Re-designing the web's access control system (Extended abstract)

Wenliang Du, Xi Tan, Tongbo Luo, Karthick Jayaraman, Zutao Zhu

Research output: Chapter in Book/Entry/PoemConference contribution


The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-the Web has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings
Number of pages8
StatePublished - 2011
Event25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 - Richmond, VA, United States
Duration: Jul 11 2011Jul 13 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6818 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011
Country/TerritoryUnited States
CityRichmond, VA


  • access control model
  • web security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Re-designing the web's access control system (Extended abstract)'. Together they form a unique fingerprint.

Cite this