Creating application security layer based on resource access decision service

Download
2007
Metin, Mehmet Özer
Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring together access controlling with application-level security. Removing discrimination between enterprise-level and application-level security policies improves manageability, reusability and scalability of whole system. Resource Access Decision (RAD) specification has been implemented and used as authentication mechanism for this layer. RAD service not only provides encapsulating domain specific factors to give access decisions but also can form a solid base to apply positive and negative security model to secure enterprise web applications. Proposed solution has been used in a real life system and test results have been presented.

Suggestions

Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Göǧebakan, Yenal (2008-01-01)
Different solutions have been implemented for different security aspects (access control, application security) of enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this paper, we propose adding a new layer to n-tier web application architectures, which use RAD service implementations to execute enterprise and application security policies. Proposed architec...
A knowledge based product line for semantic modeling of web service families
Orhan, Umut; Doğru, Ali Hikmet; Department of Computer Engineering (2008)
Some mechanisms to enable an effective transition from domain models to web service descriptions are developed. The introduced domain modeling support provides verification and correction on the customization part. An automated mapping mechanism from the domain model to web service ontologies is also developed. The proposed approach is based on Feature-Oriented Domain Analysis (FODA), Semantic Web technologies and ebXML Business Process Specification Schema (ebBP). Major contributions of this work are the c...
Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
A recommendation system combining context-awarenes and user profiling in mobile environment
Ulucan, Serkan; Erkmen, Aydan Müşerref; Department of Electrical and Electronics Engineering (2005)
Up to now various recommendation systems have been proposed for web based applications such as e-commerce and information retrieval where a large amount of product or information is available. Basically, the task of the recommendation systems in those applications, for example the e-commerce, is to find and recommend the most relevant items to users/customers. In this domain, the most prominent approaches are أcollaborative filteringؤ and أcontent-based filteringؤ. Sometimes these approaches are called as أ...
A certificate based, context aware access control model for multi domain environments
Yortanlı, Ahmet; Koçyiğit, Altan; Department of Information Systems (2010)
A certificate based approach is proposed for access control operations of context aware systems for multi domain environments. New model deals with the removal of inter-domain communication requirement in access request evaluation process. The study is applied on a prototype implementation with configuration for two di erent cases to show the applicability of the proposed certificate based, context aware access control model for multi domain environments. The outputs for the cases show that proposed access ...
Citation Formats
M. Ö. Metin, “Creating application security layer based on resource access decision service,” M.S. - Master of Science, Middle East Technical University, 2007.