Use this URL to cite or link to this record in EThOS:
Title: A declarative and fine-grained policy language for the Web application domain
Author: Ghotbi, Seyed Hossein
ISNI:       0000 0004 5347 2925
Awarding Body: University of Southampton
Current Institution: University of Southampton
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
A Web application that deploys on a set of servers and can be accessed by a large number of users over the Internet requires efficient security mechanisms. The core element in security is access control that enforces desired policies over the shared objects of the system and stops the unauthorised users to operate on these objects. Moreover, the used access control mechanism needs to be managed, through authorisation management elements, during the run-time of the system by the administrators. Therefore, the development of such models and their mechanisms are a main concern for secure systems development. Fine-grained access control and their authorisation management models provide more customisation possibilities and administrative power to the developers; however, in Web applications these models are typically hand-coded without taking advantage of the data model, object types, or contextual information. This thesis presents the design, implementation and evaluation of (), a declarative, fine-grained policy language that enables the developer to define a set of fine-grained access control and authorisation management models for a Web application. For () three types of access control and authorisation management models were designed and implemented. These models, used by (), are based on four main access control approaches, namely attribute-, discretionary-, mandatory-, and role-based access control models. For efficiency and flexibility, each access control model can be used with an authorisation management model. () compiler, first validates and verifies all these models based on written transformation strategies and verifies them by translating them into logical satisfiability problems to check the models for correctness and completeness, and against independently defined coverage criteria. If the models pass these tests, the generator then compiles them down to the existing tiers of WebDSL, a domain specific Web programming language.
Supervisor: Fischer, Bernd Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available
Keywords: QA75 Electronic computers. Computer science