AProSec: an Aspect for Programming Secure Web Applications

Abstract : Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With Aspect-Oriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in web servers. We experiment this aspect with the AspectJ language and the JBoss AOP framework. With this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.
Type de document :
Communication dans un congrès
The International Dependability Conference (ARES), 2007, Barcelona, Spain. pp.1026-1033, 2007
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00155086
Contributeur : Lionel Seinturier <>
Soumis le : vendredi 15 juin 2007 - 13:02:42
Dernière modification le : jeudi 11 janvier 2018 - 06:20:12
Document(s) archivé(s) le : jeudi 8 avril 2010 - 20:23:15

Fichier

ARES.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00155086, version 1

Collections

Citation

Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien. AProSec: an Aspect for Programming Secure Web Applications. The International Dependability Conference (ARES), 2007, Barcelona, Spain. pp.1026-1033, 2007. 〈inria-00155086〉

Partager

Métriques

Consultations de la notice

224

Téléchargements de fichiers

956