{"id":"https://openalex.org/W4313549245","doi":"https://doi.org/10.1109/acit57182.2022.9994086","title":"Discovering Authorization Business Rules toward Detecting Web Applications Logic Flaws","display_name":"Discovering Authorization Business Rules toward Detecting Web Applications Logic Flaws","publication_year":2022,"publication_date":"2022-11-22","ids":{"openalex":"https://openalex.org/W4313549245","doi":"https://doi.org/10.1109/acit57182.2022.9994086"},"language":"en","primary_location":{"id":"doi:10.1109/acit57182.2022.9994086","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/acit57182.2022.9994086","pdf_url":null,"source":{"id":"https://openalex.org/S4363608405","display_name":"2022 International Arab Conference on Information Technology (ACIT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Arab Conference on Information Technology (ACIT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068002445","display_name":"Hamza Alkofahi","orcid":"https://orcid.org/0000-0001-5510-7700"},"institutions":[{"id":"https://openalex.org/I156983542","display_name":"Jordan University of Science and Technology","ror":"https://ror.org/03y8mtb59","country_code":"JO","type":"education","lineage":["https://openalex.org/I156983542"]}],"countries":["JO"],"is_corresponding":true,"raw_author_name":"Hamza Alkofahi","raw_affiliation_strings":["Jordan University of Science and Technology,Department of Software Engineering,Irbid,Jordan","Department of Software Engineering, Jordan University of Science and Technology, Irbid, Jordan"],"affiliations":[{"raw_affiliation_string":"Jordan University of Science and Technology,Department of Software Engineering,Irbid,Jordan","institution_ids":["https://openalex.org/I156983542"]},{"raw_affiliation_string":"Department of Software Engineering, Jordan University of Science and Technology, Irbid, Jordan","institution_ids":["https://openalex.org/I156983542"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074647441","display_name":"David Umphress","orcid":null},"institutions":[{"id":"https://openalex.org/I82497590","display_name":"Auburn University","ror":"https://ror.org/02v80fc35","country_code":"US","type":"education","lineage":["https://openalex.org/I82497590"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Umphress","raw_affiliation_strings":["Auburn University,Department of Computer Science and Software Engineering,Auburn,USA","Department of Computer Science and Software Engineering, Auburn University, Auburn, USA"],"affiliations":[{"raw_affiliation_string":"Auburn University,Department of Computer Science and Software Engineering,Auburn,USA","institution_ids":["https://openalex.org/I82497590"]},{"raw_affiliation_string":"Department of Computer Science and Software Engineering, Auburn University, Auburn, USA","institution_ids":["https://openalex.org/I82497590"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045259224","display_name":"Heba Alawneh","orcid":null},"institutions":[{"id":"https://openalex.org/I2799468983","display_name":"King Hussein Cancer Center","ror":"https://ror.org/0564xsr50","country_code":"JO","type":"funder","lineage":["https://openalex.org/I2799468983"]},{"id":"https://openalex.org/I100086675","display_name":"Al-Hussein Bin Talal University","ror":"https://ror.org/019dkd780","country_code":"JO","type":"education","lineage":["https://openalex.org/I100086675"]}],"countries":["JO"],"is_corresponding":false,"raw_author_name":"Heba Alawneh","raw_affiliation_strings":["Al Hussein Technical University,Department of Cybersecurity,Amman,Jordan","Department of Cybersecurity, Al Hussein Technical University, Amman, Jordan"],"affiliations":[{"raw_affiliation_string":"Al Hussein Technical University,Department of Cybersecurity,Amman,Jordan","institution_ids":["https://openalex.org/I2799468983","https://openalex.org/I100086675"]},{"raw_affiliation_string":"Department of Cybersecurity, Al Hussein Technical University, Amman, Jordan","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5068002445"],"corresponding_institution_ids":["https://openalex.org/I156983542"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.28204756,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"10","issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7854223847389221},{"id":"https://openalex.org/keywords/business-logic","display_name":"Business logic","score":0.6064333319664001},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.5325034856796265},{"id":"https://openalex.org/keywords/business-rule","display_name":"Business rule","score":0.5071606636047363},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.4893309473991394},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.48078984022140503},{"id":"https://openalex.org/keywords/semantics-of-business-vocabulary-and-business-rules","display_name":"Semantics of Business Vocabulary and Business Rules","score":0.4432191252708435},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.38840416073799133},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3870163857936859},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3332329988479614},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3263341188430786},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2436399757862091},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17720642685890198},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09500625729560852},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.09408637881278992}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7854223847389221},{"id":"https://openalex.org/C146222976","wikidata":"https://www.wikidata.org/wiki/Q1204997","display_name":"Business logic","level":2,"score":0.6064333319664001},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.5325034856796265},{"id":"https://openalex.org/C11066294","wikidata":"https://www.wikidata.org/wiki/Q1518244","display_name":"Business rule","level":4,"score":0.5071606636047363},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.4893309473991394},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.48078984022140503},{"id":"https://openalex.org/C177688676","wikidata":"https://www.wikidata.org/wiki/Q7449106","display_name":"Semantics of Business Vocabulary and Business Rules","level":5,"score":0.4432191252708435},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.38840416073799133},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3870163857936859},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3332329988479614},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3263341188430786},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2436399757862091},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17720642685890198},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09500625729560852},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.09408637881278992},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/acit57182.2022.9994086","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/acit57182.2022.9994086","pdf_url":null,"source":{"id":"https://openalex.org/S4363608405","display_name":"2022 International Arab Conference on Information Technology (ACIT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Arab Conference on Information Technology (ACIT)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6299999952316284}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1559255981","https://openalex.org/W1975152892","https://openalex.org/W2032933424","https://openalex.org/W2072866330","https://openalex.org/W2077748623","https://openalex.org/W2079452443","https://openalex.org/W2082550700","https://openalex.org/W2089775132","https://openalex.org/W2106446203","https://openalex.org/W2127456326","https://openalex.org/W2129066856","https://openalex.org/W2141807666","https://openalex.org/W2144271133","https://openalex.org/W2308071406","https://openalex.org/W2350778671","https://openalex.org/W2571012312","https://openalex.org/W2793043914","https://openalex.org/W3152306310","https://openalex.org/W4283809450","https://openalex.org/W4294141750","https://openalex.org/W6639030872","https://openalex.org/W6698240980"],"related_works":["https://openalex.org/W2050055780","https://openalex.org/W2131822530","https://openalex.org/W2362401809","https://openalex.org/W2002568573","https://openalex.org/W18030408","https://openalex.org/W137108283","https://openalex.org/W2044166240","https://openalex.org/W1001775474","https://openalex.org/W618145325","https://openalex.org/W2778769962"],"abstract_inverted_index":{"Aggressive":[0],"integration":[1],"of":[2,14,43,46,56,125,130],"validation":[3],"checks":[4],"into":[5],"web":[6,15,82],"framework":[7],"software":[8],"has":[9,29],"altered":[10],"the":[11,19,61,123,127],"attack":[12],"surface":[13],"applications":[16,83,89],"by":[17],"reducing":[18],"opportunity":[20],"for":[21,76,98],"traditional":[22],"injection":[23],"flaws.":[24],"The":[25,54,132],"hacking":[26],"community's":[27],"reaction":[28],"shifted":[30],"to":[31,39,94],"a":[32,72],"more":[33,37],"subtle":[34],"-":[35,41],"and":[36,48,118,137],"challenging":[38],"detect":[40],"form":[42],"attacks,":[44],"that":[45,90,114],"discovering":[47,77,140],"exploiting":[49],"underlying":[50],"application":[51,63],"business":[52,58,79,141],"logic.":[53],"lack":[55,91],"accurate":[57],"rules":[59,80],"defining":[60],"final":[62],"product":[64],"extends":[65],"its":[66],"logical":[67],"vulnerability":[68],"surface.":[69],"We":[70,120],"propose":[71],"novel":[73],"black-box":[74],"approach":[75,102],"authorization":[78],"in":[81,139,144],"through":[84],"users'":[85,116],"dynamic":[86],"behavior.":[87],"Allowing":[88],"formal":[92],"specifications":[93],"be":[95],"better":[96],"tested":[97],"logic":[99],"vulnerabilities.":[100],"Our":[101],"discovers":[103],"groups":[104],"using":[105],"agglomerative":[106],"hierarchical":[107],"clustering":[108],"based":[109],"on":[110],"different":[111],"profiling":[112],"techniques":[113],"capture":[115],"actions":[117],"privileges.":[119],"also":[121],"automated":[122],"process":[124],"identifying":[126],"optimal":[128],"number":[129],"roles.":[131],"results":[133],"indicated":[134],"high":[135],"quality":[136],"stability":[138],"rules,":[142],"even":[143],"smaller":[145],"datasets.":[146]},"counts_by_year":[],"updated_date":"2025-12-23T23:11:35.936235","created_date":"2025-10-10T00:00:00"}