{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T16:32:58Z","timestamp":1761323578887},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540878902"},{"type":"electronic","value":"9783540878919"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-87891-9_5","type":"book-chapter","created":{"date-parts":[[2008,10,9]],"date-time":"2008-10-09T02:48:06Z","timestamp":1223520486000},"page":"64-79","source":"Crossref","is-referenced-by-count":4,"title":["Validating Access Control Configurations in J2EE Applications"],"prefix":"10.1007","author":[{"given":"Lianshan","family":"Sun","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gang","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hong","family":"Mei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","volume-title":"Component Software: Beyond Object-Oriented Programming","author":"C. Szyperski","year":"2002","unstructured":"Szyperski, C.: Component Software: Beyond Object-Oriented Programming, 2nd edn. Addison Wesley, London (2002)","edition":"2"},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/11424529_9","volume-title":"Component-Based Software Engineering","author":"L. Lan","year":"2005","unstructured":"Lan, L., Huang, G., et al.: Architecture Based Deployment of Large-Scale Component Based Systems: The Tool and Principles. In: Heineman, G., Crnkovic, I., Schmidt, H.W., Stafford, J.A., Szyperski, C., Wallnau, K. (eds.) CBSE 2005. LNCS, vol.\u00a03489, pp. 123\u2013138. Springer, Heidelberg (2005)"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/11424529_1","volume-title":"Component-Based Software Engineering","author":"Y. Liu","year":"2005","unstructured":"Liu, Y., Gorton, I.: Performance Prediction of J2EE Applications Using Messaging Protocols. In: Heineman, G., Crnkovic, I., Schmidt, H.W., Stafford, J.A., Szyperski, C., Wallnau, K. (eds.) CBSE 2005. LNCS, vol.\u00a03489, pp. 123\u2013138. Springer, Heidelberg (2005)"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11783565_1","volume-title":"Component-Based Software Engineering","author":"K.K. Lau","year":"2006","unstructured":"Lau, K.K., Ukis, V.: Defining and Checking Deployment Contracts for Software Components. In: Gorton, I., Heinemann, G.T., Crnkovic, I., Schmidt, H.W., Stafford, J.A., Szyperski, C., Wallnau, K. (eds.) CBSE 2006. LNCS, vol.\u00a04063, pp. 1\u201316. Springer, Heidelberg (2006)"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/3-540-45608-2_3","volume-title":"Foundations of Security Analysis and Design","author":"P. Samarati","year":"2001","unstructured":"Samarati, P., di Vimercati, S.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol.\u00a02171, pp. 137\u2013196. Springer, Heidelberg (2001)"},{"key":"5_CR6","unstructured":"BS799-1: Information Security Management\u2014Part 1: Code of Practice for Information Security, British Standards Institution, London (1999)"},{"issue":"2","key":"5_CR7","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coyne, E.J., et al.: Role-based access control models. Computer\u00a029(2), 38\u201347 (1996)","journal-title":"Computer"},{"key":"5_CR8","unstructured":"Sun Microsystems, The Java EE 5 Tutorial, http:\/\/java.sun.com\/javaee\/5\/docs\/"},{"key":"5_CR9","unstructured":"Sun Microsystems, Enterprise JavaBeans Specification v3.0, http:\/\/java.sun.com\/products\/ejb\/"},{"issue":"14","key":"5_CR10","doi-asserted-by":"publisher","first-page":"979","DOI":"10.1016\/S0950-5849(03)00097-1","volume":"45","author":"R. Crook","year":"2003","unstructured":"Crook, R., Ince, D.C., et al.: Modelling access policies using roles in requirements engineering. J. Information & Software Technology\u00a045(14), 979\u2013991 (2003)","journal-title":"J. Information & Software Technology"},{"key":"5_CR11","unstructured":"Ahn, G.J.: The RCL 2000 language for specifying role-based authorization constraints, Ph.D. thesis, George Mason University, Fairfax, Virginia (1999)"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-540-31979-5_13","volume-title":"Information Security Practice and Experience","author":"F. Hansen","year":"2005","unstructured":"Hansen, F., Oleshchuk, V.: Conformance Checking of RBAC Policy and Its Implementation. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol.\u00a03439, pp. 144\u2013155. Springer, Heidelberg (2005)"},{"key":"5_CR13","first-page":"196","volume-title":"Proc. of ICSE 2005","author":"K.S. Fisler","year":"2005","unstructured":"Fisler, K.S., Krishnamurthi, L., et al.: Verification and change-impact analysis of access-control policies. In: Proc. of ICSE 2005, pp. 196\u2013205. ACM Press, New York (2005)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Martin, E., Xie, T.: A fault model and mutation testing of access control policies. In: Proc. of WWW 2007, pp. 667\u2013676 (2007)","DOI":"10.1145\/1242572.1242663"},{"key":"5_CR15","unstructured":"Moses, T.: eXtensible Access Control Markup Language (XACML) version 1.0. Technical report, OASIS (February 2003)"},{"key":"5_CR16","unstructured":"Ilechko, P., Kagan, M.: Authorization concepts and solutions for J2EE applications, http:\/\/www.ibm.com\/developerworks\/websphere\/library\/techarticles\/0607_ilechko\/0607_ilechko.html"},{"key":"5_CR17","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1002\/spe.513","volume":"33","author":"S. Vimercati","year":"2003","unstructured":"Vimercati, S., Paraboschi, S., et al.: Access control: principles and solutions. Software - Practice and Experience\u00a033, 397\u2013421 (2003)","journal-title":"Software - Practice and Experience"},{"issue":"2","key":"5_CR18","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1145\/356876.356879","volume":"14","author":"W.R. Adrion","year":"1982","unstructured":"Adrion, W.R., Branstad, M.A., et al.: Validation, Verification, and Testing of Computer Software. ACM Computing Surveys (CSUR)\u00a014(2), 159\u2013192 (1982)","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"5_CR19","first-page":"167","volume-title":"Proc. of ICRE 2005","author":"P. Giorgini","year":"2005","unstructured":"Giorgini, P., Massacci, F., et al.: Modeling Security Requirements Through Ownership, Permission and Delegation. In: Proc. of ICRE 2005, pp. 167\u2013176. IEEE Computer Society Press, Los Alamitos (2005)"},{"issue":"6","key":"5_CR20","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1145\/506315.506316","volume":"23","author":"D. Grove","year":"2001","unstructured":"Grove, D., Chambers, C.: A Framework for Call Graph Construction Algorithms. ACM Trans. Program. Lang. Syst.\u00a023(6), 685\u2013746 (2001)","journal-title":"ACM Trans. Program. Lang. Syst."},{"issue":"2","key":"5_CR21","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s10515-006-7738-4","volume":"13","author":"G. Huang","year":"2006","unstructured":"Huang, G., Mei, H., et al.: Runtime recovery and manipulation of software architecture of component-based systems. Autom. Softw. Eng.\u00a013(2), 257\u2013281 (2006)","journal-title":"Autom. Softw. Eng."},{"issue":"1","key":"5_CR22","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/32.895989","volume":"27","author":"B. Ramesh","year":"2001","unstructured":"Ramesh, B., Jarke, M.: Toward reference models for requirements traceability. IEEE Transactions on Software Engineering\u00a027(1), 58\u201393 (2001)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Vo, H.D., Suzuki, M.: An Approach for Specifying Access Control Policy in J2EE Applications. In: Proc. of APSEC 2007, pp. 422\u2013429 (2007)","DOI":"10.1109\/ASPEC.2007.19"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Samarati, P., et al.: A logical language for expressing authorizations. In: Proc. of 1997 IEEE Symposium on Security and Privacy, pp. 31\u201342 (1997)","DOI":"10.1109\/SECPRI.1997.601312"},{"issue":"5","key":"5_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1022494.1022530","volume":"29","author":"G. Naumovich","year":"2004","unstructured":"Naumovich, G., Centonze, P.: Static Analysis of Role-Based Access Control in J2EE Applications. SIGSOFT Software Engineering Notes\u00a029(5), 1\u201310 (2004)","journal-title":"SIGSOFT Software Engineering Notes"},{"key":"5_CR26","first-page":"121","volume-title":"Proc. of the ISSTA 2006","author":"P. Centonze","year":"2006","unstructured":"Centonze, P., Naumovich, G., Fink, S.J., et al.: Role-Based Access Control Consistency Validation. In: Proc. of the ISSTA 2006, pp. 121\u2013132. ACM Press, New York (2006)"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Martin, E., Xie, T., et al.: Assessing Quality of Policy Properties in Verification of Access Control Policies. Technical Report. North Carolina State University Raleigh, NC, USA (2007)","DOI":"10.1109\/ACSAC.2008.48"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/11555827_5","volume-title":"Computer Security \u2013 ESORICS 2005","author":"K. Sohr","year":"2005","unstructured":"Sohr, K., Ahn, G.J., et al.: Specification and Validation of Authorisation Constraints Using UML and OCL. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol.\u00a03679, pp. 64\u201379. Springer, Heidelberg (2005)"},{"key":"5_CR29","first-page":"478","volume-title":"Proc. of ICSE 2007","author":"M. Pistoia","year":"2007","unstructured":"Pistoia, M., Fink, S.J., et al.: When Role Models Have Flaws: Static Validation of Enterprise Security Policies. In: Proc. of ICSE 2007, pp. 478\u2013488. IEEE Computer Society, Los Alamitos (2007)"},{"key":"5_CR30","unstructured":"Massacci, F., Zannone, N.: Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank, Technical Report DIT-06-002, University of Trento (2006)"}],"container-title":["Lecture Notes in Computer Science","Component-Based Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87891-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,14]],"date-time":"2019-05-14T10:11:24Z","timestamp":1557828684000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87891-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540878902","9783540878919"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87891-9_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}