control Policy Extraction from Unconstrained Natural Language Text , 2013, 2013 International Conference on Social Computing.

[29]  Vitaly Shmatikov,et al.  Fix Me Up: Repairing Access-Control Bugs in Web Applications , 2013, NDSS.

[30]  Tao Xie,et al.  Automated extraction of security policies from natural-language software documents , 2012, SIGSOFT FSE.

[31]  James R. Cordy,et al.  Recovering Role-Based Access Control Security Models from Dynamic Web Applications , 2012, ICWE.

[32]  Ian Molloy,et al.  Generative models for access control policies: applications to role mining over logs with attribution , 2012, SACMAT '12.

[33]  Dianxiang Xu,et al.  A model-based approach to automated testing of access control policies , 2012, SACMAT '12.

[34]  Vitaly Shmatikov,et al.  RoleCast: finding missing security checks when you do not know what checks are , 2011, OOPSLA '11.

[35]  George Noseevich,et al.  Detecting Insufficient Access Control in Web Applications , 2011, 2011 First SysSec Workshop.

[36]  Yoonsik Cheon,et al.  PWiseGen: Generating test cases for pairwise testing using genetic algorithms , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[37]  Vitaly Shmatikov,et al.  A security policy oracle: detecting security holes using multiple API implementations , 2011, PLDI '11.

[38]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[39]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[40]  Tao Xie,et al.  Policy-Based Testing , 2010, Encyclopedia of Software Engineering.

[41]  Christopher Olston,et al.  Web Crawling , 2010, Found. Trends Inf. Retr..

[42]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[43]  James R. Cordy,et al.  Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications , 2009, 2009 International Conference on Software Testing, Verification, and Validation Workshops.

[44]  Yves Le Traon,et al.  Model-Based Tests for Access Control Policies , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[45]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[46]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[47]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[48]  Jun Yan,et al.  Backtracking Algorithms and Search Heuristics to Generate Test Suites for Combinatorial Testing , 2006, 30th Annual International Computer Software and Applications Conference (COMPSAC'06).

[49]  Tao Xie,et al.  Inferring access-control policy properties via machine learning , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[50]  Gregg Rothermel,et al.  Leveraging user-session data to support Web application testing , 2005, IEEE Transactions on Software Engineering.

[51]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[52]  David Wong,et al.  Hacking Exposed Web Applications: Web Application Security Secrets & Solutions , 2002 .

[53]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[54]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[55]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[56]  Jadzia Cendrowska,et al.  PRISM: An Algorithm for Inducing Modular Rules , 1987, Int. J. Man Mach. Stud..

[57]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .