Current intrusion detection systems work in isolation from access control for the application the systems aim to protect. The lack of coordination and inter-operation between thes...
Tatyana Ryutov, B. Clifford Neuman, Dong-Ho Kim, L...
Web servers are ubiquitous, remotely accessible, and often misconfigured. In addition, custom web-based applications may introduce vulnerabilities that are overlooked even by the ...
Giovanni Vigna, William K. Robertson, Vishal Kher,...
The Java (TM) Virtual Machine is being used more frequently as the basic engine behind dynamic web services. With the proliferation of network attacks on these network resources, ...
David M. Wheeler, Adam Conyers, Jane Luo, Alex Xio...
This paper¢ presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabiliti...
SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. While these attacks are generally against the application...