Title :
iLayer: Toward an Application Access Control Framework for Content Management Systems
Author :
Cheek, Gorrell ; Shehab, Mohamed ; Ung, Truong ; Williams, Ebonie
Author_Institution :
Dept. of Software & Inf. Syst., Univ. of North Carolina at Charlotte, Charlotte, NC, USA
Abstract :
Content Management Systems (CMS) simplify the process of web content creation, publication, and management. Many CMS platforms are extensible via third party developed applications providing additional functionality such as search, site navigation, and location services. However, most CMS platforms don´t have manageable access control mechanisms that regulate third party applications. Unfettered and unchecked access of third party applications is a security vulnerability that puts web sites at risk. We introduce iLayer - an Application Access Control Framework for Content Management Systems. iLayer is a least privilege based model that protects content management systems from third party developed applications. iLayer makes policy recommendations to CMS administrators for third party applications. These policies are reviewed and set by the CMS administrator and enforced by the iLayer Framework. To verify the feasibility of our approach, we implemented a prototype of our framework on a popular open source content management system.
Keywords :
Internet; authorisation; content management; Web content creation; Web content management; Web content publication; application access control; content management system; iLayer framework; Access control; Content management; Databases; Libraries; Thumb; Web sites;
Conference_Titel :
Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-9879-6
Electronic_ISBN :
978-0-7695-4330-7
DOI :
10.1109/POLICY.2011.28
