AProSec: an Aspect for Programming Secure Web Applications

Author

Hermosillo, Gabriel ; Gomez, Roberto ; Seinturier, Lionel ; Duchien, Laurence

Author_Institution

Dpto. Ciencias Computacionales, ITESM-CEM, Mexico

fYear

2007

fDate

10-13 April 2007

Firstpage

1026

Lastpage

1033

Abstract

Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With aspect-oriented programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in Web servers. We experiment this aspect with the AspectJ language and the JBoss AOP framework. With this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP

Keywords

Internet; SQL; object-oriented programming; security of data; AProSec; AspectJ language; Cross Scripting Site; JBoss AOP framework; SQL injection; Web server attacks; aspect-oriented programming; secure Web application; security functions; security policies; software development; Application software; Data security; Databases; Information security; Programming; Runtime; Service oriented architecture; Software systems; Web server; Writing;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.43

Filename

4159905