Title :
Improving perimeter security with security-oriented program transformations
Author :
Hafiz, Munawar ; Johnson, Ralph E.
Author_Institution :
Univ. of Illinois at Urbana-Champaign, Urbana, IL
Abstract :
A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a protection mechanism to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of transformations [8], and showed how program transformations could be applied to systematically eradicate various types of data injection attacks [9]. This paper shows how security-oriented program transformations could be used to improve the security of a system´s perimeter by introducing authentication, authorization and input validation components. The program transformation examples in this paper are JAVA specific, but the transformations could be implemented to use other authentication and authorization frameworks.
Keywords :
object-oriented programming; security of data; JAVA; data injection attack; perimeter security; security-augmented program; security-oriented program transformation; Authentication; Authorization; Conferences; Data security; Design engineering; Filters; Java; Programming profession; Protection; Writing;
Conference_Titel :
Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3725-2
DOI :
10.1109/IWSESS.2009.5068460
