Improving perimeter security with security-oriented program transformations (original) (raw)

2009, 2009 ICSE Workshop on Software Engineering for Secure Systems

A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a security solution to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of program transformations [8], and showed how program transformations could be applied to systematically eradicate various types of data injection attacks [9]. This paper shows how securityoriented program transformations could be used to improve the security of a system's perimeter by introducing authentication, authorization and input validation components. The program transformation examples in this paper are JAVA specific, but the transformations could be implemented to use other authentication and authorization frameworks.