Reference : ReACP: A Semi-Automated Framework for Reverse-engineering and Testing of Access Contr...
Reports : Other
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/27699
ReACP: A Semi-Automated Framework for Reverse-engineering and Testing of Access Control Policies of Web Applications
English
Le, Ha Thanh mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Nguyen, Duy Cu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
15-Jun-2016
48
978-2-87971-034-1
[en] Access control testing ; reverse-engineering of access control policies ; machine learning ; input specification mining
[en] This technical report details our a semi-automated framework for the reverse-engineering and testing of access control (AC) policies for web-based applications. In practice, AC specifications are often missing or poorly documented, leading to AC vulnerabilities. Our goal is to learn and recover AC policies from implementation, and assess them to find AC issues. Built on top of a suite of security tools, our framework automatically explores a system under test, mines domain input specifications from access request logs, and then, generates and executes more access requests using combinatorial test generation. We apply machine learning on the obtained data to characterise relevant attributes that influence access control to learn policies. Finally, the inferred policies are used for detecting AC issues, being vulnerabilities or implementation errors. We have evaluated our framework on three open-source applications with respect to correctness and completeness. The results are very promising in terms of the quality of inferred policies, more than 94% of them are correct with respect to implemented AC mechanisms. The remaining incorrect policies are mainly due to our unrefined permission classification. Moreover, a careful analysis of these policies has revealed 92 vulnerabilities, many of them are new.
University of Luxembourg: Interdisciplinary Centre for Security, Reliability and Trust - SnT
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/27699

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
FSE-TR.pdfAuthor postprint1.26 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.