Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functiona...

Full description

Saved in:
Bibliographic Details
Main Authors: Doligez, Damien, Faure, Christele, Hardin, Therese, Maarek, Manuel
Format: Conference Proceeding
Language:English
Subjects:
Computer crime
Context
Functional Programming
Security
Software engineering
Syntactics
XML
XML Security
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.
ISSN:0270-5257
1558-1225
DOI:10.1109/ICSE.2015.149