Authors:
Hieu Dinh Vo
and
Masato Suzuki
Affiliation:
School of Information Science, Japan Advanced Institute of Science and Technology, Japan
Keyword(s):
J2EE, EJB, component-based, security, business functions.
Related
Ontology
Subjects/Areas/Topics:
B2B, B2C and C2C
;
B2C/B2B Considerations
;
Business and Social Applications
;
Communication and Software Technologies and Architectures
;
Databases and Information Systems Integration
;
e-Business
;
Enterprise Information Systems
;
Enterprise-Wide Client-Server Architecture
;
Formal Methods
;
Information Systems Analysis and Specification
;
Methodologies and Technologies
;
Operational Research
;
Security
;
Simulation and Modeling
;
Society, e-Business and e-Government
;
Software Agents and Internet Computing
;
Web Information Systems and Technologies
Abstract:
Enterprise JavaBeans (EJB) components in an EJB application can be obtained from various sources. These components may be in-house developed or bought from other vendors. In the latter case, the source code of the components is usually not available to application developers. The result is that the application may contain malicious components. We propose a framework called BFSec that protects EJB applications from vicious components. The framework examines bean methods invoked by each thread in applications and compares them with pre-defined business functions to check whether the latest calls of threads are proper. Unexpected calls, which are considered to be made by malicious components, will be blocked.