Skip to main content
SpringerLink
Log in

Modelling Security Policies in Hypermedia and Web- Based Applications

  • Chapter
  • First Online:
Web Engineering

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2016))

Abstract

As hyperdocuments grow and offer more and more contents and services, some of them become more sensitive and should only be accessed by very specific users. Moreover, hypermedia applications can offer different views and manipulation abilities to different users, depending on the role they play in a particular context. Such security requirements have to be integrated into the development process in such a way that what is understood by a proper and safe manipulation of a hyperdocument has to be analysed, specified and implemented using the appropriate abstractions. In this paper we present a high-level security model applied to the modelling of security policies using components and services belonging to the hypermedia domain. The model uses negative ACLs and context-dependent user permissions for the specification of security rules. An example of its use for the design and operation of a web-based magazine is also described.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Commercial Computer Security Centre Security Functionality Manual, Department of Trade and Industry, V21-Version 3.0. February (1989)

    Google Scholar 

  2. Sandhu, R. and Jajodia, S.: Integrity principles and mechanisms in Database management systems. Computer&Security, 10, (1991) 413–427.

    Google Scholar 

  3. Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer, November, (1993) 9–19.

    Google Scholar 

  4. Brinkley, D.L. and Schell, R.R.: Concepts and Terminology for Computer Security. In “Information Security. A collection of essays” Ed. Abrams. M.D., Jajodia, S. and Podell, H.J. IEEE Computer Society Press (1995) 40–97.

    Google Scholar 

  5. Shandu, R.S., Coyne, E.J., Feinstein, H.L. and Youman, C.E.: Role-Based Access Control Models. IEEE Computer, 29(2), February (1996) 38–47.

    Google Scholar 

  6. Murugesan, S., Deshpande, Y., Hansen, S. and Ginige, A.: Web Engineering: A New Discipline for Development of web-based Systems. Proceedings of the First ICSE Workshop on Web-Engineering (http://listserv.macarthur.uws.edu.au/san/icse99-WebE-Proc/default.htm), (1999)

  7. Lowe, D. and Hall, W. Hypermedia and the web: an engineering approach. John Wiley & Sons. (1999)

    Google Scholar 

  8. Fernández, E. B., Krishnakumar, R.N., Larrondo-Petrie, M.M. and Xu, Y.: High-level Security Issues in Multimedia/Hypertext Systems. Communications and Multimedia Security II. P. Horster (ed.), Chapman & Hall. (1996) 13–24.

    Google Scholar 

  9. Dìaz, P., Aedo, I., Panetsos, F. and Ribagorda, A.: A security model for the design of hypermedia systems. Proc. of the 14th Information Security Conference SEC98. Vienna and Budapest. (1998) 251–260.

    Google Scholar 

  10. Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM, 19 (5) (1976) 236–243.

    MATH  MathSciNet  Google Scholar 

  11. Clark, D.D. and Wilson, D.R.: A Comparison of Commercial an Military Computer Security Policies. Proceedings of the Symposium on Security and Privacy (1987) 184–194.

    Google Scholar 

  12. Bertino, E., Jajodia, S. and Samarati, P.: A Flexible Authorization Model for Relational Data Management Systems. ACM Trans. of Information Systems, 17 (2), April (1999) 101–140.

    Article  Google Scholar 

  13. Bell, D.E. and LaPadula, L.J.: “Secure Computer Systems: Mathematical Foundations and Model”. Mitre Corp. Report No. M74-244, Bedford, Mass (1975)

    Google Scholar 

  14. Biba, K.J.: “Integrity Considerations for Secure Computer Systems”. Mitre Corp. Report TR-3153, Bedford, Mass (1977)

    Google Scholar 

  15. Thuraisingham, B.: Multilevel security for information retrieval systems-II. Information and Management, 28, (1995) 49–61.

    Article  Google Scholar 

  16. Dìaz, P., Aedo, I. and Panetsos, F. Modeling the dynamic behavior of hypermedia applications. IEEE Transactions on Software Engineering (forthcoming).

    Google Scholar 

  17. Graham, G.S. and Denning, P.:Protection-Principles and Practice, Proceedings Spring Join Comp. Conference, 40, AFIPS Press, Montvale, N.J. (1972) 417–429.

    Google Scholar 

  18. Dìaz, P., Aedo, I. and Panetsos, F.: Definition of integrity policies for web-based applications. In “Integrity and Internal Control in Information Systems Strategic Views on the Need for Control”. Eds. Margaret E. van Biene-Hershey and Leon A.M. Strous. Kluwer Academic Publishers. (2000) 85–98.

    Google Scholar 

  19. Furht, B.: Multimedia Systems: an overwiev. IEEE Multimedia, 1(1), 47–59, 1994.

    Article  Google Scholar 

  20. Nielsen, J.: Multimedia and hypertext: the Internet and beyond. Academic Press Professional, Boston, (1995)

    Google Scholar 

  21. Tompa, F.: A Data Model for Flexible Hypertext Database Systems ACM Transactions on Information Systems, 7 (1).(1989) 85–100.

    Article  Google Scholar 

  22. Halasz, F. G. and Schwartz, M.: The Dexter Hypertext Reference Model. Proc. of World Conference of Hypertext, (1990) 95–133.

    Google Scholar 

  23. Hardman, L., Bulterman, D. and Van Rossum, G.: The Amsterdam Hypermedia Model: Extending Hypertext to support Real Multimedia. Hypermedia 5 (1) (1993) 47–69.

    Google Scholar 

  24. Campbell, B. and Goodman, J. M.: HAM: A general purpose hypertext abstract Machine’ Communications of the ACM 31 (7) (1988) 856–861.

    Article  Google Scholar 

  25. Stotts P. D. and Furuta R.: Petri-Net-Based Hypertext: Document Structure with Browsing Semantics. ACM Transactions on Office Information Systems, 7(1). (1989).

    Google Scholar 

  26. Lange, D B ‘A Formal Model of Hypertext’ Proceedings of the Hypertext Standardization Workshop, Judi Moline, Dan Beningni and Jean Baronas Eds. (1990) 145–166.

    Google Scholar 

  27. Merkl, D. and Pernul, G.: Security for next generation hypertext systems. Hypermedia. 6 (1) (1994) 1–19.

    Google Scholar 

  28. Samarati, P., Bertino, E. and Jajodia, S.: An Authorization Model for a Distributed Hypertext System. IEEE Transactions on Knowledge and Data Engineering, 8 (4), (1996) 555–562.

    Article  Google Scholar 

  29. Dìaz, P., Aedo, I. and Panetsos, F.: Labyrinth, an abstract model for hypermedia applications. Description of its static components. Information Systems, 22 (8) (1997) 447–464.

    Article  Google Scholar 

  30. Dìaz, P., Aedo, I. and Panetsos, F. A methodological framework for the conceptual design of hypermedia systems. Proc. of the Fifth Conference on “Hypertexts and Hypermedia: Products, Tools and Methods” (H2PTM 99). Paris, September, (1999) 213–228.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratorio DEI. Departamento de Informática, Universidad Carlos III de Madrid, Avda. de la Universidad 30, 28911, Leganés, Spain

    Paloma Díaz

  2. Departmento de Matemática Aplicada. Facultad de Biología, Universidad Complutense de Madrid, Avda. Complutense s/n, E-28040, Madrid, Spain

    Ignacio Aedo & Fivos Panetsos

Authors
  1. Paloma Díaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ignacio Aedo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fivos Panetsos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Western Sydney, Campbelltown Campus, Building 17, Locked Bag 1797, Penrith South, DC NSW, 1797, Australia

    San Murugesan  & Yogesh Deshpande  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Díaz, P., Aedo, I., Panetsos, F. (2001). Modelling Security Policies in Hypermedia and Web- Based Applications. In: Murugesan, S., Deshpande, Y. (eds) Web Engineering. Lecture Notes in Computer Science, vol 2016. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45144-7_10

Download citation

  • DOI: https://doi.org/10.1007/3-540-45144-7_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42130-6

  • Online ISBN: 978-3-540-45144-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation