Abstract

This work describes a new technique for analysis of Java 2, Enterprise Edition (J2EE) applications. In such applications, Enterprise Java Beans (EJBs) are commonly used to encapsulate the core computations performed on Web servers. Access to EJBs is protected by application servers, according to role-based access control policies that may be created either at development or deployment time. These policies may prohibit some types of users from accessing specific EJB methods.We present a static technique for analyzing J2EE access control policies with respect to security-sensitive fields of EJBs and other server-side objects. Our technique uses points-to analysis to determine which object fields are accessed by which EJB methods, directly or indirectly. Based on this information, J2EE access control policies are analyzed to identify potential inconsistencies that may lead to security holes.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Analysis of ANSI RBAC Support in EJB
Wesam Darwish ... Konstantin Beznosov
International Journal of Secure Software Engineering | VOL. 2
Wesam Darwish, et. al.Wesam Darwish ... Konstantin Beznosov
01 Apr 2011
Using Session Beans
Sue Spielman ... James L. Weaver
-
Sue Spielman, et. al.Sue Spielman ... James L. Weaver
01 Jan 2004
J2EE Enterprise Messaging
Igor Livshin
-
Igor LivshinIgor Livshin
01 Jan 2003
A Comparison between EJB and COM+ Business Components, Case Study: Response Time and Scalability
Abedulhaq Abu-Kamel ... Raid Zaghal
-
Abedulhaq Abu-Kamel, et. al.Abedulhaq Abu-Kamel ... Raid Zaghal
01 Jan 2009
View more papers

More From: ACM SIGSOFT Software Engineering Notes

Paper Title
Journal
Date
Author
The Trailer of the ACM 2030 Roadmap for Software Engineering
Mauro Pezzè ... Ketai Qiu
ACM SIGSOFT Software Engineering Notes | VOL. 49
Mauro Pezzè, et. al.Mauro Pezzè ... Ketai Qiu
03 Oct 2024
SEA4DQ 2024 Workshop Summary
Tim Menzies ... Jieke Shi
ACM SIGSOFT Software Engineering Notes | VOL. 49
Tim Menzies, et. al.Tim Menzies ... Jieke Shi
03 Oct 2024
Can I Trust you? Ethics in AI
Ahmed El-Deeb
ACM SIGSOFT Software Engineering Notes | VOL. 49
Ahmed El-DeebAhmed El-Deeb
03 Oct 2024
7th International Workshop on Software-intensive Business (IWSiB 2024): Software-intensive Business in the Era of Generative Artificial Intelligence
Jorge Melegati ... Dimitri Petrik
ACM SIGSOFT Software Engineering Notes | VOL. 49
Jorge Melegati, et. al.Jorge Melegati ... Dimitri Petrik
03 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.