Creating application security layer based on resource access decision service

Download
2007
Metin, Mehmet Özer
Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring together access controlling with application-level security. Removing discrimination between enterprise-level and application-level security policies improves manageability, reusability and scalability of whole system. Resource Access Decision (RAD) specification has been implemented and used as authentication mechanism for this layer. RAD service not only provides encapsulating domain specific factors to give access decisions but also can form a solid base to apply positive and negative security model to secure enterprise web applications. Proposed solution has been used in a real life system and test results have been presented.

Suggestions

Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Göǧebakan, Yenal (2008-01-01)
Different solutions have been implemented for different security aspects (access control, application security) of enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this paper, we propose adding a new layer to n-tier web application architectures, which use RAD service implementations to execute enterprise and application security policies. Proposed architec...
Specification and verification of confidentiality in software architectures
Ulu, Cemil; Oğuztüzün, Mehmet Halit S.; Department of Computer Engineering (2004)
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns...
Design and implementation of a plug-in framework for distributed object technologies
Kadıoğlu, Koray; Doğru, Ali Hikmet; Department of Computer Engineering (2006)
This thesis presents a framework design and implementation that enables run-time selection of different remote call mechanisms. In order to implement an extendable and modular system with run-time upgrading facility, a plug-in framework design is used. Since such a design requires enhanced usage of run-time facilities of the programming language that is used to implement the framework, in this study Java is selected because of its reflection and dynamic class loading facilities. A sample usage of this frame...
A knowledge based product line for semantic modeling of web service families
Orhan, Umut; Doğru, Ali Hikmet; Department of Computer Engineering (2008)
Some mechanisms to enable an effective transition from domain models to web service descriptions are developed. The introduced domain modeling support provides verification and correction on the customization part. An automated mapping mechanism from the domain model to web service ontologies is also developed. The proposed approach is based on Feature-Oriented Domain Analysis (FODA), Semantic Web technologies and ebXML Business Process Specification Schema (ebBP). Major contributions of this work are the c...
Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
Citation Formats
M. Ö. Metin, “Creating application security layer based on resource access decision service,” M.S. - Master of Science, Middle East Technical University, 2007.