AProSec: an Aspect for Programming Secure Web Applications

Vienna, Austria April 10-April 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ARES.2007.43

The Second International Conference o ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Gabriel Hermosillo Articles by Roberto Gomez Articles by Lionel Seinturier Articles by Laurence Duchien

	ASCII Text	x
	Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien, "AProSec: an Aspect for Programming Secure Web Applications," Availability, Reliability and Security, International Conference on, pp. 1026-1033, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007.

	BibTex	x
	@article{ 10.1109/ARES.2007.43, author = {Gabriel Hermosillo and Roberto Gomez and Lionel Seinturier and Laurence Duchien}, title = {AProSec: an Aspect for Programming Secure Web Applications}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2775-2}, pages = {1026-1033}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2007.43}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - AProSec: an Aspect for Programming Secure Web Applications SN - 0-7695-2775-2 SP1026 EP1033 A1 - Gabriel Hermosillo, A1 - Roberto Gomez, A1 - Lionel Seinturier, A1 - Laurence Duchien, PY - 2007 KW - null VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Gabriel Hermosillo, ITESM-CEM-Dpto. Ciencias Computacionales, Mexico

Roberto Gomez, ITESM-CEM-Dpto. Ciencias Computacionales, Mexico

Lionel Seinturier, LIFL - INRIA Jacquard Project, France

Laurence Duchien, LIFL - INRIA Jacquard Project, France

Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With Aspect-Oriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in web servers. We experiment this aspect with the AspectJ language and the JBoss AOP framework. With this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.

Citation:

Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien, "AProSec: an Aspect for Programming Secure Web Applications," ares, pp.1026-1033, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.