Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

Damien Doligez; Christèle Faure; Thérèse Hardin; Manuel Maarek

doi:10.1109/ICSE.2015.149

Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

Damien Doligez, Christèle Faure, Thérèse Hardin, Manuel Maarek

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

87 Downloads (Pure)

Abstract

While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.

Original language	English
Title of host publication	2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE)
Publisher	IEEE
Pages	209-218
Number of pages	10
Volume	2
ISBN (Electronic)	9781479919345
DOIs	https://doi.org/10.1109/ICSE.2015.149
Publication status	Published - 17 Aug 2015
Event	37th IEEE International Conference on Software Engineering 2015 - Florence, Italy Duration: 16 May 2015 → 24 May 2015

Conference

Conference	37th IEEE International Conference on Software Engineering 2015
Abbreviated title	ICSE 2015
Country/Territory	Italy
City	Florence
Period	16/05/15 → 24/05/15

Access to Document

10.1109/ICSE.2015.149

Download pdf
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 276 KBLicence: Copyright Publisher

Manuel Maarek
- M.Maarekhw.acuk
- School of Mathematical & Computer Sciences - Associate Professor
- School of Mathematical & Computer Sciences, Computer Science - Associate Professor
Person: Academic (Research & Teaching)

Cite this

@inproceedings{8b6f7693da7f4739a1da34b4c4cede6f,

title = "Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator",

abstract = "While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.",

author = "Damien Doligez and Christ{\`e}le Faure and Th{\'e}r{\`e}se Hardin and Manuel Maarek",

note = "INSPEC Accession Number: 15367181; 37th IEEE International Conference on Software Engineering 2015, ICSE 2015 ; Conference date: 16-05-2015 Through 24-05-2015",

year = "2015",

month = aug,

day = "17",

doi = "10.1109/ICSE.2015.149",

language = "English",

volume = "2",

pages = "209--218",

booktitle = "2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE)",

publisher = "IEEE",

address = "United States",

}

Doligez, D, Faure, C, Hardin, T & Maarek, M 2015, Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator. in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE). vol. 2, IEEE, pp. 209-218, 37th IEEE International Conference on Software Engineering 2015, Florence, Italy, 16/05/15. https://doi.org/10.1109/ICSE.2015.149

Avoiding Security Pitfalls with Functional Programming : A Report on the Development of a Secure XML Validator. / Doligez, Damien; Faure, Christèle; Hardin, Thérèse et al.

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE). Vol. 2 IEEE, 2015. p. 209-218.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Avoiding Security Pitfalls with Functional Programming

T2 - 37th IEEE International Conference on Software Engineering 2015

AU - Doligez, Damien

AU - Faure, Christèle

AU - Hardin, Thérèse

AU - Maarek, Manuel

N1 - INSPEC Accession Number: 15367181

PY - 2015/8/17

Y1 - 2015/8/17

N2 - While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.

AB - While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as part of the LaFoSec Study which aimed at investigating the impact of using functional languages for security. We then turned the validator into an industrial application, which was successfully evaluated at EAL4+ level by independent assessors. In this paper, we explain the challenges involved in processing XML data in a critical context, we describe our choices in designing a secure XML validator, and we detail how we used features of functional languages to enforce security requirements.

U2 - 10.1109/ICSE.2015.149

DO - 10.1109/ICSE.2015.149

M3 - Conference contribution

VL - 2

SP - 209

EP - 218

BT - 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE)

PB - IEEE

Y2 - 16 May 2015 through 24 May 2015

ER -

Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator

Abstract

Conference

Access to Document

Fingerprint

Profiles

Manuel Maarek

Cite this