论文信息 - Advanced Protection of Workflow Sessions with SEWebSession

Advanced Protection of Workflow Sessions with SEWebSession

This paper presents Secure Enhanced Web Session providing an advanced protection of the Web sessions required in the Workflow environments. SEWebSession provides mandatory access control to the session state since the proposed policy is outside the scope of the Workflow developers and participants. Our MAC approach authorises various confidentiality and integrity properties for the session state. SEWebSession controls a session state whether it is maintained in the memory of the Web server, a dedicated server or a SQL Database. The protection rules can be reused from one platform to another one. SEWebSession has been successfully integrated within an industrial Workflow environment running on Windows platforms. The experimentations show the efficiency of SEWebSession for protecting Microsoft Windows/IIS platforms. However, SEWebSession can be easily ported within Linux/ Apache platforms.

[1] Ninghui Li,et al. DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[2] Stephen Smalley,et al. Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[3] Lutz Lowis,et al. Vulnerability Analysis in SOA-Based Business Processes , 2011, IEEE Transactions on Services Computing.

[4] Jonathan Rouzaud-Cornabas,et al. MAC protection of the OpenNebula Cloud environment , 2012, 2012 International Conference on High Performance Computing & Simulation (HPCS).

[5] Rasool Esmaeily Fard,et al. DYNAMIC WORKFLOW MANAGEMENT BASED ON POLICY-ENABLED AUTHORIZATION , 2009 .

[6] Hiroshi Inamura,et al. Dynamic test input generation for web applications , 2008, ISSTA '08.

[7] Trent Jaeger,et al. An architecture for enforcing end-to-end access control over web applications , 2010, SACMAT '10.

[8] Bhavani M. Thuraisingham,et al. ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[9] Ye Wu,et al. Modeling and Testing Web-based Applications , 2002 .

[10] Ben Adida,et al. Sessionlock: securing web sessions against eavesdropping , 2008, WWW.

[11] Akhil Kumar,et al. DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[12] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.