Wrappers - A Mechanism to Support State-based Authorisation in Web Applications

Martin S Olivier & Ehud Gudes

2001

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

MS Olivier and E Gudes, "Wrappers - a mechanism to support state-based authorisation in Web applications," in B Thuraisingham, RP van de Riet, KR Dittrich and Z Tari (eds), Data and Applications Security - Developments and Directions, 149-160, Kluwer, 2001

Note that this paper also appeared as a journal paper.

Abstract

The first premise of this paper is that security should ultimately be associated with an application because application semantics have a direct influence on proper protection. The second premise is that applications are generally too complex to be trusted to implement security as specified by the given security policy. These problems are aggravated if the application operates over normal time and space constraints: The best example of such applications is workflow systems where various actors - possibly from multiple organisations - interact on long transactions to complete a given task.

The solution presented in this paper is an approach referred to as wrappers: a wrapper is a simple program that has enough knowledge about a specific application's potential states and the actions that are permissible in each state. Using this knowledge, it is able to filter requests that should not reach an application at a given point. It is important to note that wrappers are not intended to subsume the security functionality of an application, but serve as an additional check.

The paper presents its concepts in a World-wide Web environment that renders it immediately useful.

Keywords

State-based authorisation, Application Security

BibTeX entry

@INPROCEEDINGS(wrapper,
  AUTHOR={Martin S Olivier and Ehud Gudes},
  TITLE={Wrappers --- a mechanism to support state-based authorisation in
      Web applications},
  EDITOR={Bhavani Thuraisingham and Reind P van de Riet and Klaus R
      Dittrich and Zahir Tari},
  BOOKTITLE={Data and Applications Security --- Developments and
      Directions},
  PAGES={149--160},
  PUBLISHER={Kluwer},
  YEAR={2001} )

Full text

The full text may be downloaded from http://mo.co.za/ask/wrapper.pdf (PDF, 103K) (©IFIP).

Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

[Publications] [Home]
Page maintained by Martin Olivier
Last update: 17 October, 2002