A formal model of web application firewall security capabilities

Dario Marchitelli

A formal model of web application firewall security capabilities.

Rel. Cataldo Basile. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024

PDF (Tesi_di_laurea) - Tesi
Accesso limitato a: Solo utenti staff fino al 30 Aprile 2026 (data di embargo).
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (2MB)

Abstract

This thesis presents a novel approach to enhance the accessibility and flexibility of application-level security. It introduces a formal model of security controls that abstracts the low-level languages used by different Web Application Firewall (WAF) frameworks. The model is designed to simplify the definition of security capabilities through an XML-based abstract language, allowing administrators to specify security controls without needing detailed knowledge of the underlying frameworks. The model is enforced by a Java tool that translates the abstract language into framework-specific rules, addressing the challenges posed by the proliferation of diverse security tools. This approach reduces the risk of technology lock-in, enabling easier adoption of newer, more advanced frameworks.

The thesis shows how this model can be extended to support the widely used ModSecurity framework, incorporating key features such as HTTP request and response body inspection, as well as user-defined variable management

Relatori

Cataldo Basile

Anno Accademico

2024/25

Tipo di pubblicazione

Elettronica

Numero di pagine

141

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

URI

https://webthesis.biblio.polito.it/id/eprint/33054

Modifica (riservato agli operatori)