Zobrazeno 1 - 10
of 19
pro vyhledávání: '"Marc-André Laverdière"'
Publikováno v:
Information and Software Technology. 139:106630
Abstract: Web applications often use Role-Based Access Control (RBAC) to restrict operations and protect security sensitive information and resources. Context: Web applications’ RBAC security may be affected by source code changes between releases.
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::f923dea50e234d4547faa91a299526a4
https://doi.org/10.1016/j.infsof.2021.106630
https://doi.org/10.1016/j.infsof.2021.106630
Autor:
Marc-André Laverdière, Ettore Merlo
Publikováno v:
SANER
Role-Based Access Control (RBAC) is often used in web applications to restrict operations and protect security sensitive information and resources. Web applications regularly undergo maintenance and evolution and their security may be affected by sou
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::23ca4d17af197ed9cf3a50aa14eb2e68
https://doi.org/10.1109/saner.2018.8330230
https://doi.org/10.1109/saner.2018.8330230
Autor:
Ettore Merlo, Marc-André Laverdière
Publikováno v:
PST
Role-Based Access Control (RBAC) is commonly used in web applications to protect information and restrict operations. Their security may be affected by source code changes between releases in unexpected ways. To prevent regression and vulnerabilities
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::78b2804860cab356815341cf3fc735d2
https://doi.org/10.1109/pst.2017.00048
https://doi.org/10.1109/pst.2017.00048
Autor:
Marc-André Laverdière, Ettore Merlo
Publikováno v:
SANER
Role-Based Access Control (RBAC) is commonly used in web applications to protect information and restrict operations. Code changes may affect the security of the application and need to be validated, in order to avoid security vulnerabilities, which
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::afaa9c27a43de981a681628fa89ad5f4
https://doi.org/10.1109/saner.2017.7884625
https://doi.org/10.1109/saner.2017.7884625
Publikováno v:
Computers & Security. 28:341-358
In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program's co
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::c4b4e9157b312e572527f74f57e0c24d
https://doi.org/10.1016/j.cose.2009.02.003
https://doi.org/10.1016/j.cose.2009.02.003
Publikováno v:
Techniques et sciences informatiques. 28:611-644
In this pauper, we present two new pointcuts and two new primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::02399397546f8d3fe79282ddfcf2f15f
https://doi.org/10.3166/tsi.28.611-644
https://doi.org/10.3166/tsi.28.611-644
Publikováno v:
Information Security Journal: A Global Perspective. 17:56-74
In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::3a8a8b8af5450efe55be5634abaf58cd
https://doi.org/10.1080/19393550801911230
https://doi.org/10.1080/19393550801911230
Publikováno v:
Computers & Security. 27:101-114
In this paper, we present an aspect-oriented approach for the systematic security hardening of source code. It aims at allowing developers to perform software security hardening by providing an abstraction over the actions required to improve the sec
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::e17fbcd5c9e553da57cda4b4645adc7e
https://doi.org/10.1016/j.cose.2008.04.003
https://doi.org/10.1016/j.cose.2008.04.003
Publikováno v:
SANER
We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS sta
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::a6b8bee48e8ba0e7459a7aac1827a7e3
https://doi.org/10.1109/saner.2015.7081882
https://doi.org/10.1109/saner.2015.7081882
Publikováno v:
SOAP@PLDI
One of the first activities of the Soot program analysis framework is to load the classes for analysis. With the current class loader, more classes are loaded than necessary. The overhead in memory of these classes can make whole-program analysis of
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::df8192829c02ea72a4ea4c1ec61eab79
https://doi.org/10.1145/2487568.2487573
https://doi.org/10.1145/2487568.2487573