TY - GEN
T1 - Policy and state based secure wrapper and its application to mobile agents
AU - Binun, A.
AU - Gudes, E.
N1 - Publisher Copyright:
© 2003 IEEE.
PY - 2003/1/1
Y1 - 2003/1/1
N2 - Execution process in modern Web applications is usually represented as a partially ordered sequence of basic actions issued by a client (login, buy, exit, etc.; the login action usually precedes purchasing). Based on these actions, a finite automaton of fine-grained authorization checks, may be specified in a separate layer that is easily configurable for security needs of a particular application. In the Mobile case there may be two such state machines - one performing state-based authorization checks of the application execution process and the other performing such checks for the mobile agent execution process. Authorization checks of these machines may be both state-based and policy based, and the policies should distinguish between human clients and mobile agents cases. We develop the framework to specify and enforce finegrained state-based authorization checks of Web application execution, consisting of a Web browser (client) and a server. We adopt this framework to the mobile case so that state machines representing finegrained authorization checks of application and mobile agent execution are synchronized.
AB - Execution process in modern Web applications is usually represented as a partially ordered sequence of basic actions issued by a client (login, buy, exit, etc.; the login action usually precedes purchasing). Based on these actions, a finite automaton of fine-grained authorization checks, may be specified in a separate layer that is easily configurable for security needs of a particular application. In the Mobile case there may be two such state machines - one performing state-based authorization checks of the application execution process and the other performing such checks for the mobile agent execution process. Authorization checks of these machines may be both state-based and policy based, and the policies should distinguish between human clients and mobile agents cases. We develop the framework to specify and enforce finegrained state-based authorization checks of Web application execution, consisting of a Web browser (client) and a server. We adopt this framework to the mobile case so that state machines representing finegrained authorization checks of application and mobile agent execution are synchronized.
KW - Mobile agents
UR - http://www.scopus.com/inward/record.url?scp=84945151652&partnerID=8YFLogxK
U2 - 10.1109/LAWEB.2003.1250278
DO - 10.1109/LAWEB.2003.1250278
M3 - Conference contribution
AN - SCOPUS:84945151652
T3 - Proceedings - 1st Latin American Web Congress: Empowering our Web, LA-WEB 2003
SP - 14
EP - 26
BT - Proceedings - 1st Latin American Web Congress
PB - Institute of Electrical and Electronics Engineers
T2 - 1st Latin American Web Congress, LA-WEB 2003
Y2 - 10 November 2003 through 12 November 2003
ER -