{"title":"基于角色的Web应用程序访问控制建模和测试","authors":"Bo Song, Shengbo Chen","doi":"10.1109/WCSE.2012.19","DOIUrl":null,"url":null,"abstract":"Web applications are widely used in people's everyday life. They have permeated financial sectors, banking sectors, e-business and online shopping. Usually, different users have different permissions on these applications. Additionally, role-based access control (RBAC) mechanisms have been wildly integrated into web applications. The security and correctness of web applications are the most fundamental, crucial aspects to the success of business and organizations. In existing research work on modeling of RBAC, the user's roles and permissions are fixed and static, and do not consider that with the evolution and running of the system, the roles and permissions are dynamic. To the best of our knowledge, research work on role-based access control modeling and testing for web application has been seldom done. In this paper, taking the dynamic feature of roles and permissions into account, we propose an approach to modeling and testing web applications with role-based access control. We give out an algorithm to capture and compute the dynamicity of roles and permissions in running time. The FSM is employed to model the behavior of web applications, and then the augmented FSM (AFSM) is plied as a tool to model role-based access control. Finally, using the construction algorithm, the tests are generated automatically which satisfy the corresponding test coverage criteria.","PeriodicalId":244586,"journal":{"name":"2012 Third World Congress on Software Engineering","volume":"244 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Roles-based Access Control Modeling and Testing for Web Applications\",\"authors\":\"Bo Song, Shengbo Chen\",\"doi\":\"10.1109/WCSE.2012.19\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web applications are widely used in people's everyday life. They have permeated financial sectors, banking sectors, e-business and online shopping. Usually, different users have different permissions on these applications. Additionally, role-based access control (RBAC) mechanisms have been wildly integrated into web applications. The security and correctness of web applications are the most fundamental, crucial aspects to the success of business and organizations. In existing research work on modeling of RBAC, the user's roles and permissions are fixed and static, and do not consider that with the evolution and running of the system, the roles and permissions are dynamic. To the best of our knowledge, research work on role-based access control modeling and testing for web application has been seldom done. In this paper, taking the dynamic feature of roles and permissions into account, we propose an approach to modeling and testing web applications with role-based access control. We give out an algorithm to capture and compute the dynamicity of roles and permissions in running time. The FSM is employed to model the behavior of web applications, and then the augmented FSM (AFSM) is plied as a tool to model role-based access control. Finally, using the construction algorithm, the tests are generated automatically which satisfy the corresponding test coverage criteria.\",\"PeriodicalId\":244586,\"journal\":{\"name\":\"2012 Third World Congress on Software Engineering\",\"volume\":\"244 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Third World Congress on Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WCSE.2012.19\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Third World Congress on Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCSE.2012.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Roles-based Access Control Modeling and Testing for Web Applications
Web applications are widely used in people's everyday life. They have permeated financial sectors, banking sectors, e-business and online shopping. Usually, different users have different permissions on these applications. Additionally, role-based access control (RBAC) mechanisms have been wildly integrated into web applications. The security and correctness of web applications are the most fundamental, crucial aspects to the success of business and organizations. In existing research work on modeling of RBAC, the user's roles and permissions are fixed and static, and do not consider that with the evolution and running of the system, the roles and permissions are dynamic. To the best of our knowledge, research work on role-based access control modeling and testing for web application has been seldom done. In this paper, taking the dynamic feature of roles and permissions into account, we propose an approach to modeling and testing web applications with role-based access control. We give out an algorithm to capture and compute the dynamicity of roles and permissions in running time. The FSM is employed to model the behavior of web applications, and then the augmented FSM (AFSM) is plied as a tool to model role-based access control. Finally, using the construction algorithm, the tests are generated automatically which satisfy the corresponding test coverage criteria.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
