References of "ElRakaiby, Yehia"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAccess Control Enforcement Testing
El Kateb, Donia; ElRakaiby, Yehia; Mouelhi, Tejeddine et al

in Abstract book of 2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST) (2013)

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy ... [more ▼]

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy. [less ▲]

Detailed reference viewed: 47 (1 UL)
Full Text
Peer Reviewed
See detailA PEP-PDP Architecture to Monitor and Enforce Security Policies in Java Applications
Elrakaiby, Yehia; Le Traon, Yves UL

in 2013 International Conference on Availability, Reliability and Security (2013)

Security of Java-based applications is crucial to many businesses today. In this paper, we propose an approach to completely automate the generation of a security architecture inside of a target Java ... [more ▼]

Security of Java-based applications is crucial to many businesses today. In this paper, we propose an approach to completely automate the generation of a security architecture inside of a target Java application where advanced security policies can be enforced. Our approach combines the use of Aspect-Oriented Programming with the Policy Enforcement Point (PEP) - Policy Decision Point (PDP) paradigm and allows the runtime update of policies. [less ▲]

Detailed reference viewed: 72 (0 UL)
Full Text
Peer Reviewed
See detailAccess Control Enforcement Testing
El Kateb, Donia UL; Elrakaiby, Yehia; Mouelhi, Tejeddine UL et al

in 8th International Workshop on Automation of Software Test (AST), 2013 (2012, May)

A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy ... [more ▼]

A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy. [less ▲]

Detailed reference viewed: 73 (6 UL)