An endto-end security auditing approach for service oriented architectures, SRDS, pp.279-284, 2012. ,
Privacy Administration in Distributed Service Infrastructure, SecureComm, pp.53-70, 2010. ,
DOI : 10.1109/TMC.2007.1062
Sécurité des systèmes d'information. Centre d'expertise gouvernemental de réponse et de traitement des attaques informatiques, 2013. ,
Enterprise privacy authorization language (epal), 2003. ,
Implementing p3p using database technology, Data Engineering, 2003. Proceedings. 19th International Conference on, pp.595-606, 2003. ,
Amazon Simple Storage Service REST Security Model, 2006. ,
Nora Cuppens- Boulahia, and Frédéric Cuppens Privcomp: a privacy-aware data service composition system, EDBT, pp.757-760, 2013. ,
Purpose based access control of complex data for privacy protection, Proceedings of the tenth ACM symposium on Access control models and technologies , SACMAT '05, pp.102-110, 2005. ,
DOI : 10.1145/1063979.1063998
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications, 2008 IEEE Symposium on Security and Privacy (sp 2008), pp.387-401, 2008. ,
DOI : 10.1109/SP.2008.22
A meta-object protocol for secure composition of security mechanisms, Workshop on Advanced Separation of Concerns, 2000. ,
An aspect oriented approach for security hardening : semantic foundations, 2008. ,
Web services architecture, pp.991-100, 2004. ,
Using program slicing to analyze aspect oriented composition, FOAL: Foundations Of Aspect-Oriented Languages, pp.25-30, 2004. ,
Matching privacy policies and preferences: Access control, obligatons, authorisations, and downstream usage, Privacy and Identity Management for Life, pp.117-134, 2011. ,
DOI : 10.1007/978-3-642-20317-6_17
Enterprise security aspects ,
Jsr 303: Bean validation, bean validation expert group, 2009. ,
Reference monitors for security and interoperability in oauth 2.0, 6th International Workshop on Autonomous and Spontaneous Security, 2013. ,
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OC- TAVE) ,
Aspect-Oriented Workflow Languages, 2007. ,
DOI : 10.1007/11914853_12
URL : http://tuprints.ulb.tu-darmstadt.de/852/1/thesischarfifinal.pdf
The web application vulnerability scanner evaluation project -v1.2. https://code.google.com, 2012. ,
Security guidance for critical areas of focus in cloud computing v2.1, 2009. ,
Vulnerability type distributions in cve, 2007. ,
Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language, p.3, 2007. ,
Precise analysis of string expressions, Proc. 10th International Static Analysis Symposium, SAS'03, pp.1-18, 2003. ,
Rewriting aggregate queries using views, Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems , PODS '99, pp.155-166, 1999. ,
DOI : 10.1145/303976.303992
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.4880
AspectJ2EE = AOP + J2EE Towards an Aspect Based, Programmable and Extensible Middleware Framework, European Conference on Object-Oriented Programming, 2004. ,
Applying Aspect-Oriented Software Development to Middleware Frameworks, 2007. ,
Conceptual modeling: Foundations and applications. chapter On Non-Functional Requirements in Software Engineering, Cra03] L.F. Cranor. P3p: making privacy policies more useful. Security Privacy, pp.363-37950, 2003. ,
Reflections on MOP s, Components, and Java Security, Lecture Notes in Computer Science, vol.2072, pp.256-274, 2001. ,
DOI : 10.1007/3-540-45337-7_14
An Aspect-Oriented Approach to Privacy-Aware Access Control, 2007 International Conference on Machine Learning and Cybernetics, pp.3016-3021, 2007. ,
DOI : 10.1109/ICMLC.2007.4370665
Crypto++ 5.6.0 benchmarks, 2009. ,
Automatic detection and correction of programming faults for software applications, Journal of Systems and Software, vol.78, issue.2, pp.101-110, 2005. ,
DOI : 10.1016/j.jss.2005.02.027
SSVChecker, Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange , eclipse '06, pp.30-34, 2006. ,
DOI : 10.1145/1188835.1188842
Survey and requirements analysis. Deliverable D1.1, The CESSA project, pp.1-1, 2010. ,
Architecting secure software systems using an aspect-oriented approach: A survey of current research, 2006. ,
Hipolds: A security policy language for distributed systems, Lecture Notes in Computer Science, vol.7322, pp.97-112, 2012. ,
Hipolds: A security policy language for distributed systems, Workshop in Information Security Theory and Practice, 2012. ,
HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems, Information Security Technical Report, vol.17, issue.3, pp.81-92, 2013. ,
DOI : 10.1016/j.istr.2012.10.002
Facebook Authentication, p.2012 ,
Architectural styles and the design of network-based software architectures, 2000. ,
The open web application security project (owasp foundation ) owasp testing guide v3 ,
StrongAspectJ, Proceedings of the 7th international conference on Aspect-oriented software development , AOSD '08, pp.60-71, 2008. ,
DOI : 10.1145/1353482.1353491
Security vulnerabilities detection and protection using eclipse, Proceedings of ECLIPSE-IT 2011, 2011. ,
Breach: Reviving the crime attack, BlackHat, 2013. ,
The most dangerous code in the world: validating ssl certificates in non-browser software, ACM Conference on Computer and Communications Security, pp.38-49, 2012. ,
Java(TM) Language Specification, 2005. ,
Security multiparts for mime: Multipart/signed and multipart/encrypted, 1995. ,
DOI : 10.17487/rfc1847
JDBC checker: a static analysis tool for SQL/JDBC applications, Proceedings. 26th International Conference on Software Engineering, pp.697-698, 2004. ,
DOI : 10.1109/ICSE.2004.1317494
The oauth 1.0 protocol, 2010. ,
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations, Proceedings of the 1st International Symposium on Engineering Secure Software and Systems, ESSoS '09, pp.75-90, 2009. ,
DOI : 10.1007/3-540-45127-7_27
Oauth bearer tokens are a terrible idea, 2010. ,
Dynamic Taint Propagation for Java, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.303-311, 2005. ,
DOI : 10.1109/CSAC.2005.21
Static analysis of aspect interaction and composition in component models, Proceedings of the 10th ACM international conference on Generative programming and component engineering, GPCE '11, pp.43-52, 2011. ,
DOI : 10.1145/2047862.2047871
URL : https://hal.archives-ouvertes.fr/hal-00606270
A join point for loops in AspectJ, Proceedings of the 5th international conference on Aspect-oriented software development , AOSD '06, pp.63-74, 2006. ,
DOI : 10.1145/1119655.1119666
Using positive tainting and syntax-aware evaluation to counter sql injection attacks, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, SIGSOFT '06/FSE-14, pp.175-185, 2006. ,
Validating objects through metadata, 2005. ,
Fortify 360. https://www.fortify.com, 2012. ,
Tools for design of composite Web services, Proceedings of the 2004 ACM SIGMOD international conference on Management of data , SIGMOD '04, pp.958-961, 2004. ,
DOI : 10.1145/1007568.1007722
Intrusion detection in distributed systems, an approach based on taint marking, 2013 IEEE International Conference on Communications (ICC), 2013. ,
DOI : 10.1109/ICC.2013.6654811
URL : https://hal.archives-ouvertes.fr/hal-00840338
Policy-based intrusion detection in web applications by monitoring java information flows, CRiSIS, pp.53-60, 2008. ,
URL : https://hal.archives-ouvertes.fr/hal-00448139
Toward a reusable and generic security aspect library ,
Securing web application code by static analysis and runtime protection, Proceedings of the 13th conference on World Wide Web , WWW '04, pp.40-52, 2004. ,
DOI : 10.1145/988672.988679
A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004., pp.145-151, 2004. ,
DOI : 10.1109/AINA.2004.1283902
Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile, 2008. ,
Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, pp.711-716, 2009. ,
DOI : 10.1109/DASC.2009.139
Evolving Security Requirements in Multi-layered Service-Oriented-Architectures, Lecture Notes in Computer Science, vol.7122, issue.11, pp.190-205, 2011. ,
DOI : 10.1007/978-3-642-28879-1_13
URL : https://hal.archives-ouvertes.fr/inria-00614163
SMask, Proceedings of the 2007 ACM symposium on Applied computing , SAC '07, pp.284-291, 2007. ,
DOI : 10.1145/1244002.1244071
Secure Code Generation for Web Applications, ESSoS, pp.96-113, 2010. ,
DOI : 10.1007/978-3-642-11747-3_8
An insight of ssl security attacks, International Journal of Research in Engineering and Applied Sciences, vol.3, pp.52-61, 2013. ,
Pixy: A static analysis tool for detecting web application vulnerabilities (short paper), SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp.258-263, 2006. ,
Precise alias analysis for static detection of web application vulnerabilities, Proceedings of the 2006 workshop on Programming languages and analysis for security , PLAS '06, pp.27-36, 2006. ,
DOI : 10.1145/1134744.1134751
Defeating script injection attacks with browser-enforced embedded policies, Proceedings of the 16th international conference on World Wide Web , WWW '07, pp.601-610, 2007. ,
DOI : 10.1145/1242572.1242654
The art of the metaobject protocol, 1991. ,
Aspect-Oriented Programming -The Fun Has Just Begun, Vanderbilt Workshop, New Visions for Software Design & Productivity: Research & Applications. Participant White Papers, 2001. ,
Noxes, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, pp.330-337, 2006. ,
DOI : 10.1145/1141277.1141357
Aspect-oriented programming, Lecture Notes in Computer Science, vol.1241, pp.220-242, 1997. ,
DOI : 10.1007/BFb0053381
Why Developers Insert Security Vulnerabilities into Their Code, 2009 Second International Conferences on Advances in Computer-Human Interactions, pp.289-294, 2009. ,
DOI : 10.1109/ACHI.2009.18
URL : http://dx.doi.org/10.1109/ACHI.2009.18
Limiting Disclosure in Hippocratic Databases, pp.108-119 ,
DOI : 10.1016/B978-012088469-8.50013-9
A Privacy Awareness System for Ubiquitous Computing Environments, UbiComp 2002: Ubiquitous Computing, pp.315-320, 2002. ,
DOI : 10.1007/3-540-45809-3_19
OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications, 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp.634-643, 2010. ,
DOI : 10.1109/CloudCom.2010.13
RESTful Web services and signatures [Las13] Tasos Laskos. Arachni 0.4.2 -web application security scanner framework, 2010. ,
Data Abstraction and Hierarchy, Sigplan Notices, 1988. ,
DOI : 10.1145/62139.62141
Description of securibench applications, 2005. ,
1-spec-os-KerberosTokenProfile.pdf SAML Token Profile 1.1. http://www.oasis-open.org/committees/download.php/ 16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf [LKa06c] Kelvin Lawrence, Chris Kaler, and al. UsernameToken Profile 1.1. http://www.oasis-open.org/committees/download.php/ 16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf Finding security vulnerabilities in java applications with static analysis, SSYM'05: Proceedings of the 14th conference on USENIX Security Symposium, pp.18-18, 2005. ,
Static information flow analysis with handling of implicit flows and a study on effects of implicit flows vs explicit flows, Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering, CSMR '10, pp.146-155, 2010. ,
AOP: A historical perspective (What's in a name?), pp.97-122, 2005. ,
Software security patches: Audit, deployment and hot update, Proceedings of the Fourth AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software, 2005. ,
URL : https://hal.archives-ouvertes.fr/inria-00441354
Context-sensitive program analysis as database queries, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems , PODS '05, pp.1-12, 2005. ,
DOI : 10.1145/1065167.1065169
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.9817
Rest and soap and document-oriented ser- vices, 2005. ,
Designing object oriented applications using uml, 2d [Mic] Microsoft Corporation. Crosscutting concerns, 1999. ,
Cwe-20: Improper input validation, 2009. ,
SANS Top 25 Most Dangerous Software Errors, 2011. ,
Dataflow Pointcut in Aspect-Oriented Programming, Lecture Notes in Computer Science, vol.2895, pp.105-121, 2003. ,
DOI : 10.1007/978-3-540-40018-9_8
Webgoat 5.4. https://code. google.com, 2012. ,
An aspect-oriented framework for systematic security hardening of software, 2008. ,
A client-based privacy manager for cloud computing, Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE '09, p.5, 2009. ,
DOI : 10.1145/1621890.1621897
A survey of software refactoring. Software Engineering, IEEE Transactions on, vol.30, issue.2, pp.126-139, 2004. ,
A systemic approach to automate privacy policy enforcement in enterprises, Privacy Enhancing Technologies, pp.118-134, 2006. ,
Explicitly distributed AOP using AWED, Proceedings of the 5th international conference on Aspect-oriented software development , AOSD '06, pp.51-62, 2006. ,
DOI : 10.1145/1119655.1119665
URL : https://hal.archives-ouvertes.fr/inria-00071386
Automatically Hardening Web Applications Using Precise Tainting, SEC, pp.295-308, 2005. ,
DOI : 10.1007/0-387-25660-1_20
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.135.1565
Web Services Security : SOAP Message Security 1.1. http://www. oasis-open.org/committees/wss, 2006. ,
Enforcement of Privacy Preferences in Data Services: A SPARQL Query Rewriting Approach Logique des Usages, Sciences Sociales et de l'Information (Institut Mines-Télécom- Télécom Bretagne-UEB), Lab-STICC -Laboratoire en sciences et technologies de l'information, de la communication et de la connaissance, april 2013. Th. doct. : Informatique, Institut Mines-Télécom- Télécom Bretagne-UEB, 2013. ,
Jac (java aspect components), 2002. ,
Accountability as a Way Forward for Privacy Protection in the Cloud, Lecture Notes in Computer Science, vol.5931, pp.131-144, 2009. ,
DOI : 10.1007/978-3-642-10665-1_12
Personal blog, 2005. ,
Adopting Aspect-Oriented Software Development in Business Application Engineering, 7th International Conference on Aspect-Oriented Development, 2008. ,
An aspect-oriented approach to enhancing multilevel security with usage control: An experience report, Sio Iong Ao IMECS, Lecture Notes in Engineering and Computer Science, pp.1060-1065, 2007. ,
A formal enforcement framework for role-based access control using aspect-oriented programming, MoDELS, pp.537-552, 2005. ,
Defending Against Injection Attacks Through Context-Sensitive String Evaluation, Recent Advances in Intrusion Detection (RAID, 2005. ,
DOI : 10.1007/11663812_7
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.3182
Restful web services vs. "big"' web services, Proceeding of the 17th international conference on World Wide Web , WWW '08, pp.805-814, 2008. ,
DOI : 10.1145/1367497.1367606
The crime attack, Ekoparty, 2012. ,
The oauth 2.0 authorization framework, 2012. ,
W3af 1.0 -open source web application security scanner, 2011. ,
Extending query rewriting techniques for fine-grained access control, Proceedings of the 2004 ACM SIGMOD international conference on Management of data , SIGMOD '04, pp.551-562, 2004. ,
DOI : 10.1145/1007568.1007631
Static enforcement of web application integrity through strong typing, Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pp.283-298, 2009. ,
Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications, Proceedings of Financial Cryptography and Data Security 2011, 2011. ,
DOI : 10.1007/978-3-642-27576-0_24
Aspects and class-based security, Proceedings of the 2nd Workshop on Virtual Machines and Intermediate Languages for emerging modularization mechanisms, VMIL '08, pp.1-3, 2008. ,
DOI : 10.1145/1507504.1507507
Use-case analysis and aspect requirements. Deliverable D3.2, The CESSA project, 2012. ,
Pandemonium: a paradigm for learning, Mechanisation of Thought Processes Proceedings of a Symposium Held at the National Physical Laboratory, pp.513-526, 1958. ,
Towards assisted remediation of security vulnerabilities, The Sixth International Conference on Emerging Security Information, Systems and Technologies, 2012. ,
Pcdiff: Attacking the fragile pointcut problem, abstract, European Interactive Workshop on Aspects in Software, 2004. ,
Secure program execution via dynamic information flow tracking, ACM SIGARCH Computer Architecture News, vol.32, issue.5, pp.85-96, 2004. ,
DOI : 10.1145/1037947.1024404
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.124.341
Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis, 2012 IEEE 36th Annual Computer Software and Applications Conference, pp.233-243, 2012. ,
DOI : 10.1109/COMPSAC.2012.34
Abstracting application-level web security, Proceedings of the eleventh international conference on World Wide Web , WWW '02, pp.396-407, 2002. ,
DOI : 10.1145/511446.511498
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.121.8412
Enabling message security for restful services, 19th International Conference on Web Services, p.2012 ,
Enforcing Input Validation through Aspect Oriented Programming, SETOP 2013, 6th International Workshop on Autonomous and Spontaneous Security, pp.12-13 ,
DOI : 10.1007/978-3-642-54568-9_20
Optimizing Web services performance by differential deserialization, IEEE International Conference on Web Services (ICWS'05), pp.185-192, 2005. ,
DOI : 10.1109/ICWS.2005.87
Eliminating sql injection and cross site scripting using aspect oriented programming [Swe02] L. Sweeney. k-anonymity: A model for protecting privacy, International Symposium on Engineering Secure Software and System (ESSoS 13), pp.557-570, 2002. ,
DOI : 10.1007/978-3-642-36563-8_15
Comparison study of aspectoriented and container managed security, Analysis of Aspect-Oriented Software, 2003. ,
Trustwave webdefend -web application firewall, 2011. ,
Sticky policies for data control in the cloud, 2012 Tenth Annual International Conference on Privacy, Security and Trust, pp.75-80, 2012. ,
DOI : 10.1109/PST.2012.6297922
Lockr, Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT '09, pp.169-180, 2009. ,
DOI : 10.1145/1658939.1658959
Enabling web object orientation with mobile devices, Proceedings of the 6th International Conference on Mobile Technology, Application & Systems, Mobility '09, 2009. ,
DOI : 10.1145/1710035.1710047
Applying aspect-oriented programming to security, Cutter IT Journal, vol.14, pp.31-39, 2001. ,
ITS4: a static vulnerability scanner for C and C++ code, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), p.257, 2000. ,
DOI : 10.1109/ACSAC.2000.898880
Cross site scripting prevention with dynamic data tainting and static analysis, 2007. ,
Engineering application-level security through aspect-oriented software development, 2004. ,
DADO: enhancing middleware to support crosscutting features in distributed, heterogeneous systems, 25th International Conference on Software Engineering, 2003. Proceedings., pp.174-186, 2003. ,
DOI : 10.1109/ICSE.2003.1201198
Security and aspects: A metaobject protocol viewpoint, First AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (AOSD-2002), 2002. ,
An analysis framework for security in web applications, Proc. FSE Workshop on Specification and Verification of Component-Based Systems, SAVCBS'04, pp.70-78, 2004. ,
Sound and precise analysis of web applications for injection vulnerabilities, Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pp.32-41, 2007. ,
Static detection of cross-site scripting vulnerabilities, Proceedings of the 13th international conference on Software engineering , ICSE '08, pp.171-180, 2008. ,
DOI : 10.1145/1368088.1368112
A framework for flexible evolution in distributed heterogeneous systems, Proceedings of the international workshop on Principles of software evolution , IWPSE '02, pp.39-42, 2002. ,
DOI : 10.1145/512035.512045
Static detection of security vulnerabilities in scripting languages, Proceedings of the 15th conference on USENIX Security Symposium, 2006. ,
ASIDE, Proceedings of the 27th Annual Computer Security Applications Conference on, ACSAC '11, pp.267-276, 2011. ,
DOI : 10.1145/2076732.2076770
Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces, Lecture Notes in Computer Science, vol.46, issue.1-2, pp.202-218, 2011. ,
DOI : 10.1016/S0167-6423(02)00090-4
Automating Privacy Enforcement in Cloud Platforms, 7th International Workshop on Data Privacy Management, p.2012 ,
DOI : 10.1007/978-3-642-35890-6_12