Chapter 1 RBAC ON THE WEB BY SECURE COOKIES
نویسندگان
چکیده
Current approaches to access control on Web servers do not scale to enterprisewide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store and transmit sensitive information in cookies. Cookies are stored and transmitted in clear text, which is readable and easily forged. In this paper, we describe an implementation of Role-Based Access Control with role hierarchies on the Web by secure cookies. Since a user’s role information is contained in a set of secure cookies and transmitted to the corresponding Web servers, these servers can trust the role information in the cookies after cookie-verification procedures and use it for role-based access control. In our implementation, we used CGI scripts and PGP (Pretty Good Privacy) to provide security services to secure cookies. The approach is transparent to users and applicable to existing Web servers and browsers.
منابع مشابه
RBAC on the Web by Secure Cookies
Current approaches to access control on Web servers do not scale to enterprisewide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store a...
متن کاملSecure Cookies on the Web
T he World Wide Web facilitates e-commerce on the Internet via its underlying hypertext transport protocol, which carries all interactions between Web servers and browsers.1 Since HTTP is stateless, however, it does not support continuity for browser-server interaction between successive user visits. Without a concept of a session in HTTP, users are strangers to a website every time they access...
متن کاملA Web-based Multilayer Access Control Model for Multimedia Applications in MPEG-7
This paper presents a Criterion-Based Role-Based Access Control model in which secure permissions (SP), secure operations (SOp), secure objects (SOb), and secure users (SU) are introduced. The security criterion expressions (SCE) embedded in SOb work as locks and the common elements of the security criterion subsets (SCSS) in SOp and SU work as keys. To support web-based applications, the remot...
متن کاملA Secure-Cookie Recipe for Electronic Transactions
Since there is no concept of a session in HTTP, Web servers and browsers use cookies to capture information for subsequent communications on the Web, thus providing continuity and state across HTTP connections. Technically, cookies can be used to support electronic transactions on the Web, holding users' credit card information. However, it is insecure to store and transmit sensitive informatio...
متن کاملA New Design for a Practical Secure Cookies System
Because of the stateless character of HTTP, cookies were invented to maintain continuity and states on the Web. Cookies which have user-related information are transmitted and stored, so an attacker can easily copy and modify them for his own purpose. Therefore, cookies are exposed to serious security threats such as network threats, end-system threats, and cookie-harvesting threats. In this pa...
متن کامل