SCUTA: A server-side access control system for web applications

Xi Tan, Wenliang Du, Tongbo Luo, Karthick D. Soundararaj

Research output: Chapter in Book/Entry/PoemConference contribution

2 Scopus citations

Abstract

The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. Unfortunately, its importance makes it the preferred target of attacks. Web-based vulnerabilities now outnumber traditional computer security concerns. A recent study shows that over 80 percent of web sites have had at least one serious vulnerability. We believe that the Web's problems, to a large degree, are caused by the inadequacy of its underlying access control systems. To reduce the number of vulnerabilities, it is essential to provide web applications with better access control models that can adequately address the protection needs of the current Web. As a part of the efforts to develop a better access control system for the Web, we focus on the server-side access control in this paper. We introduce a new concept called subsession, based on which, we have developed a ring-based access control system (called Scuta) for web servers. Scuta provides a fine-grained and backward-compatible access control mechanism for web applications. We have implemented Scuta in PHP, and have conducted comprehensive case studies to evaluate its benefits.

Original languageEnglish (US)
Title of host publicationSACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pages71-82
Number of pages12
DOIs
StatePublished - 2012
Event17th ACM Symposium on Access Control Models and Technologies, SACMAT'12 - Newark, NJ, United States
Duration: Jun 20 2012Jun 22 2012

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
Country/TerritoryUnited States
CityNewark, NJ
Period6/20/126/22/12

Keywords

  • Server-side access control
  • Web security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint

Dive into the research topics of 'SCUTA: A server-side access control system for web applications'. Together they form a unique fingerprint.

Cite this