للكاتبين :
Doaa Hassan1, Sherif El-Kassas2, Ibrahim Ziedan3
1 Department of computer and Systems, National Telecommunication Institute
2 Department of computer science, American University in Cairo
3 Department of computer and Systems, Zagazig University
ABSTRACT
The Lack of security policy enforcement in web development languages is one of the most
important challenges in web application systems development, as there is no formal check for
security policy violation that may occur during web application system development. To
check for policy compliance, the programmer must walk through all the code and check every
line to make sure that there are no security violations. For example, a developer may develop
a web application system connected to data base that seems to work properly, but it can make
a certain security policy violation by permitting unauthorized users to access the data base
system. This paper propose a solution for the above problem by developing a new secure web
development language called Jif server pages (JIFSP), that acts as a front-end to the java
information flow language (Jif), a security-typed programming language that extends Java
with support for information flow control and access control, both at compile time and at run
time. Our new web development language consists of static part written in HTML and
dynamic part written in Jif language that makes flow control and access control in web
application system and check it for security policy violation specially when connecting to
Database.