Using Aspect Programming to Secure Web Applications

Gabriel Hermosillo 1 Roberto Gomez 1 Lionel Seinturier 2 Laurence Duchien 2
2 JACQUARD - Weaving of Software Components
LIFL - Laboratoire d'Informatique Fondamentale de Lille, Inria Lille - Nord Europe
Abstract : As the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.
Type de document :
Article dans une revue
Journal of Software, Science in China Press, 2007, 6 (2), pp.53-63
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00202894
Contributeur : Lionel Seinturier <>
Soumis le : mardi 8 janvier 2008 - 13:57:21
Dernière modification le : jeudi 11 janvier 2018 - 06:19:48
Document(s) archivé(s) le : mardi 13 avril 2010 - 16:41:39

Fichier

JSW90164_new.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00202894, version 1

Collections

Citation

Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien. Using Aspect Programming to Secure Web Applications. Journal of Software, Science in China Press, 2007, 6 (2), pp.53-63. 〈inria-00202894〉

Partager

Métriques

Consultations de la notice

331

Téléchargements de fichiers

985