Abstract
Out-of-the-box Web Content Management Systems (WCMSs) are the tool of choice for the development of millions of enterprise web sites but also the basis of many web applications that reuse WCMS for important tasks like user registration and authentication. This widespread use highlights the importance of their security, as WCMSs may manage sensitive information whose disclosure could lead to monetary and reputation losses. However, little attention has been brought to the analysis of how developers use the content protection mechanisms provided by WCMSs, in particular, Access-control (AC). Indeed, once configured, knowing if the AC policy provides the required protection is a complex task as the specificities of each WCMS need to be mastered. To tackle this problem, we propose here a metamodel tailored to the representation of WCMS AC policies, easing the analysis and manipulation tasks by abstracting from vendor-specific details.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Drupal Open-source CMS (2013), http://drupal.org/
Alalfi, M.H., Cordy, J.R., Dean, T.R.: Recovering role-based access control security models from dynamic web applications. In: Brambilla, M., Tokuda, T., Tolksdorf, R. (eds.) ICWE 2012. LNCS, vol. 7387, pp. 121–136. Springer, Heidelberg (2012)
Gauthier, F., Letarte, D., Lavoie, T., Merlo, E.: Extraction and comprehension of moodle’s access control model: A case study. In: PST, pp. 44–51. IEEE (2011)
Martínez, S., Cosentino, V., Cabot, J., Cuppens, F.: Reverse Engineering of Database Security Policies. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds.) DEXA 2013, Part II. LNCS, vol. 8056, pp. 442–449. Springer, Heidelberg (2013)
Meike, M., Sametinger, J., Wiesauer, A.: Security in open source web content management systems. IEEE Security & Privacy 7(4), 44–51 (2009)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control, RBAC 2000, pp. 47–63. ACM (2000)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Communications Magazine 32(9), 40–48 (1994)
Vaidyanathan, G., Mautone, S.: Security in dynamic web content management systems applications. Communications of the ACM 52(12), 121–125 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Martínez, S., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J. (2013). Towards an Access-Control Metamodel for Web Content Management Systems. In: Sheng, Q.Z., Kjeldskov, J. (eds) Current Trends in Web Engineering. ICWE 2013. Lecture Notes in Computer Science, vol 8295. Springer, Cham. https://doi.org/10.1007/978-3-319-04244-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-04244-2_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04243-5
Online ISBN: 978-3-319-04244-2
eBook Packages: Computer ScienceComputer Science (R0)