A HIGH-LEVEL ASPECT-ORIENTED BASED LANGUAGE FOR SOFTWARE SECURITY HARDENING

Azzam Mourad, Marc-André Laverdière, Mourad Debbabi

Abstract

In this paper, we propose an aspect-oriented language, called SHL (Security Hardening Language), for specifying systematically the security hardening solutions. This language constitutes our new achievement towards developing our security hardening framework. SHL allows the description and specification of security hardening plans and patterns that are used to harden systematically security into the code. It is a minimalist language built on top of the current aspect-oriented technologies that are based on advice-poincut model and can also be used in conjunction with them. The primary contribution of this approach is providing the security architects with the capabilities to perform security hardening of software by applying well-defined solution and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. We explore the viability and relevance of our proposition by applying it into a case study and presenting the experimental results of securing the connections of open source software.

References

  1. Bodkin, R. (2004). Enterprise security aspects. http://citeseer.ist.psu.edu/702193.html (Accessed April 2007).
  2. Bollert, K. (1999). On weaving aspects. In International Workshop on Aspect-Oriented Programming at ECOOP99.
  3. Cigital Labs (2003). An aspect-oriented security assurance solution. Technical Report AFRL-IF-RS-TR-2003- 254.
  4. Coady, Y., Kiczales, G., Feeley, M., and Smolyn, G. (2001). Using aspectc to improve the modularity of pathspecific customization in operating system code. In Proceedings of Foundations of software Engineering, Vienne, Austria.
  5. DeWin, B. (2004). Engineering Application Level Security through Aspect Oriented Software Development. PhD thesis, Katholieke Universiteit Leuven.
  6. Huang, M., Wang, C., and Zhang, L. (2004). Toward a reusable and generic security aspect library. In AOSD:AOSDSEC 04: AOSD Technology for Application level Security.
  7. Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., and Griswold, W. (2001). Overview of aspectj. In Proceedings of the 15th European Conference ECOOP 2001, Budapest, Hungary. Springer Verlag.
  8. Kim, H. (2002). An aosd implementation for c#. Technical Report TCD-CS2002-55, Department of Computer Science, Trinity College, Dublin.
  9. Mourad, A., Laverdière, M.-A., and Debbabi, M. (2007). Towards an aspect oriented approach for the security hardening of code. In Proceedings of the 21st IEEE International Conference on Advanced Information Networking and Applications, SSNDS Symposium, (AINA 07), Niagara, ON, Canada. IEEE.
  10. Spinczyk, O., Gal, A., and chroder Preikschat, W. (2002). Aspectc++: An aspect-oriented extension to c++. In Proceedings of the 40th International Conference on Technology of Object-Oriented Languages and Systems, Sydney, Australia.
Download


Paper Citation


in Harvard Style

Mourad A., Laverdière M. and Debbabi M. (2007). A HIGH-LEVEL ASPECT-ORIENTED BASED LANGUAGE FOR SOFTWARE SECURITY HARDENING . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 363-370. DOI: 10.5220/0002128403630370


in Bibtex Style

@conference{secrypt07,
author={Azzam Mourad and Marc-André Laverdière and Mourad Debbabi},
title={A HIGH-LEVEL ASPECT-ORIENTED BASED LANGUAGE FOR SOFTWARE SECURITY HARDENING},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={363-370},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002128403630370},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - A HIGH-LEVEL ASPECT-ORIENTED BASED LANGUAGE FOR SOFTWARE SECURITY HARDENING
SN - 978-989-8111-12-8
AU - Mourad A.
AU - Laverdière M.
AU - Debbabi M.
PY - 2007
SP - 363
EP - 370
DO - 10.5220/0002128403630370