Definition of Integrity Policies for Web- based Applications Paloma Dfaz 1 , Ignacio Aedo 1 and Fivos Panetsos 2 1 Laboratorio DEI. Departamento de Informatica. Universidad Carlos III de Madrid. Avda. de la Universidad 30. E-289Jl Leganes. 2 Departamento de Ingenier(a Electrica, Electr6nica y Control. Universidad Nacional de Educaci6n a Distancia. Senda del Rey sin. Madrid. Key words: Abstract: information integrity; security model; security policy; hypermedia; web-based applications; hypermedia models. The increasing popularity of web systems has put stress on the importance of their security and, particularly, on the need for preserving the integrity of the information they hold. Information integrity has to be faced from the application point of view, where security models offer mechanisms to establish which kinds of manipulation activities are considered as improper for each meaningful information unit and each authorized user or user's role. In this paper, we present a security model aimed at helping designers in the specification of the security policy that will be applied to preserve information integrity within the domain of web-based applications. This model provides two security mechanisms: an access list, managed in a decentralised way, used to deny access to specific users; and a clearance function used to define the manipulation abilities of users for particular domains. 1. INTRODUCTION The increasing popularity of web systems has put stress on the importance of their security and, particularly, on the need for preserving the integrity of the information they hold. Thousands of companies all over the world are trying to use their web sites as new markets without frontiers where they can sell and buy their merchandises at any time, for which they need to rely on the safety of their systems. Moreover, all kinds of organisations are using the web as a communication mean, both as an extranet and intranet, where they are putting a great bulk of information that should not be damaged by users, whether deliberately or not. Thus, information integrity has become a key requirement for most web sites and it has received a lot of attention from the communications point of view, where mechanisms such as M. E. van Biene-Hershey et al. (eds.), Integrity and Internal Control in Information Systems ©IFIP International Federation for Information Processing 2000 The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35501-6_14