Avoiding Security Pitfalls with Functional Programming : A Report on the Development of a Secure XML Validator
- Submitting institution
-
Heriot-Watt University
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 15020173
- Type
- E - Conference contribution
- DOI
-
10.1109/ICSE.2015.149
- Title of conference / published proceedings
- 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE)
- First page
- 209
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- August
- Year of publication
- 2015
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 2
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Paper at highly competitive `Software engineering in practice’ track (23/102=22.5%) premier international conference: https://ieeexplore.ieee.org/document/7202939 Research funded by French equivalent to GCHQ (ANSSI): https://www.ssi.gouv.fr/publication/lafosec-securite-et-langages-fonctionnels/ Our language-based solution was incorporated in a SafeRiver product that was externally assessed with EAL4+ Common Criteria international rating (Véronique Delebarre, veronique.delebarre@safe-river.com ). The paper provides a methodology for applying language-based solutions to industrial software security and still stands as a rare, example of industrial use of functional programming. Maarek was the primary author of the paper (authors listed alphabetically). The paper reports on work of the LaFoSec project and of a project conducted at SafeRiver SME.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -
