A survey on server-side approaches to securing web applications, CSUR, vol.46, issue.4, p.54, 2014. ,
, OWASP top 10-2013, Tech. rep., OWASP Foundation, 2013.
The NIST model for role-based access control: towards a unified standard, RBAC'00, pp.47-63, 2000. ,
Complete analysis of configuration rules to guarantee reliable network security policies, JIS, vol.7, issue.2, pp.103-122, 2008. ,
URL : https://hal.archives-ouvertes.fr/hal-01207771
Anomaly discovery and resolution in web access control policies, SACMAT'11, pp.165-174, 2011. ,
Anomaly discovery and resolution in MySQL access control policies, DEXA'12, pp.514-522, 2012. ,
Taxonomy of conflicts in network security policies, Communications Magazine, IEEE, vol.44, issue.3, pp.134-141, 2006. ,
ModelDriven Security Policy Deployment: Property Oriented approach, ESSoS'10, pp.123-139, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00540842
Model-based Analysis of Java EE Web Security Configurations, MISE workshop, 2016. ,
Modisco: A model driven reverse engineering framework, IST, vol.56, issue.8, pp.1012-1032, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-00972632
ATL: a model transformation tool, SCP, vol.72, pp.31-39, 2008. ,
URL : https://hal.archives-ouvertes.fr/hal-00483363
, , 2005.
Validating UML models and OCL constraints, UML'00, pp.265-277, 2000. ,
Emf: Ocl plugin for the eclipse modeling framework, 2011. ,
Automated inference of access control policies for web applications, SACMAT'20, 2015. ,
, , 2013.
Validation of security policies by the animation of z specifications, SACMAT'11, pp.155-164, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00860805
Verification and change-impact analysis of access-control policies, ICSE'27, pp.196-205, 2005. ,
Acceleo user guide ,
EMF: Eclipse Modeling Framework 2.0, 2nd Edition, 2009. ,
,
, XACML Policy Integration Algorithms, vol.11, p.4, 2008.
, The Policy Continuum-Policy Authoring and Conflict Analysis, vol.31, pp.2981-2995, 2008.
Model-driven integration and analysis of access-control policies in multi-layer information systems, IFIP SEC'15, pp.218-233, 2015. ,
Conformance checking of access control policies specified in XACML, COMPSAC'07, vol.2, pp.275-280, 2007. ,
Model driven security: From uml models to access control infrastructures, TOSEM, vol.15, issue.1, pp.39-91, 2006. ,
Secureuml: A uml-based modeling language for model-driven security, UML'02, pp.426-441, 2002. ,
UMLsec: Extending UML for secure systems development, UML'02, pp.412-425, 2002. ,
Model-based security analysis for mobile communications, ICSE'08, pp.683-692, 2008. ,
Recovering role-based access control security models from dynamic web applications, ICWE'12, pp.121-136, 2012. ,
Extraction of inter-procedural simple role privilege models from php code, in: WCRE'09, pp.187-191, 2009. ,
Extraction and comprehension of moodle's access control model: A case study, PST'11, pp.44-51, 2011. ,
Access rights analysis for java, ACM SIGPLAN Notices, vol.37, pp.359-372, 2002. ,
A model driven reverse engineering framework for extracting business rules out of a Java application, International Workshop on Rules and Rule Markup Languages for the Semantic Web, pp.17-31, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00755010
Program slicing, Proceedings of the 5th international conference on Software engineering, pp.439-449, 1981. ,
Reverse engineering of database security policies, International Conference on Database and Expert Systems Applications, pp.442-449, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-01161908
Extracting UML/OCL integrity constraints and derived types from relational databases, 13th International Workshop on OCL, Model Constraint and Query Languages, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00869231