The MIT Libraries is completing a major upgrade to DSpace@MIT.
Starting May 5 2026, DSpace will remain functional, viewable, searchable, and downloadable, however, you will not be able to edit existing collections or add new material.
We are aiming to have full functionality restored by May 18, 2026, but intermittent service interruptions may occur.
Please email dspace-lib@mit.edu with any questions.
Thank you for your patience as we implement this important upgrade.
Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns
| dc.contributor.author | Near, Joseph Paul | |
| dc.contributor.author | Jackson, Daniel | |
| dc.date.accessioned | 2016-04-20T19:02:36Z | |
| dc.date.available | 2016-04-20T19:02:36Z | |
| dc.date.issued | 2016-05 | |
| dc.identifier.isbn | 978-1-4503-3900-1 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/102281 | |
| dc.description.abstract | We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's code matches an allowed exposure from a security pattern in our catalog. The only user-provided input is a mapping from application types to the types of the catalog; the rest of the process is entirely automatic. In an evaluation on the 50 most watched Ruby on Rails applications on Github, Space reported 33 possible bug--|23 previously unknown security bugs, and 10 false positives. | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (Grant 0707612) | en_US |
| dc.language.iso | en_US | |
| dc.publisher | Association for Computing Machinery (ACM) | en_US |
| dc.relation.isversionof | http://2016.icse.cs.txstate.edu/technical-research | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | Jackson | en_US |
| dc.title | Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Near, Joseph P., and Daniel Jackson. "Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns." 38th International Conference on Software Engineering (May 2016). | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.contributor.approver | Jackson, Daniel | en_US |
| dc.contributor.mitauthor | Jackson, Daniel | en_US |
| dc.relation.journal | Proceedings of the 38th International Conference on Software Engineering | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dspace.orderedauthors | Near, Joseph P.; Jackson, Daniel | en_US |
| dc.identifier.orcid | https://orcid.org/0000-0003-4864-078X | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
| mit.metadata.status | Complete |
