Abstract
As hyperdocuments grow and offer more and more contents and services, some of them become more sensitive and should only be accessed by very specific users. Moreover, hypermedia applications can offer different views and manipulation abilities to different users, depending on the role they play in a particular context. Such security requirements have to be integrated into the development process in such a way that what is understood by a proper and safe manipulation of a hyperdocument has to be analysed, specified and implemented using the appropriate abstractions. In this paper we present a high-level security model applied to the modelling of security policies using components and services belonging to the hypermedia domain. The model uses negative ACLs and context-dependent user permissions for the specification of security rules. An example of its use for the design and operation of a web-based magazine is also described.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Commercial Computer Security Centre Security Functionality Manual, Department of Trade and Industry, V21-Version 3.0. February (1989)
Sandhu, R. and Jajodia, S.: Integrity principles and mechanisms in Database management systems. Computer&Security, 10, (1991) 413–427.
Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer, November, (1993) 9–19.
Brinkley, D.L. and Schell, R.R.: Concepts and Terminology for Computer Security. In “Information Security. A collection of essays” Ed. Abrams. M.D., Jajodia, S. and Podell, H.J. IEEE Computer Society Press (1995) 40–97.
Shandu, R.S., Coyne, E.J., Feinstein, H.L. and Youman, C.E.: Role-Based Access Control Models. IEEE Computer, 29(2), February (1996) 38–47.
Murugesan, S., Deshpande, Y., Hansen, S. and Ginige, A.: Web Engineering: A New Discipline for Development of web-based Systems. Proceedings of the First ICSE Workshop on Web-Engineering (http://listserv.macarthur.uws.edu.au/san/icse99-WebE-Proc/default.htm), (1999)
Lowe, D. and Hall, W. Hypermedia and the web: an engineering approach. John Wiley & Sons. (1999)
Fernández, E. B., Krishnakumar, R.N., Larrondo-Petrie, M.M. and Xu, Y.: High-level Security Issues in Multimedia/Hypertext Systems. Communications and Multimedia Security II. P. Horster (ed.), Chapman & Hall. (1996) 13–24.
Dìaz, P., Aedo, I., Panetsos, F. and Ribagorda, A.: A security model for the design of hypermedia systems. Proc. of the 14th Information Security Conference SEC98. Vienna and Budapest. (1998) 251–260.
Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM, 19 (5) (1976) 236–243.
Clark, D.D. and Wilson, D.R.: A Comparison of Commercial an Military Computer Security Policies. Proceedings of the Symposium on Security and Privacy (1987) 184–194.
Bertino, E., Jajodia, S. and Samarati, P.: A Flexible Authorization Model for Relational Data Management Systems. ACM Trans. of Information Systems, 17 (2), April (1999) 101–140.
Bell, D.E. and LaPadula, L.J.: “Secure Computer Systems: Mathematical Foundations and Model”. Mitre Corp. Report No. M74-244, Bedford, Mass (1975)
Biba, K.J.: “Integrity Considerations for Secure Computer Systems”. Mitre Corp. Report TR-3153, Bedford, Mass (1977)
Thuraisingham, B.: Multilevel security for information retrieval systems-II. Information and Management, 28, (1995) 49–61.
Dìaz, P., Aedo, I. and Panetsos, F. Modeling the dynamic behavior of hypermedia applications. IEEE Transactions on Software Engineering (forthcoming).
Graham, G.S. and Denning, P.:Protection-Principles and Practice, Proceedings Spring Join Comp. Conference, 40, AFIPS Press, Montvale, N.J. (1972) 417–429.
Dìaz, P., Aedo, I. and Panetsos, F.: Definition of integrity policies for web-based applications. In “Integrity and Internal Control in Information Systems Strategic Views on the Need for Control”. Eds. Margaret E. van Biene-Hershey and Leon A.M. Strous. Kluwer Academic Publishers. (2000) 85–98.
Furht, B.: Multimedia Systems: an overwiev. IEEE Multimedia, 1(1), 47–59, 1994.
Nielsen, J.: Multimedia and hypertext: the Internet and beyond. Academic Press Professional, Boston, (1995)
Tompa, F.: A Data Model for Flexible Hypertext Database Systems ACM Transactions on Information Systems, 7 (1).(1989) 85–100.
Halasz, F. G. and Schwartz, M.: The Dexter Hypertext Reference Model. Proc. of World Conference of Hypertext, (1990) 95–133.
Hardman, L., Bulterman, D. and Van Rossum, G.: The Amsterdam Hypermedia Model: Extending Hypertext to support Real Multimedia. Hypermedia 5 (1) (1993) 47–69.
Campbell, B. and Goodman, J. M.: HAM: A general purpose hypertext abstract Machine’ Communications of the ACM 31 (7) (1988) 856–861.
Stotts P. D. and Furuta R.: Petri-Net-Based Hypertext: Document Structure with Browsing Semantics. ACM Transactions on Office Information Systems, 7(1). (1989).
Lange, D B ‘A Formal Model of Hypertext’ Proceedings of the Hypertext Standardization Workshop, Judi Moline, Dan Beningni and Jean Baronas Eds. (1990) 145–166.
Merkl, D. and Pernul, G.: Security for next generation hypertext systems. Hypermedia. 6 (1) (1994) 1–19.
Samarati, P., Bertino, E. and Jajodia, S.: An Authorization Model for a Distributed Hypertext System. IEEE Transactions on Knowledge and Data Engineering, 8 (4), (1996) 555–562.
Dìaz, P., Aedo, I. and Panetsos, F.: Labyrinth, an abstract model for hypermedia applications. Description of its static components. Information Systems, 22 (8) (1997) 447–464.
Dìaz, P., Aedo, I. and Panetsos, F. A methodological framework for the conceptual design of hypermedia systems. Proc. of the Fifth Conference on “Hypertexts and Hypermedia: Products, Tools and Methods” (H2PTM 99). Paris, September, (1999) 213–228.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Díaz, P., Aedo, I., Panetsos, F. (2001). Modelling Security Policies in Hypermedia and Web- Based Applications. In: Murugesan, S., Deshpande, Y. (eds) Web Engineering. Lecture Notes in Computer Science, vol 2016. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45144-7_10
Download citation
DOI: https://doi.org/10.1007/3-540-45144-7_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42130-6
Online ISBN: 978-3-540-45144-0
eBook Packages: Springer Book Archive