The need for application-aware access control evaluation

Garrison, William C.; Lee, Adam J.; Hinrichs, Timothy L.

doi:10.1145/2413296.2413307

Cited by 1 publication

(1 citation statement)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Shiro [18], a project of the Apache Software Foundation, is a powerful and flexible open-source Java security framework. Its predecessor is JSecurity.…”

Section: Related Frameworkmentioning

confidence: 99%

An improved security framework for Web service-based resources

Jiang¹,

Xu²,

Dong³

et al. 2016

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Web service-based application has become one of the dominative ones of the Internet. This trend brings more and more security challenges in reliability, confidentiality, and data nonrepudiation, especially in some systems that have massive diversified resources. An improved framework for secure accesses of Web resources is presented and implemented by extending and enhancing the Spring Security framework. It improves the security level of systems for identity authentication, authorized access, and secure transmission. The highly safe authentication is based on the integration of an improved authentication module of Spring Security with a U-key method and a RSA algorithm. For authorized access, the Spring Security's ACL (access control list) mechanism is improved by optimizing the domain object-level access control. For secure transmission, a compromising method is presented to take both the security level and the speed of data transmission into account by means of mixing the RSA and DES algorithms. In addition, the security interceptor of Spring Security is extended and a series of security filters are added to keep Web attacks away. The above improved security framework has been applied to an online virtual experiment platform named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems decreased dramatically. Moreover, VeePalms has been used in practice for about 2 years, which has proved the effectiveness of the security framework.

show abstract

“…Shiro [18], a project of the Apache Software Foundation, is a powerful and flexible open-source Java security framework. Its predecessor is JSecurity.…”

Section: Related Frameworkmentioning

confidence: 99%