• DocumentCode
    2855542
  • Title

    Developing a Security Typed Java Servlet

  • Author

    Hassan, Doaa ; El-Kassas, S. ; Ziedan, Ibrahim

  • Author_Institution
    Nat. Telecomm. Inst., Cairo
  • fYear
    2008
  • fDate
    8-10 Sept. 2008
  • Firstpage
    215
  • Lastpage
    220
  • Abstract
    The Lack of security policy enforcement in Web development languages is one of the most important challenges in Web application systems development, as there is no formal check for security policy violation that may occur during Web application system development. To check for policy compliance, the programmer must walk through all the code and check every line to make sure that there are no security violations. For example, a developer may develop a Web application system connected to data base that seems to work properly, but it can make a certain security policy violation by permitting unauthorized users to access the data base system. This paper proposes a solution for the above problem by developing and application of a security typed Java servlet that can run on the Web server side safely. This servlet is developed by embedding the Java code produced by compiling the Java information flow language (Jif) (a security-typed programming language that extends Java with support for information flow control and access control, both at compile time and at run time) into a servlet code format. The code produced by compiling Jif language is security typed and support servlet with means of flow control and access control. Hence we can guarantee that when we run this servlet into a Web application system it will check input data trough the Web application system for security policy violation.
  • Keywords
    Internet; Java; authorisation; file servers; program compilers; program diagnostics; Java information flow language compiler; Web application system development language; Web server; access control; database system; dynamic checking; policy compliance; security typed Java servlet; static checking; Access control; Computer languages; Data security; Databases; Information security; Java; National security; Runtime environment; Telecommunications; Web server; Information flow control; Java servlet; Jif; web application system;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
  • Conference_Location
    Naples
  • Print_ISBN
    978-0-7695-3324-7
  • Type

    conf

  • DOI
    10.1109/IAS.2008.31
  • Filename
    4627088