Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation

Protection obligatoire des serveurs d’applications Web : application aux processus métiers

Abstract : This thesis focuses on mandatory access control in Web applications server. We present a novel approach of mandatory protection based on an abstract Web application model. Existing models of Web applications such as SOA fit with our abstract model. Our mandatory protection uses a dedicated language that allows to express the security requirements of a Web application. This dedicated protection language uses our Web application model to control efficiently the accesses of the subjects to the objects of a Web application. We establish a method to automatically compute the requested security policies facilitating thus the administration of the mandatory protection. An implementation on Microsoft-based environments uses the IIS Web server and the .Net Framework. The solution is independent from the Web applications to protect since it uses an application adaptor to interface our mandatory protection with the applications. This implementation is fully running on the workflow environments from the QualNet society, that cofunded this Ph.D thesis. Experiments show that our mandatory protection supports large scale environments since the overhead is near to 5 % and decreases when the size of the application increases.
Document type :
Complete list of metadata

Cited literature [46 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Monday, September 29, 2014 - 11:37:51 AM
Last modification on : Thursday, May 5, 2022 - 3:38:28 PM
Long-term archiving on: : Tuesday, December 30, 2014 - 12:01:02 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01069411, version 1


Maxime Fonda. Protection obligatoire des serveurs d’applications Web : application aux processus métiers. Autre [cs.OH]. Université d'Orléans, 2014. Français. ⟨NNT : 2014ORLE2011⟩. ⟨tel-01069411⟩



Record views


Files downloads