Title: Security in Depth Requires Secure Programming Languages Too

Year of Publication: Nov - 2014
Page Numbers: 24-30
Authors: Walid Al-Ahmad, Preeti Kolekar
Conference Name: The International Conference on Cyber-Crime Investigation and Cyber Security (ICCICS2014)
- Malaysia


Secure software development has received lots of attention in recent years due to the rise of security breaches attributed to software problems. There have been several studies that address software security from different perspectives: security requirements, security modeling, security testing, security best practices and standards, static and dynamic analysis tools, etc. However, there has been no or little research done in the area of secure programming languages. Therefore, language–level support for secure coding warrants further attention and interest. This work is an attempt to shed light on the requirements in terms of language constructs that must be available in popular and widely used object-oriented programming languages to build secure software. This research work focuses on the most common security vulnerabilities and proposes mitigation strategies in terms of language-level constructs and mechanisms.