Re-designing the web's access control system (Extended abstract)

Wenliang Du; Xi Tan; Tongbo Luo; Karthick Jayaraman; Zutao Zhu

doi:10.1007/978-3-642-22348-8_2

Re-designing the web's access control system (Extended abstract)

Wenliang Du, Xi Tan, Tongbo Luo, Karthick Jayaraman, Zutao Zhu

Department of Electrical Engineering & Computer Science

Research output: Chapter in Book/Entry/Poem › Conference contribution

Abstract

The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-the Web has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.

Original language	English (US)
Title of host publication	Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings
Pages	4-11
Number of pages	8
DOIs	https://doi.org/10.1007/978-3-642-22348-8_2
State	Published - 2011
Event	25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 - Richmond, VA, United States Duration: Jul 11 2011 → Jul 13 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6818 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011
Country/Territory	United States
City	Richmond, VA
Period	7/11/11 → 7/13/11

Keywords

access control model
web security

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-22348-8_2

Cite this

Du, W., Tan, X., Luo, T., Jayaraman, K., & Zhu, Z. (2011). Re-designing the web's access control system (Extended abstract). In Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings (pp. 4-11). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6818 LNCS). https://doi.org/10.1007/978-3-642-22348-8_2

Re-designing the web's access control system (Extended abstract). / Du, Wenliang; Tan, Xi; Luo, Tongbo et al.
Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. p. 4-11 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6818 LNCS).

Research output: Chapter in Book/Entry/Poem › Conference contribution

Du, W, Tan, X, Luo, T, Jayaraman, K & Zhu, Z 2011, Re-designing the web's access control system (Extended abstract). in Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6818 LNCS, pp. 4-11, 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011, Richmond, VA, United States, 7/11/11. https://doi.org/10.1007/978-3-642-22348-8_2

Du W, Tan X, Luo T, Jayaraman K, Zhu Z. Re-designing the web's access control system (Extended abstract). In Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. p. 4-11. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-22348-8_2

Du, Wenliang ; Tan, Xi ; Luo, Tongbo et al. / Re-designing the web's access control system (Extended abstract). Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. pp. 4-11 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{90eeedd25db14c0e834fbb88d8df2d86,

title = "Re-designing the web's access control system (Extended abstract)",

abstract = "The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-the Web has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.",

keywords = "access control model, web security",

author = "Wenliang Du and Xi Tan and Tongbo Luo and Karthick Jayaraman and Zutao Zhu",

note = "Funding Information: This work was supported by Award No. 1017771 from the US National Science Foundation.; 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 ; Conference date: 11-07-2011 Through 13-07-2011",

year = "2011",

doi = "10.1007/978-3-642-22348-8_2",

language = "English (US)",

isbn = "9783642223471",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "4--11",

booktitle = "Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings",

}

TY - GEN

T1 - Re-designing the web's access control system (Extended abstract)

AU - Du, Wenliang

AU - Tan, Xi

AU - Luo, Tongbo

AU - Jayaraman, Karthick

AU - Zhu, Zutao

N1 - Funding Information: This work was supported by Award No. 1017771 from the US National Science Foundation.

PY - 2011

Y1 - 2011

N2 - The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-the Web has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.

AB - The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-the Web has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.

KW - access control model

KW - web security

UR - http://www.scopus.com/inward/record.url?scp=79960258664&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960258664&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-22348-8_2

DO - 10.1007/978-3-642-22348-8_2

M3 - Conference contribution

AN - SCOPUS:79960258664

SN - 9783642223471

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 4

EP - 11

BT - Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings

T2 - 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011

Y2 - 11 July 2011 through 13 July 2011

ER -

Re-designing the web's access control system (Extended abstract)

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this