Zagazig University Digital Repository
Home
Thesis & Publications
All Contents
Publications
Thesis
Graduation Projects
Research Area
Research Area Reports
Search by Research Area
Universities Thesis
ACADEMIC Links
ACADEMIC RESEARCH
Zagazig University Authors
Africa Research Statistics
Google Scholar
Research Gate
Researcher ID
CrossRef
Application vulnerability blocking
Faculty
Engineering
Year:
2011
Type of Publication:
Theses
Pages:
170
Authors:
Doaa Hassan Salem Mohammed
BibID
11424309
Keywords :
Computer systems
Abstract:
Today, many security application vulnerabilitics, especially those that arerelated to web applications can be viewed as an insecure information flowproblem and the different security mechanisms such as access control andencryption are not enough to guarantee a secure information flow.Recently, a new approach has been developed: the use of programminglanguage techniques for specifying and enforcing end to end information-flowpolicies, well known as security-typed programming languages or language-based security. In these languages, data types are annotated with securitylabels in order to identify the confidentiality and/or integrity policies foreach data element. A security label is a pair of a confidentiality policy andan integrity policy, which specifies the principals or entities allowed to reador influence the value of the data. respectively. The specification of prin-cipals in those languages allows modeling different roles in the applicationprogram with different security concerns such as users, groups and processes.In practical applications, language constructs for delegation and revocationamong principals are desired in order to permit a temporary information flowfrom one principal (the gran or) to a certain principale (the delegatee) andto renounce a prior permission.A general form of delegation is already present in some security typedprogramming languages such as Jif, a well known standard for security typedprogramming languages. Using delegation in this language a principal pcan act for another principal q (i.e., any action taken by principal q is alsoauthorized for principal p).
PDF
جامعة المنصورة
جامعة الاسكندرية
جامعة القاهرة
جامعة سوهاج
جامعة الفيوم
جامعة بنها
جامعة دمياط
جامعة بورسعيد
جامعة حلوان
جامعة السويس
شراقوة
جامعة المنيا
جامعة دمنهور
جامعة المنوفية
جامعة أسوان
جامعة جنوب الوادى
جامعة قناة السويس
جامعة عين شمس
جامعة أسيوط
جامعة كفر الشيخ
جامعة السادات
جامعة طنطا
جامعة بنى سويف