DocumentCode
2855542
Title
Developing a Security Typed Java Servlet
Author
Hassan, Doaa ; El-Kassas, S. ; Ziedan, Ibrahim
Author_Institution
Nat. Telecomm. Inst., Cairo
fYear
2008
fDate
8-10 Sept. 2008
Firstpage
215
Lastpage
220
Abstract
The Lack of security policy enforcement in Web development languages is one of the most important challenges in Web application systems development, as there is no formal check for security policy violation that may occur during Web application system development. To check for policy compliance, the programmer must walk through all the code and check every line to make sure that there are no security violations. For example, a developer may develop a Web application system connected to data base that seems to work properly, but it can make a certain security policy violation by permitting unauthorized users to access the data base system. This paper proposes a solution for the above problem by developing and application of a security typed Java servlet that can run on the Web server side safely. This servlet is developed by embedding the Java code produced by compiling the Java information flow language (Jif) (a security-typed programming language that extends Java with support for information flow control and access control, both at compile time and at run time) into a servlet code format. The code produced by compiling Jif language is security typed and support servlet with means of flow control and access control. Hence we can guarantee that when we run this servlet into a Web application system it will check input data trough the Web application system for security policy violation.
Keywords
Internet; Java; authorisation; file servers; program compilers; program diagnostics; Java information flow language compiler; Web application system development language; Web server; access control; database system; dynamic checking; policy compliance; security typed Java servlet; static checking; Access control; Computer languages; Data security; Databases; Information security; Java; National security; Runtime environment; Telecommunications; Web server; Information flow control; Java servlet; Jif; web application system;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
Conference_Location
Naples
Print_ISBN
978-0-7695-3324-7
Type
conf
DOI
10.1109/IAS.2008.31
Filename
4627088
Link To Document