• DocumentCode
    1635005
  • Title

    Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

  • Author

    Doligez, Damien ; Faure, Christele ; Hardin, Therese ; Maarek, Manuel

  • Author_Institution
    Inria, Le Chesnay, France
  • Volume
    2
  • fYear
    2015
  • Firstpage
    209
  • Lastpage
    218
  • Abstract
    While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.
  • Keywords
    XML; security of data; LaFoSec Study; OCaml functional language; XML data processing; extensible markup language; functional programming; secure XML validator; security pitfalls avoidance; security policy; security requirements; Computer crime; Context; Software engineering; Standards; Syntactics; XML; Functional Programming; Security; Software Engineering; XML Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on
  • Conference_Location
    Florence
  • Type

    conf

  • DOI
    10.1109/ICSE.2015.149
  • Filename
    7202965
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1635005