Towards an Access-Control Metamodel for Web Content Management Systems

Abstract : Out-of-the-box Web Content Management Systems (WCMSs) are the tool of choice for the development of millions of enterprise web sites but also the basis of many web applications that reuse WCMS for important tasks like user registration and authentication. This widespread use highlights the importance of their security, as WCMSs may manage sensitive information whose disclosure could lead to monetary and reputation losses. However, little attention has been brought to the analysis of how developers use the content protection mechanisms provided by WCMSs, in particular, Access-control (AC). Indeed, once configured, knowing if the AC policy provides the required protection is a complex task as the specificities of each WCMS need to be mastered. To tackle this problem, we propose here a metamodel tailored to the representation of WCMS AC policies, easing the analysis and manipulation tasks by abstracting from vendor-specific details.
Type de document :
Communication dans un congrès
Springer. ICWE 2013: the International Conference on Web Engineering - MDWE 2013: Model-Driven Web Engineering, Jul 2013, Aalborg, Denmark. 8295, pp 148-155, 2013, Lecture Notes in Computer Science
Liste complète des métadonnées

https://hal.inria.fr/hal-00869324
Contributeur : Salvador Martínez Pérez <>
Soumis le : mercredi 2 octobre 2013 - 23:50:05
Dernière modification le : mardi 16 janvier 2018 - 15:54:26

Identifiants

  • HAL Id : hal-00869324, version 1

Citation

Salvador Martínez Pérez, García-Alfaro Joaquin, Cuppens Frédéric, Cuppens-Boulahia Nora, Jordi Cabot. Towards an Access-Control Metamodel for Web Content Management Systems. Springer. ICWE 2013: the International Conference on Web Engineering - MDWE 2013: Model-Driven Web Engineering, Jul 2013, Aalborg, Denmark. 8295, pp 148-155, 2013, Lecture Notes in Computer Science. 〈hal-00869324〉

Partager

Métriques

Consultations de la notice

401