Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

Damien Doligez, Christèle Faure, Thérèse Hardin, Manuel Maarek

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)
87 Downloads (Pure)

Abstract

While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.
Original languageEnglish
Title of host publication2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE)
PublisherIEEE
Pages209-218
Number of pages10
Volume2
ISBN (Electronic)9781479919345
DOIs
Publication statusPublished - 17 Aug 2015
Event37th IEEE International Conference on Software Engineering 2015 - Florence, Italy
Duration: 16 May 201524 May 2015

Conference

Conference37th IEEE International Conference on Software Engineering 2015
Abbreviated titleICSE 2015
Country/TerritoryItaly
CityFlorence
Period16/05/1524/05/15

Fingerprint

Dive into the research topics of 'Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator'. Together they form a unique fingerprint.

Cite this