DESIGN OF A SECURE WEB –APPLICATION DEVELOPMENT LANGUAGE

للكاتبين :

Doaa Hassan1, Sherif El-Kassas2, Ibrahim Ziedan3

1 Department of computer and Systems, National Telecommunication Institute

2 Department of computer science, American University in Cairo

3 Department of computer and Systems, Zagazig University

ABSTRACT

The Lack of security policy enforcement in web development languages is one of the most

important challenges in web application systems development, as there is no formal check for

security policy violation that may occur during web application system development. To

check for policy compliance, the programmer must walk through all the code and check every

line to make sure that there are no security violations. For example, a developer may develop

a web application system connected to data base that seems to work properly, but it can make

a certain security policy violation by permitting unauthorized users to access the data base

system. This paper propose a solution for the above problem by developing a new secure web

development language called Jif server pages (JIFSP), that acts as a front-end to the java

information flow language (Jif), a security-typed programming language that extends Java

with support for information flow control and access control, both at compile time and at run

time. Our new web development language consists of static part written in HTML and

dynamic part written in Jif language that makes flow control and access control in web

application system and check it for security policy violation specially when connecting to

Database.

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني.