{"id":"https://openalex.org/W1994208120","doi":"https://doi.org/10.1145/1022494.1022530","title":"Static analysis of role-based access control in J2EE applications","display_name":"Static analysis of role-based access control in J2EE applications","publication_year":2004,"publication_date":"2004-09-01","ids":{"openalex":"https://openalex.org/W1994208120","doi":"https://doi.org/10.1145/1022494.1022530","mag":"1994208120"},"language":"en","primary_location":{"id":"doi:10.1145/1022494.1022530","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1022494.1022530","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051025628","display_name":"Gleb Naumovich","orcid":null},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Gleb Naumovich","raw_affiliation_strings":["Polytechnic University, Brooklyn, NY","Polytechnic University, Brooklyn, NY,#TAB#"],"affiliations":[{"raw_affiliation_string":"Polytechnic University, Brooklyn, NY","institution_ids":[]},{"raw_affiliation_string":"Polytechnic University, Brooklyn, NY,#TAB#","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015263584","display_name":"Paolina Centonze","orcid":null},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paolina Centonze","raw_affiliation_strings":["Polytechnic University, Brooklyn, NY","Polytechnic University, Brooklyn, NY,#TAB#"],"affiliations":[{"raw_affiliation_string":"Polytechnic University, Brooklyn, NY","institution_ids":[]},{"raw_affiliation_string":"Polytechnic University, Brooklyn, NY,#TAB#","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5051025628"],"corresponding_institution_ids":["https://openalex.org/I57206974"],"apc_list":null,"apc_paid":null,"fwci":20.8895,"has_fulltext":false,"cited_by_count":43,"citation_normalized_percentile":{"value":0.99094039,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"29","issue":"5","first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7721492052078247},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7334087491035461},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.7270017862319946},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6624156832695007},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6128652691841125},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.5532500147819519},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5392938852310181},{"id":"https://openalex.org/keywords/application-server","display_name":"Application server","score":0.4436298608779907},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4323854446411133},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.4276394546031952},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4229260981082916},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4123963415622711},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.37642163038253784},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33621931076049805},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.27598756551742554},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.18979176878929138},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.11827820539474487},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10467833280563354}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7721492052078247},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7334087491035461},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.7270017862319946},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6624156832695007},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6128652691841125},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.5532500147819519},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5392938852310181},{"id":"https://openalex.org/C164554305","wikidata":"https://www.wikidata.org/wiki/Q71550","display_name":"Application server","level":2,"score":0.4436298608779907},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4323854446411133},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.4276394546031952},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4229260981082916},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4123963415622711},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.37642163038253784},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33621931076049805},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.27598756551742554},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.18979176878929138},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.11827820539474487},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10467833280563354},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1022494.1022530","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1022494.1022530","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.88.6032","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.88.6032","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cis.poly.edu/gnaumovi/papers/j2ee-tavweb.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5699999928474426}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1498972620","https://openalex.org/W1504054062","https://openalex.org/W1575454865","https://openalex.org/W2006688370","https://openalex.org/W2014435926","https://openalex.org/W2046699259","https://openalex.org/W2060440626","https://openalex.org/W2077850509","https://openalex.org/W2087252615","https://openalex.org/W2088017390","https://openalex.org/W2089507241","https://openalex.org/W2091712649","https://openalex.org/W2099106391","https://openalex.org/W2103543337","https://openalex.org/W2107370049","https://openalex.org/W2125000816","https://openalex.org/W2136296832","https://openalex.org/W2141589207","https://openalex.org/W2154061425","https://openalex.org/W2163405904","https://openalex.org/W2166602595","https://openalex.org/W2368092000","https://openalex.org/W3102845218","https://openalex.org/W4241686744","https://openalex.org/W6672397327","https://openalex.org/W6764000109","https://openalex.org/W7009531935","https://openalex.org/W7029175186"],"related_works":["https://openalex.org/W2393973626","https://openalex.org/W2107355607","https://openalex.org/W2105261429","https://openalex.org/W2012419258","https://openalex.org/W318167434","https://openalex.org/W1482564230","https://openalex.org/W4285408982","https://openalex.org/W2127259385","https://openalex.org/W2004929657","https://openalex.org/W2472629561"],"abstract_inverted_index":{"This":[0],"work":[1],"describes":[2],"a":[3,72],"new":[4],"technique":[5,74,93],"for":[6,75],"analysis":[7,96],"of":[8,64,86],"Java":[9,19],"2,":[10],"Enterprise":[11,18],"Edition":[12],"(J2EE)":[13],"applications.":[14],"In":[15],"such":[16],"applications,":[17],"Beans":[20],"(EJBs)":[21],"are":[22,102,119],"commonly":[23],"used":[24],"to":[25,35,43,83,97,121,128],"encapsulate":[26],"the":[27],"core":[28],"computations":[29],"performed":[30],"on":[31,112],"Web":[32],"servers.":[33],"Access":[34],"EJBs":[36,87],"is":[37],"protected":[38],"by":[39,104],"application":[40],"servers,":[41],"according":[42],"role-based":[44],"access":[45,78,116],"control":[46,79,117],"policies":[47,59,80,118],"that":[48,125],"may":[49,60,126],"be":[50],"created":[51],"either":[52],"at":[53],"development":[54],"or":[55,109],"deployment":[56],"time.":[57],"These":[58],"prohibit":[61],"some":[62],"types":[63],"users":[65],"from":[66],"accessing":[67],"specific":[68],"EJB":[69,106],"methods.We":[70],"present":[71],"static":[73],"analyzing":[76],"J2EE":[77,115],"with":[81],"respect":[82],"security-sensitive":[84],"fields":[85,101],"and":[88],"other":[89],"server-side":[90],"objects.":[91],"Our":[92],"uses":[94],"points-to":[95],"determine":[98],"which":[99,105],"object":[100],"accessed":[103],"methods,":[107],"directly":[108],"indirectly.":[110],"Based":[111],"this":[113],"information,":[114],"analyzed":[120],"identify":[122],"potential":[123],"inconsistencies":[124],"lead":[127],"security":[129],"holes.":[130]},"counts_by_year":[{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2014,"cited_by_count":3},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}