On the Automated Creation of Understandable Positive Security Models for Web Applications

March 17-March 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/PERCOM.2008.59

2008 Sixth Annual IEEE International ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Christian Bockermann Articles by Ingo Mierswa Articles by Katharina Morik

	ASCII Text	x
	Christian Bockermann, Ingo Mierswa, Katharina Morik, "On the Automated Creation of Understandable Positive Security Models for Web Applications," Pervasive Computing and Communications, IEEE International Conference on, pp. 554-559, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications, 2008.

	BibTex	x
	@article{ 10.1109/PERCOM.2008.59, author = {Christian Bockermann and Ingo Mierswa and Katharina Morik}, title = {On the Automated Creation of Understandable Positive Security Models for Web Applications}, journal ={Pervasive Computing and Communications, IEEE International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3113-7}, pages = {554-559}, doi = {http://doi.ieeecomputersociety.org/10.1109/PERCOM.2008.59}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pervasive Computing and Communications, IEEE International Conference on TI - On the Automated Creation of Understandable Positive Security Models for Web Applications SN - 978-0-7695-3113-7 SP554 EP559 A1 - Christian Bockermann, A1 - Ingo Mierswa, A1 - Katharina Morik, PY - 2008 KW - null VL - 0 JA - Pervasive Computing and Communications, IEEE International Conference on ER -

Christian Bockermann

Ingo Mierswa

Katharina Morik

Web applications pose new security-related challengessince attacks on web applications strongly differ from thoseon client-server applications. Traditional network-basedﬁrewall systems offer no protection against this kind of at-tacks since they occur on the application-level. The cur-rent solution is the manual deﬁnition of large sets of ﬁlter-ing rules which should prevent malicious attempts from be-ing successful. We propose a new framework which shouldavoid this tedious work. The basic idea is the deﬁnition of adescription language for positive security models taking theparticularities of web applications into account. We thenpresent adaptive techniques which employ this descriptionlanguage in order to describe the valid communication toa given web application. The simplicity of the descriptionlanguage allows the easy identiﬁcation of unintentionallyincorporated vulnerabilities. Experiments for several real-world web applications demonstrate the usefulness of theproposed approach.

Citation:

Christian Bockermann, Ingo Mierswa, Katharina Morik, "On the Automated Creation of Understandable Positive Security Models for Web Applications," percom, pp.554-559, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.