Web Access Control Research Articles

Dependable and Non-Dependable Multi-Authentication Access Constraints to Regulate Third-Party Libraries and Plug-Ins across Platforms

This article discusses the importance of cross-platform UX/UI designs and frameworks and their effectiveness in building web applications and websites. Third-party libraries (TPL) and plug-ins are also emphasized, as they can help developers quickly build and compose applications. However, using these libraries can also pose security risks, as a vulnerability in any library can compromise an entire server and customer data. The paper proposes using multi-authentication with specific parameters to analyze third-party applications and libraries used in cross-platform development. Based on multi-authentication, the proposed model will make setting up web desensitization methods and access control parameters easier. The study also uses various end-user and client-based decision-making indicators, supporting factors, and data metrics to help make accurate decisions about avoiding and blocking unwanted libraries and plug-ins. The research is based on experimentation with five web environments using specific parameters, affecting factors, and supporting data matrices.

Extended grounded theory: a methodology to combine multiple disciplines

Grounded theory (GT), a widespread qualitative research methodology, has been introduced to generate a theory from data that is gathered from one discipline. However, in many studies, we are required to involve multiple disciplines and generate a theory that explains a multidisciplinary phenomenon and incorporate combined concepts. The combined concept is either a generalized concept from one of the disciplines or a new abstract concept that can satisfy the properties of multiple disciplines. The GT coding phases are not able to extract these combined concepts. In this paper, an extended GT has been proposed. The proposed method can operate over multiple disciplines and extract their corresponding combined concepts. The proposed extended grounded theory (EGT) uses ontology matching and merging methods to merge the extracted concepts and proposes two new coding phases; namely “Description” and “Combination” phases. These phases overcome the challenge of describing combined concepts, the large number of concept dependencies, and the propagation of the description changes from one concept to other concepts. As a use case, the proposed methodology has been implemented over two disciplines of “Web Security” and “Computation over Encrypted Data” and resulted in the unified theory of “Developing Secure Web Applications over Encrypted Data.” This unified theory includes combined concepts such as Web Access Control over encrypted data and Operation of middle-boxes over encrypted data. In addition, EGT has been able to discover new combined concepts that were undefined previously in each of the two disciplines (e.g. XSS prevention with searchable encryption). As a second case study, EGT has been implemented over two disciplines of “Healthcare” and “Data Science” to generate a unified theory that explains the multidisciplinary phenomenon of “Privacy Preservation of Cloud based Health Data”. In addition to a unified theory, EGT generates a conceptual framework of the combined and new concepts that can be used for requirement elicitation and analysis. Furthermore, the researcher can use the concepts’ relationships to suggest a set of best-fit solutions to the elicited requirements.

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

Probable Defense Representation for Session Transfer and Network Services Using OTP

Internet network security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programming practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

Anticipated Security Model for Session Transfer and Services Using OTP

Internet security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programing practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

Analyzing XACML policies using answer set programming

With the tremendous growth of Web applications and services, eXtensible Access Control Markup Language (XACML) has been broadly adopted to specify Web access control policies. However, when the policies are large or defined by multiple authorities, it has proved difficult to analyze errors and vulnerabilities in a manual fashion. Recent advances in the answer set programming (ASP) paradigm have provided a powerful problem-solving formalism that is capable of dealing with policy verification. In this paper, we employ ASP to analyze various properties of XACML policies. To this end, we first propose a structured mechanism to translate a XACML policy into an ASP program. Then, we leverage the features of off-the-shelf ASP solvers to specify and verify a wide range of properties of a XACML policy, including redundancy, conflicts, refinement, completeness, reachability, and usefulness. We present an empirical evaluation of the effectiveness and efficiency of a policy analysis tool implemented on top of the Clingo ASP solver. The evaluation results show that our approach is computationally more efficient compared with existing approaches.

A Multifunctional Brain-Computer Interface Intended for Home Use: An Evaluation with Healthy Participants and Potential End Users with Dry and Gel-Based Electrodes.

Current brain-computer interface (BCIs) software is often tailored to the needs of scientists and technicians and therefore complex to allow for versatile use. To facilitate home use of BCIs a multifunctional P300 BCI with a graphical user interface intended for non-expert set-up and control was designed and implemented. The system includes applications for spelling, web access, entertainment, artistic expression and environmental control. In addition to new software, it also includes new hardware for the recording of electroencephalogram (EEG) signals. The EEG system consists of a small and wireless amplifier attached to a cap that can be equipped with gel-based or dry contact electrodes. The system was systematically evaluated with a healthy sample, and targeted end users of BCI technology, i.e., people with a varying degree of motor impairment tested the BCI in a series of individual case studies. Usability was assessed in terms of effectiveness, efficiency and satisfaction. Feedback of users was gathered with structured questionnaires. Two groups of healthy participants completed an experimental protocol with the gel-based and the dry contact electrodes (N = 10 each). The results demonstrated that all healthy participants gained control over the system and achieved satisfactory to high accuracies with both gel-based and dry electrodes (average error rates of 6 and 13%). Average satisfaction ratings were high, but certain aspects of the system such as the wearing comfort of the dry electrodes and design of the cap, and speed (in both groups) were criticized by some participants. Six potential end users tested the system during supervised sessions. The achieved accuracies varied greatly from no control to high control with accuracies comparable to that of healthy volunteers. Satisfaction ratings of the two end-users that gained control of the system were lower as compared to healthy participants. The advantages and disadvantages of the BCI and its applications are discussed and suggestions are presented for improvements to pave the way for user friendly BCIs intended to be used as assistive technology by persons with severe paralysis.

Retraction notice

Retraction notice

Research of Manufacturing Enterprise Informatization Based on SSO

In this thesis, it describes the login mode and the process of Single Sign-On and, by giving two enterprise solutions of Web Access Control and Identity Server, compares the advantages and disadvantages of their processing mode, flow and technical architecture.

Discovery and Resolution of Anomalies in Web Access Control Policies

Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice

Retraction notice