Wrappers - A Mechanism to Support State-based Authorisation in Web Applications

Martin S Olivier and Ehud Gudes

2002

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

Martin S Olivier and Ehud Gudes, "Wrappers - a mechanism to support state-based authorisation in Web applications", Data and Knowledge Engineering, 43, 3, 281-292, 2002

Note that this paper appeared earlier as a conference paper.

Abstract

The premises of this paper are 1) security is application dependent because application semantics directly influence proper protection; but 2) applications are generally too complex to be trusted to implement security as specified by the given security policy. These problems are aggravated if the application operates over time and space.

This paper proposes the use of a simple program (a ``wrapper'') that has enough knowledge about a specific application's potential states and the actions that are permissible in each state. Using this knowledge, it is able to filter requests that should not reach an application at a given point.

Keywords

Web Security, Application security, Access control, Wrappers, State-based authorisation

BibTeX entry

@ARTICLE(wrapper2,
  AUTHOR={Martin S Olivier and Ehud Gudes},
  TITLE={Wrappers --- a mechanism to support state-based authorisation in
      Web applications},
  JOURNAL={Data and Knowledge Engineering},
  VOLUME={43},
  NUMBER={3},
  YEAR={2002},
  PAGES={281--292} )

Full text

The full text is available from ScienceDirect. A preprint may be downloaded from http://mo.co.za/open/wrapper2.pdf (PDF, 171K) (©Elsevier).

[Publications] [Home]
Page maintained by Martin Olivier
Last update: 17 October 2002